ESET Protect: POTENTIALLY UNSAFE APPLICATIONS finds EFI/CompuTrace.A

[Dud3 0]

Hello,

i already googled and searched in the forum for a solution but could not find any.

 

Since weeks our weekly deep scan on our clients is finding the "EFI/CompuTrace.A"  as an POTENTIALLY UNSAFE APPLICATIONS.

This is not the case this is a a false detection.

I also tried some suggestions from this articel: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

 

The main problem i have is that i create exclusions for the detection and every week i got thousands of findings for this error.

When i got an finding i login on the eset protect server -> go to "Detections" -> select the EFI/Computrace findings->Actions -> create Exlusion-> i Tried all 3 options an the target for the exclusions is always "all" .

 

But i still receive thousands of detections every time the deep scan is running.

 

Deactivating the POTENTIALLY UNSAFE APPLICATIONS scan is not an option.

 

How do i fix this problem? 

 

Kind Regards

[Marcos 5,082]

Please provide logs collected with ESET Log Collector so that we can check your detection exclusions.

[itman 1,662]

1 hour ago, Dud3 said:

I also tried some suggestions from this articel: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

Did you try the file hash exclusion?

[Dud3 0]

@itman 

Yes i tried all 3 options (see screenshot)

 

When i check via ESET Protect the client details of my laptop is the all the exclusions.

 

Attached i uploaded the log files collected via ESET Log Collector

ees_logs.zip

 

[itman 1,662]

One possibility is how you have configured Eset scan parameters. Refer to below screen shot. By default, Eset uses Real-time settings for its off-line scanning. If that setting is disabled, I suspect that Real-time exclusions are no longer in effect pertaining to off-line scanning.

Edited August 25, 2021 by itman

[Marcos 5,082]

Since you have almost 1600 exclusions, I'd recommend:

- removing all exclusions in the ESET PROTECT console -> Exclusions
- excluding EFI/ComputerTrace via the Detections panel as follows:

f necessary to exclude Ntool.Netcat (was excluded incorrectly), please do it like above too, ie. from the Detections window -> Create exclusion and then choose the 3rd option "Detection".

 

[Dud3 0]

ok, i deleted all the exclusion and created one new exclusion as described by Marcos.

 

i will watch this the days and give you feedback about the outcome

 

 

[Dud3 0]

Today i received about 500 notifications from ESET about potentially unsafe applications with EFI/CompuTrace.A 

What else can i do or check?

 

[Dud3 0]

@Marcos during the past few days i created 8 exclusions and i still get several hundred notifications per day

 

all these are exclusions via "detection" as described by you

 

 

do you have a idea what else i can try?

[itman 1,662]

Might be time to do what is recommended at the end of the Eset KB article on this subject:

Quote

If you are still unable to resolve your issue, email ESET Technical Support.

[Dud3 0]

@itman yes good idea its time for this step ... 

[Marcos 5,082]

On the computer from which you provided ELC logs all on-demand scan logs have zero number of detections so it looks like the detection exclusion for "EFI/CompuTrace.A" works there.

When running an on-demand scan, you have an option to ignore exclusions. Make sure it's disabled: