J Moya 0 Posted January 15, 2021 Share Posted January 15, 2021 Hi! I use Eset Anti-Theft since many years ago, so I am familiar with the phantom account scheme used by Eset. What I can't understand is why the phantom account is logging in each time I power on my computer. I get a daily email about suspicious activity because when I boot my computer on my standard user (say, "User1"), the phantom user (say, "UserFake") is logged in. Is it a bug? Is Windows 10 not logging off the accounts when you power off the computer? How can I close that user account without logging in it? Yours, José Spain. Link to comment Share on other sites More sharing options...
Erwin90 0 Posted January 18, 2021 Share Posted January 18, 2021 Hi, I have the same issue. Previously I did not pay attention to these emails as my girlfriend sometimes used the phantom account because it did not required a password, but now that she uses the main account as well these emails are still coming in. Both today and yesterday I received these suspicious activity emails while I'm 100% sure that only the main account was logged in. I hope this isn't some kind of hack where the phantom account is activated when the PC is turned on? Best regards, Erwin Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 183 Posted January 18, 2021 Most Valued Members Share Posted January 18, 2021 (edited) As your other account is password protected most probably , when you sign into the Phantom Account , this happens : Quote Logging into the Phantom Account when your computer is in normal state will cause a notification with information about suspicious activity on your computer to be sent to your email anytime that someone logs in to this account. After you receive the notification, you can decide if you want to mark the computer as missing. --- Quote Phantom Account is a form of guest account with limited permissions and it will be used as default system account until your device is marked recovered - preventing anyone from logging into other user accounts or accessing users data. The Phantom Account helps ESET Anti-Theft recover your lost or stolen computer by monitoring its location and usage. Edited January 18, 2021 by Nightowl Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted January 18, 2021 Administrators Share Posted January 18, 2021 Please carry on as follows: - enable advanced licensing and Anti-Theft logging in the adv. setup -> Tools -> Diagnostics - reproduce the issue - disable logging - collect logs with ESET Log Collector and provide the generated archive. Link to comment Share on other sites More sharing options...
J Moya 0 Posted January 18, 2021 Author Share Posted January 18, 2021 Hi, Marcos! I've acted as your post suggest. Before doing that, I've also also used the Anti-theft website to notify this computer is not lost (just in case the emails are being sent daily when no reply from user is detected). Then I activated the logging, powered off the computer, loggen on (as my password-protected user), disabled logging and then checked my email to make sure there was a new email from Eset Anti-Theft. Then I used Eset LogCollector to collect logs of almost all. I'm not very happy about publishing here such complete logs of my computer, since they will reveal ip address, hostname, users, and such. I'm adding almost all categories since there is no category called "Anti-theft" inside Eset LogCollector. Yours, José G. Spain. eis_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted January 18, 2021 Administrators Share Posted January 18, 2021 Attachments are available only to ESET staff so it's safe to upload logs here. I'll check your logs. Link to comment Share on other sites More sharing options...
Pug 2 Posted February 25, 2021 Share Posted February 25, 2021 I am having similar, not quite identical, experiences. I can attest to some occurrences due to my own errors in PC configuration, however, if there is documentation to read on ESET's phantom account, please advise? Link to comment Share on other sites More sharing options...
itman 1,510 Posted February 25, 2021 Share Posted February 25, 2021 39 minutes ago, Pug said: if there is documentation to read on ESET's phantom account, please advise? https://help.eset.com/antitheft/en-US/device_settings.html Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted February 25, 2021 Administrators Share Posted February 25, 2021 1 hour ago, Pug said: I am having similar, not quite identical, experiences. I can attest to some occurrences due to my own errors in PC configuration, however, if there is documentation to read on ESET's phantom account, please advise? Have you checked if the device is not marked as missing in the Anti-theft portal at my.eset.com? Link to comment Share on other sites More sharing options...
Pug 2 Posted February 26, 2021 Share Posted February 26, 2021 Yup. I had disabled the anti-theft at one point as well. I suspect that it's due to disc configuration or how my user folders are set up since I've also experienced my 2nd MS account, for my surface pro, load as my desktop environment. II'veread that document before but will take a 2nd look at it again, thanks! I don't feel it's anything malicious so I'll eventually get a handle on it. On a slightly separate topic, I've automatically set my client to submit samples at anytime. Looking back at it, there's been a good handful that's been submitted for analysis; from the boot and startup process. Any way to see results or a more detailed report of the results? Thank you for the time. Link to comment Share on other sites More sharing options...
Recommended Posts