Dud3 0 Posted August 25, 2021 Share Posted August 25, 2021 Hello, i already googled and searched in the forum for a solution but could not find any. Since weeks our weekly deep scan on our clients is finding the "EFI/CompuTrace.A" as an POTENTIALLY UNSAFE APPLICATIONS. This is not the case this is a a false detection. I also tried some suggestions from this articel: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection The main problem i have is that i create exclusions for the detection and every week i got thousands of findings for this error. When i got an finding i login on the eset protect server -> go to "Detections" -> select the EFI/Computrace findings->Actions -> create Exlusion-> i Tried all 3 options an the target for the exclusions is always "all" . But i still receive thousands of detections every time the deep scan is running. Deactivating the POTENTIALLY UNSAFE APPLICATIONS scan is not an option. How do i fix this problem? Kind Regards Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted August 25, 2021 Administrators Share Posted August 25, 2021 Please provide logs collected with ESET Log Collector so that we can check your detection exclusions. Link to comment Share on other sites More sharing options...
itman 1,748 Posted August 25, 2021 Share Posted August 25, 2021 1 hour ago, Dud3 said: I also tried some suggestions from this articel: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection Did you try the file hash exclusion? Link to comment Share on other sites More sharing options...
Dud3 0 Posted August 25, 2021 Author Share Posted August 25, 2021 @itman Yes i tried all 3 options (see screenshot) When i check via ESET Protect the client details of my laptop is the all the exclusions. Attached i uploaded the log files collected via ESET Log Collector ees_logs.zip Link to comment Share on other sites More sharing options...
itman 1,748 Posted August 25, 2021 Share Posted August 25, 2021 (edited) One possibility is how you have configured Eset scan parameters. Refer to below screen shot. By default, Eset uses Real-time settings for its off-line scanning. If that setting is disabled, I suspect that Real-time exclusions are no longer in effect pertaining to off-line scanning. Edited August 25, 2021 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted August 25, 2021 Administrators Share Posted August 25, 2021 Since you have almost 1600 exclusions, I'd recommend: - removing all exclusions in the ESET PROTECT console -> Exclusions - excluding EFI/ComputerTrace via the Detections panel as follows: f necessary to exclude Ntool.Netcat (was excluded incorrectly), please do it like above too, ie. from the Detections window -> Create exclusion and then choose the 3rd option "Detection". Link to comment Share on other sites More sharing options...
Dud3 0 Posted August 26, 2021 Author Share Posted August 26, 2021 ok, i deleted all the exclusion and created one new exclusion as described by Marcos. i will watch this the days and give you feedback about the outcome Link to comment Share on other sites More sharing options...
Dud3 0 Posted August 30, 2021 Author Share Posted August 30, 2021 Today i received about 500 notifications from ESET about potentially unsafe applications with EFI/CompuTrace.A What else can i do or check? Link to comment Share on other sites More sharing options...
Dud3 0 Posted September 8, 2021 Author Share Posted September 8, 2021 @Marcos during the past few days i created 8 exclusions and i still get several hundred notifications per day all these are exclusions via "detection" as described by you do you have a idea what else i can try? Link to comment Share on other sites More sharing options...
itman 1,748 Posted September 8, 2021 Share Posted September 8, 2021 Might be time to do what is recommended at the end of the Eset KB article on this subject: Quote If you are still unable to resolve your issue, email ESET Technical Support. Link to comment Share on other sites More sharing options...
Dud3 0 Posted September 9, 2021 Author Share Posted September 9, 2021 @itman yes good idea its time for this step ... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted September 10, 2021 Administrators Share Posted September 10, 2021 On the computer from which you provided ELC logs all on-demand scan logs have zero number of detections so it looks like the detection exclusion for "EFI/CompuTrace.A" works there. When running an on-demand scan, you have an option to ignore exclusions. Make sure it's disabled: itman 1 Link to comment Share on other sites More sharing options...
Recommended Posts