Jump to content

Club Pogo and selective games blocked by eset


Recommended Posts

  • Administrators

The detection will be changed to aggressive so it won't be detected unless you change the detection sensitivity threshold for suspicious applications.

Link to comment
Share on other sites

  • Administrators
5 minutes ago, Purpleroses said:

So when will the detection be changed to aggressive

It was changed a couple of hours ago.

Link to comment
Share on other sites

Thank you for your assistance.

So just to clarify, you said the sensativity was changed to aggressive but wouldn't that make false positives more likely (that's what it says in the settings).  Did you mean that it was changed to Cautious (which is the option down from balanced which appears to be the default)?

If so was this done on a global basis or just for the pogo website?  My settings still show as balanced detection but I can confirm that the games load now without issue or requiring exclusions.

Lastly does Eset contain a way that users can set detection sensitivity for specific sites?  I did look but couldn't find anything so that may be something that can only be done by Eset (or maybe can't be done at all).

Thank you again.

Link to comment
Share on other sites

  • Administrators
4 minutes ago, jpom18 said:

So just to clarify, you said the sensativity was changed to aggressive but wouldn't that make false positives more likely (that's what it says in the settings).  Did you mean that it was changed to Cautious (which is the option down from balanced which appears to be the default)?

The sensitivity level for the detection was changed to aggressive which means that with other sensitivity levels this detection will never be triggered.

4 minutes ago, jpom18 said:

If so was this done on a global basis or just for the pogo website?  My settings still show as balanced detection but I can confirm that the games load now without issue or requiring exclusions.

It was done for the detection itself, not for the website in question.

4 minutes ago, jpom18 said:

Lastly does Eset contain a way that users can set detection sensitivity for specific sites?  I did look but couldn't find anything so that may be something that can only be done by Eset (or maybe can't be done at all).

This is not possible and it doesn't make much sense either. If you would like this particular detection triggered with the exception of particular websites, you will be able to use detection exclusions like this:

image.png

Link to comment
Share on other sites

Interesting, I'm not sure I like the idea of the detection being excluded so that it will never be triggered but again I was not able to find anything on the .H variant of JS/Agent so I'm not sure exactly what it is.

Is there a way I am able to reset this now so that it would be detected again, just for testing purposes?  I would be curious to try your solution posted above, originally your posts said to add "https://cdn-*-prod.pogospike.com/*" to the exclusion and my assumption was that the wildcard at the end would cover any part of the address that came after.  However I can confirm that did not work and your post above now says to add "https://cdn-*-prod.pogospike.com/*/src/project.js" and I would be curious to see if that works.

Does the /* not include everything that comes after?  I have not had to use wildcards in Eset before so maybe there is a limitation to them that I am unaware of.

Thank you again.

 

Link to comment
Share on other sites

  • Administrators

JS/Packed.Agent is a detection of a specific packer / obfuscator. It has been seen to be misused by malware or adware to evade detection, however, it may be sometimes also used on legitimate websites, hence the detection as a suspicious applications.

JS/Packed.Agent.H is now detected if you select "aggressive" level for suspicious applications:

image.png

 

Quote

Does the /* not include everything that comes after? 

It does, however, the more specific exclusion you create the more safer it is. Since detected files were always on URLs ending with "/src/project.js", I've used this part of the path to make the exclusion more specific.

Link to comment
Share on other sites

17 hours ago, Marcos said:

JS/Packed.Agent is a detection of a specific packer / obfuscator. It has been seen to be misused by malware or adware to evade detection, however, it may be sometimes also used on legitimate websites, hence the detection as a suspicious applications.

JS/Packed.Agent.H is now detected if you select "aggressive" level for suspicious applications:

image.png

 

It does, however, the more specific exclusion you create the more safer it is. Since detected files were always on URLs ending with "/src/project.js", I've used this part of the path to make the exclusion more specific.

Okay, I understand now.  Thank you for the explanation.

That said I can confirm that your suggestion to exclude the package along with limiting to the URL does not work.  I currently have the following exclusion:

image.png.9b6be6935cf5ce8ec18ecbaf3f380d3b.png

and when launching the game that was just excluded I see:

image.png.df4ee3cfa136d27896d49331e6cf48a7.png

and in the logs:

image.png.e2b3a500d90fc03cd978f147e8843100.png

It doesn't really matter at this point since it is no longer detected unless set to aggressive so just FYI.

 

Thank you

image.png

Link to comment
Share on other sites

As of Wednesday, EA has corrected the problem.  I did not make any changes to my eset console excluding pogo as recommended when I submitted my elog collector to technical support.  Instead after contacting EA I decided to wait it out.  Sure enough,  EA tech finally came through and maintenance night got the malware removed from the site.  I posted this news in the pogo forums.  I wanted to make sure everyone here was aware of the change.   Thank you  Marcos for your excellent advice and direction.  cam

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...