Jump to content

Phantom account is logging in each time I boot my computer


Recommended Posts

Hi!

I use Eset Anti-Theft since many years ago, so I am familiar with the phantom account scheme used by Eset.

What I can't understand is why the phantom account is logging in each time I power on my computer. I get a daily email about suspicious activity because when I boot my computer on my standard user (say, "User1"), the phantom user (say, "UserFake") is logged in.

Is it a bug? Is Windows 10 not logging off the accounts when you power off the computer?

How can I close that user account without logging in it?

Yours,

 

José

Spain.

Link to post
Share on other sites

Hi,

I have the same issue. Previously I did not pay attention to these emails as my girlfriend sometimes used the phantom account because it did not required a password, but now that she uses the main account as well these emails are still coming in. Both today and yesterday I received these suspicious activity emails while I'm 100% sure that only the main account was logged in.

I hope this isn't some kind of hack where the phantom account is activated when the PC is turned on?

 

Best regards,

Erwin

Link to post
Share on other sites
  • Most Valued Members

As your other account is password protected most probably , when you sign into the Phantom Account , this happens :

Quote

Logging into the Phantom Account when your computer is in normal state will cause a notification with information about suspicious activity on your computer to be sent to your email anytime that someone logs in to this account. After you receive the notification, you can decide if you want to mark the computer as missing.

---

Quote

Phantom Account is a form of guest account with limited permissions and it will be used as default system account until your device is marked recovered - preventing anyone from logging into other user accounts or accessing users data. The Phantom Account helps ESET Anti-Theft recover your lost or stolen computer by monitoring its location and usage.

 

Edited by Nightowl
Link to post
Share on other sites
  • Administrators

Please carry on as follows:
- enable advanced licensing and Anti-Theft logging in the adv. setup -> Tools -> Diagnostics
- reproduce the issue
- disable logging
- collect logs with ESET Log Collector and provide the generated archive.

Link to post
Share on other sites

Hi, Marcos!

I've acted as your post suggest. Before doing that, I've also also used the Anti-theft website to notify this computer is not lost (just in case the emails are being sent daily when no reply from user is detected).

Then I activated the logging, powered off the computer, loggen on (as my password-protected user), disabled logging and then checked my email to make sure there was a new email from Eset Anti-Theft.

Then I used Eset LogCollector to collect logs of almost all. 

I'm not very happy about publishing here such complete logs of my computer, since they will reveal ip address, hostname, users, and such. 

I'm adding almost all categories since there is no category called "Anti-theft" inside Eset LogCollector.

Yours,

José G.

Spain.

 

 

 

eis_logs.zip

Link to post
Share on other sites
  • 1 month later...

I am having similar, not quite identical, experiences. I can attest to some occurrences due to my own errors in PC configuration, however, if there is documentation to read on ESET's phantom account, please advise?

Link to post
Share on other sites
  • Administrators
1 hour ago, Pug said:

I am having similar, not quite identical, experiences. I can attest to some occurrences due to my own errors in PC configuration, however, if there is documentation to read on ESET's phantom account, please advise?

Have you checked if the device is not marked as missing in the Anti-theft portal at my.eset.com?

Link to post
Share on other sites

Yup. I had disabled the anti-theft at one point as well. I suspect that it's due to disc configuration or how my user folders are set up since I've also experienced my 2nd MS account, for my surface pro, load as my desktop environment. II'veread that document before but will take a 2nd look at it again, thanks! I don't feel it's anything malicious so I'll eventually get a handle on it.

 

On a slightly separate topic, I've automatically set my client to submit samples at anytime. Looking back at it, there's been a good handful that's been submitted for analysis; from the boot and startup process. Any way to see results or a more detailed report of the results?

 

Thank you for the time.

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...