Jump to content

Phantom account is logging in each time I boot my computer


Recommended Posts

Hi!

I use Eset Anti-Theft since many years ago, so I am familiar with the phantom account scheme used by Eset.

What I can't understand is why the phantom account is logging in each time I power on my computer. I get a daily email about suspicious activity because when I boot my computer on my standard user (say, "User1"), the phantom user (say, "UserFake") is logged in.

Is it a bug? Is Windows 10 not logging off the accounts when you power off the computer?

How can I close that user account without logging in it?

Yours,

 

José

Spain.

Link to comment
Share on other sites

Hi,

I have the same issue. Previously I did not pay attention to these emails as my girlfriend sometimes used the phantom account because it did not required a password, but now that she uses the main account as well these emails are still coming in. Both today and yesterday I received these suspicious activity emails while I'm 100% sure that only the main account was logged in.

I hope this isn't some kind of hack where the phantom account is activated when the PC is turned on?

 

Best regards,

Erwin

Link to comment
Share on other sites

  • Most Valued Members

As your other account is password protected most probably , when you sign into the Phantom Account , this happens :

Quote

Logging into the Phantom Account when your computer is in normal state will cause a notification with information about suspicious activity on your computer to be sent to your email anytime that someone logs in to this account. After you receive the notification, you can decide if you want to mark the computer as missing.

---

Quote

Phantom Account is a form of guest account with limited permissions and it will be used as default system account until your device is marked recovered - preventing anyone from logging into other user accounts or accessing users data. The Phantom Account helps ESET Anti-Theft recover your lost or stolen computer by monitoring its location and usage.

 

Edited by Nightowl
Link to comment
Share on other sites

  • Administrators

Please carry on as follows:
- enable advanced licensing and Anti-Theft logging in the adv. setup -> Tools -> Diagnostics
- reproduce the issue
- disable logging
- collect logs with ESET Log Collector and provide the generated archive.

Link to comment
Share on other sites

Hi, Marcos!

I've acted as your post suggest. Before doing that, I've also also used the Anti-theft website to notify this computer is not lost (just in case the emails are being sent daily when no reply from user is detected).

Then I activated the logging, powered off the computer, loggen on (as my password-protected user), disabled logging and then checked my email to make sure there was a new email from Eset Anti-Theft.

Then I used Eset LogCollector to collect logs of almost all. 

I'm not very happy about publishing here such complete logs of my computer, since they will reveal ip address, hostname, users, and such. 

I'm adding almost all categories since there is no category called "Anti-theft" inside Eset LogCollector.

Yours,

José G.

Spain.

 

 

 

eis_logs.zip

Link to comment
Share on other sites

  • Administrators

Attachments are available only to ESET staff so it's safe to upload logs here. I'll check your logs.

Link to comment
Share on other sites

  • 1 month later...

I am having similar, not quite identical, experiences. I can attest to some occurrences due to my own errors in PC configuration, however, if there is documentation to read on ESET's phantom account, please advise?

Link to comment
Share on other sites

  • Administrators
1 hour ago, Pug said:

I am having similar, not quite identical, experiences. I can attest to some occurrences due to my own errors in PC configuration, however, if there is documentation to read on ESET's phantom account, please advise?

Have you checked if the device is not marked as missing in the Anti-theft portal at my.eset.com?

Link to comment
Share on other sites

Yup. I had disabled the anti-theft at one point as well. I suspect that it's due to disc configuration or how my user folders are set up since I've also experienced my 2nd MS account, for my surface pro, load as my desktop environment. II'veread that document before but will take a 2nd look at it again, thanks! I don't feel it's anything malicious so I'll eventually get a handle on it.

 

On a slightly separate topic, I've automatically set my client to submit samples at anytime. Looking back at it, there's been a good handful that's been submitted for analysis; from the boot and startup process. Any way to see results or a more detailed report of the results?

 

Thank you for the time.

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...