Jump to content

Eset File Security PDF/Phishing.A.Gen

HSS77

By HSS77
in Malware Finding and Cleaning

 Share

Recommended Posts

HSS77

HSS77 2

Posted
Posted

Eset scan found that of flight ticket PDF from June 2018. Also real time protection found it later when I tried to remove it back for sending  to Eset for check.

12.8.2020 9.12.28    Reaaliaikainen tiedostojärjestelmän suojaus    tiedosto    /Users/xxxx/Downloads/eticket-WWOHPM.pdf    PDF/Phishing.A.Gen troijalainen    puhdistettiin poistamalla    xxxxx    Tiedostoa avattaessa ilmeni ongelma. Sovellus: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock (7C4BCE5A91D672E0B536F081947520167982C751).    A94A42DCFB82064F3BCBBFCDFEE1EA0C573634E5     6. 6.2018 22:22:00
 

Eset Cyber Security for Mac, Update version: 21808

Eset Live Grid seems to be off at the moment so cannot send the file. When I try to put the file back to the folder, Eset automatically quarantines it so impossible to send it at the moment.

Is there some false positives causing in the newest version? 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,085

Posted
  • Administrators
Posted

Please submit the file in an archive encrypted with the password "infected" to samples[at]eset.com and with a link to this topic. It can be FP but also it could be that a url in the pdf points to a website that has been compromised and contains phishing.

Link to comment
Share on other sites
HSS77

HSS77 2

Posted
  • Author
Posted
5 minutes ago, Marcos said:

Please submit the file in an archive encrypted with the password "infected" to samples[at]eset.com and with a link to this topic. It can be FP but also it could be that a url in the pdf points to a website that has been compromised and contains phishing.

How can I get the file back? Every time I try to restore it to folder it gets automatically quarantined.

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 205

Posted
  • Most Valued Members
Posted
13 minutes ago, HSS77 said:

Eset scan found that of flight ticket PDF from June 2018. Also real time protection found it later when I tried to remove it back for sending  to Eset for check.

12.8.2020 9.12.28    Reaaliaikainen tiedostojärjestelmän suojaus    tiedosto    /Users/xxxx/Downloads/eticket-WWOHPM.pdf    PDF/Phishing.A.Gen troijalainen    puhdistettiin poistamalla    xxxxx    Tiedostoa avattaessa ilmeni ongelma. Sovellus: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock (7C4BCE5A91D672E0B536F081947520167982C751).    A94A42DCFB82064F3BCBBFCDFEE1EA0C573634E5     6. 6.2018 22:22:00
 

Eset Cyber Security for Mac, Update version: 21808

Eset Live Grid seems to be off at the moment so cannot send the file. When I try to put the file back to the folder, Eset automatically quarantines it so impossible to send it at the moment.

Is there some false positives causing in the newest version? 

Try to have the Live Grid enabled ( Reputation not Submission I mean ) It may change the detection result , as it was offline , AI will act different.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,085

Posted
  • Administrators
Posted

You can temporarily pause real-time protection. Also make sure that you have the LiveGrid feedback system enabled since we have not received the file via LG yet.

Link to comment
Share on other sites
HSS77

HSS77 2

Posted
  • Author
Posted
16 minutes ago, Nightowl said:

Try to have the Live Grid enabled ( Reputation not Submission I mean ) It may change the detection result , as it was offline , AI will act different.

I have it enabled and its showing grey. When trying to send it says "Sending Suspicious files is not in use at the moment" (In Finnish)  When I try to open settings it ask for username and pw. The ones I got when paying the subscription are not working. I mean username EAV.... 

Saying "franchise" user username or pw is wrong. My wifes laptop is the "admin" user or something similar. 

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 205

Posted
  • Most Valued Members
Posted
15 minutes ago, HSS77 said:

I have it enabled and its showing grey. When trying to send it says "Sending Suspicious files is not in use at the moment" (In Finnish)  When I try to open settings it ask for username and pw. The ones I got when paying the subscription are not working. I mean username EAV.... 

Saying "franchise" user username or pw is wrong. My wifes laptop is the "admin" user or something similar. 

It seems your ESET isn't happy about the license details it have that's why it's not making submissions to Livegrid.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,085

Posted
  • Administrators
Posted

The license is ok. If you have EAV settings protected with a password, you should get the following prompt when attempting to open advanced setup:

image.png

Link to comment
Share on other sites
HSS77

HSS77 2

Posted
  • Author
Posted
4 minutes ago, Nightowl said:

It seems your ESET isn't happy about the license details it have that's why it's not making submissions to Livegrid.

I checked myEset.com. It shows my laptop activated as well and I'm gettin updates etc normally. My wifes laptop is the "admin" user, I would need username and pw to make changes (like remove realtime protection) but the ones I got when subscribing are not working. Any ideas how to get the working login details pls?

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 205

Posted
  • Most Valued Members
Posted
3 minutes ago, HSS77 said:

I checked myEset.com. It shows my laptop activated as well and I'm gettin updates etc normally. My wifes laptop is the "admin" user, I would need username and pw to make changes (like remove realtime protection) but the ones I got when subscribing are not working. Any ideas how to get the working login details pls?

That's administrative permissions , it is related to Windows not ESET, That's what you mean if I am not mistaken.

Link to comment
Share on other sites
HSS77

HSS77 2

Posted
  • Author
Posted
4 minutes ago, Nightowl said:

That's administrative permissions , it is related to Windows not ESET, That's what you mean if I am not mistaken.

Hah, thanks. Just different than usual MacOS admin user details box. Managed now to change the settings and allow file sending to be analysed from the quarantine. I hope the file is sent now, can someone confirm please. 

Great stuff, many thanks for the help so far!

Link to comment
Share on other sites
HSS77

HSS77 2

Posted
  • Author
Posted
1 hour ago, Marcos said:

You can temporarily pause real-time protection. Also make sure that you have the LiveGrid feedback system enabled since we have not received the file via LG yet.

Tried sending now as was able to allow it again. Thanks. 

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 205

Posted
  • Most Valued Members
Posted
20 minutes ago, HSS77 said:

Hah, thanks. Just different than usual MacOS admin user details box. Managed now to change the settings and allow file sending to be analysed from the quarantine. I hope the file is sent now, can someone confirm please. 

Great stuff, many thanks for the help so far!

Argh didn't notice that was MacOS , Glad you sorted it out. :)

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,085

Posted
  • Administrators
Posted

The FP was fixed more than an hour ago, it should not be detected when scanned on your machine. VT doesn't leverage LiveGrid, hence it's still shows the file as detected.

Link to comment
Share on other sites
HSS77

HSS77 2

Posted
  • Author
Posted
Just now, Marcos said:

The FP was fixed more than an hour ago, it should not be detected when scanned on your machine. VT doesn't leverage LiveGrid, hence it's still shows the file as detected.

Yes, was able to scan the file now and no threats found on that file. Glad it was FP and great help from this forum. Thanks a lot everyone!

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...