Jump to content

ESET Protect: POTENTIALLY UNSAFE APPLICATIONS finds EFI/CompuTrace.A


Dud3
 Share

Recommended Posts

Hello,

i already googled and searched in the forum for a solution but could not find any.

 

Since weeks our weekly deep scan on our clients is finding the "EFI/CompuTrace.A"  as an POTENTIALLY UNSAFE APPLICATIONS.

This is not the case this is a a false detection.

I also tried some suggestions from this articel: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

 

The main problem i have is that i create exclusions for the detection and every week i got thousands of findings for this error.

When i got an finding i login on the eset protect server -> go to "Detections" -> select the EFI/Computrace findings->Actions -> create Exlusion-> i Tried all 3 options an the target for the exclusions is always "all" .

 

But i still receive thousands of detections every time the deep scan is running.

 

Deactivating the POTENTIALLY UNSAFE APPLICATIONS scan is not an option.

 

How do i fix this problem? 

 

Kind Regards

Link to comment
Share on other sites

One possibility is how you have configured Eset scan parameters. Refer to below screen shot. By default, Eset uses Real-time settings for its off-line scanning. If that setting is disabled, I suspect that Real-time exclusions are no longer in effect pertaining to off-line scanning.

Eset_Scan.thumb.png.584455ac6b66b0586f53676e41a568dc.png

Edited by itman
Link to comment
Share on other sites

  • Administrators

Since you have almost 1600 exclusions, I'd recommend:

- removing all exclusions in the ESET PROTECT console -> Exclusions
- excluding EFI/ComputerTrace via the Detections panel as follows:

f necessary to exclude Ntool.Netcat (was excluded incorrectly), please do it like above too, ie. from the Detections window -> Create exclusion and then choose the 3rd option "Detection".

 

image.png

Link to comment
Share on other sites

ok, i deleted all the exclusion and created one new exclusion as described by Marcos.

 

i will watch this the days and give you feedback about the outcome

 

 

Link to comment
Share on other sites

Today i received about 500 notifications from ESET about potentially unsafe applications with EFI/CompuTrace.A 

What else can i do or check?

 

Link to comment
Share on other sites

  • 2 weeks later...

@Marcos during the past few days i created 8 exclusions and i still get several hundred notifications per day

 

all these are exclusions via "detection" as described by you

 image.png.af4dcb7811da911467508a1f5711f6ed.png

 

do you have a idea what else i can try?

Link to comment
Share on other sites

  • Administrators

On the computer from which you provided ELC logs all on-demand scan logs have zero number of detections so it looks like the detection exclusion for "EFI/CompuTrace.A" works there.

When running an on-demand scan, you have an option to ignore exclusions. Make sure it's disabled:

image.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...