Club Pogo and selective games blocked by eset

[Marcos 5,072]

The detection will be changed to aggressive so it won't be detected unless you change the detection sensitivity threshold for suspicious applications.

[Purpleroses 21]

So when will the detection be changed to aggressive

[Marcos 5,072]

5 minutes ago, Purpleroses said:

So when will the detection be changed to aggressive

It was changed a couple of hours ago.

[Purpleroses 21]

Thanks Marcos

[jpom18 0]

Thank you for your assistance.

So just to clarify, you said the sensativity was changed to aggressive but wouldn't that make false positives more likely (that's what it says in the settings).  Did you mean that it was changed to Cautious (which is the option down from balanced which appears to be the default)?

If so was this done on a global basis or just for the pogo website?  My settings still show as balanced detection but I can confirm that the games load now without issue or requiring exclusions.

Lastly does Eset contain a way that users can set detection sensitivity for specific sites?  I did look but couldn't find anything so that may be something that can only be done by Eset (or maybe can't be done at all).

Thank you again.

[Marcos 5,072]

4 minutes ago, jpom18 said:

So just to clarify, you said the sensativity was changed to aggressive but wouldn't that make false positives more likely (that's what it says in the settings).  Did you mean that it was changed to Cautious (which is the option down from balanced which appears to be the default)?

The sensitivity level for the detection was changed to aggressive which means that with other sensitivity levels this detection will never be triggered.

4 minutes ago, jpom18 said:

If so was this done on a global basis or just for the pogo website?  My settings still show as balanced detection but I can confirm that the games load now without issue or requiring exclusions.

It was done for the detection itself, not for the website in question.

4 minutes ago, jpom18 said:

Lastly does Eset contain a way that users can set detection sensitivity for specific sites?  I did look but couldn't find anything so that may be something that can only be done by Eset (or maybe can't be done at all).

This is not possible and it doesn't make much sense either. If you would like this particular detection triggered with the exception of particular websites, you will be able to use detection exclusions like this:

[jpom18 0]

Interesting, I'm not sure I like the idea of the detection being excluded so that it will never be triggered but again I was not able to find anything on the .H variant of JS/Agent so I'm not sure exactly what it is.

Is there a way I am able to reset this now so that it would be detected again, just for testing purposes?  I would be curious to try your solution posted above, originally your posts said to add "https://cdn-*-prod.pogospike.com/*" to the exclusion and my assumption was that the wildcard at the end would cover any part of the address that came after.  However I can confirm that did not work and your post above now says to add "https://cdn-*-prod.pogospike.com/*/src/project.js" and I would be curious to see if that works.

Does the /* not include everything that comes after?  I have not had to use wildcards in Eset before so maybe there is a limitation to them that I am unaware of.

Thank you again.

 

[Marcos 5,072]

JS/Packed.Agent is a detection of a specific packer / obfuscator. It has been seen to be misused by malware or adware to evade detection, however, it may be sometimes also used on legitimate websites, hence the detection as a suspicious applications.

JS/Packed.Agent.H is now detected if you select "aggressive" level for suspicious applications:

 

Quote

Does the /* not include everything that comes after? 

It does, however, the more specific exclusion you create the more safer it is. Since detected files were always on URLs ending with "/src/project.js", I've used this part of the path to make the exclusion more specific.

[jpom18 0]

17 hours ago, Marcos said:

JS/Packed.Agent is a detection of a specific packer / obfuscator. It has been seen to be misused by malware or adware to evade detection, however, it may be sometimes also used on legitimate websites, hence the detection as a suspicious applications.

JS/Packed.Agent.H is now detected if you select "aggressive" level for suspicious applications:

 

It does, however, the more specific exclusion you create the more safer it is. Since detected files were always on URLs ending with "/src/project.js", I've used this part of the path to make the exclusion more specific.

Okay, I understand now.  Thank you for the explanation.

That said I can confirm that your suggestion to exclude the package along with limiting to the URL does not work.  I currently have the following exclusion:

and when launching the game that was just excluded I see:

and in the logs:

It doesn't really matter at this point since it is no longer detected unless set to aggressive so just FYI.

 

Thank you

[Brple54 0]

As of Wednesday, EA has corrected the problem.  I did not make any changes to my eset console excluding pogo as recommended when I submitted my elog collector to technical support.  Instead after contacting EA I decided to wait it out.  Sure enough,  EA tech finally came through and maintenance night got the malware removed from the site.  I posted this news in the pogo forums.  I wanted to make sure everyone here was aware of the change.   Thank you  Marcos for your excellent advice and direction.  cam