eclipse79 4 Posted April 7, 2022 Share Posted April 7, 2022 Hello I recently set Eset to report Potentially Unsafe Application to Aggressive level. It detects 2 items in one of my clients: Hash 88329937BD250FAE619BE31D16F1336A12854C29 Nome EFI/CompuTrace.A Tipo di rilevamento Applicazione potenzialmente pericolosa Tipo di oggetto file Uniform Resource Identifier (URI) file://///Uefi Partition Nome processo C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe Hash C6829973D3B488D1A55D3C8FE4708F7A388C5292 Nome EFI/CompuTrace.A Tipo di rilevamento Applicazione potenzialmente pericolosa Tipo di oggetto file Uniform Resource Identifier (URI) file://///Uefi Partition/uefi:\\Volume 1\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\FjComputraceComponents Nome processo C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe Do you think it should be a false positive? Thanks Link to comment Share on other sites More sharing options...
ESET Staff IggyPop 22 Posted April 7, 2022 ESET Staff Share Posted April 7, 2022 (edited) Hi, if you are unsure if it should be the false positive I would recommend sending it to the samples@eset.com as a possible FP and asking them if it is a false positive or if not. But before doing that I would recommend checking out following KB article - https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab or another article which could be benefitial to you. Thanks. Iggy Edited April 7, 2022 by IggyPop Link to comment Share on other sites More sharing options...
ESET Moderators Solution Peter Randziak 1,160 Posted April 7, 2022 ESET Moderators Solution Share Posted April 7, 2022 Hello @eclipse79, I would also recommend to check this KB article covering the topic... https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection Peter Link to comment Share on other sites More sharing options...
BrianMorris 15 Posted April 7, 2022 Share Posted April 7, 2022 here’s an interesting comment: https://www.dell.com/community/Virus-Spyware/UEFI-infiltration-found-by-ESET/td-p/6191946 ”CompuTrace is a commercial product that is embedded into firmware to help people recover stolen laptops. Doing that requires it to exhibit some virus-like behavior, such as phoning home, and it can also be used to remotely wipe the system since some companies might want to do that if their laptops are stolen. But before you can do any of that, you first have to activate your system's CompuTrace instance. Dell includes the actual application in the firmware, but it doesn't do anything until it's activated. If you haven't yet activated it, you also have the option of deactivating it, but if you do that you will NEVER be able to reactivate it. And if you've already activated it, I believe it can never be fully deactivated.” Peter Randziak 1 Link to comment Share on other sites More sharing options...
eclipse79 4 Posted April 7, 2022 Author Share Posted April 7, 2022 4 minutes ago, BrianMorris said: here’s an interesting comment: https://www.dell.com/community/Virus-Spyware/UEFI-infiltration-found-by-ESET/td-p/6191946 ”CompuTrace is a commercial product that is embedded into firmware to help people recover stolen laptops. Doing that requires it to exhibit some virus-like behavior, such as phoning home, and it can also be used to remotely wipe the system since some companies might want to do that if their laptops are stolen. But before you can do any of that, you first have to activate your system's CompuTrace instance. Dell includes the actual application in the firmware, but it doesn't do anything until it's activated. If you haven't yet activated it, you also have the option of deactivating it, but if you do that you will NEVER be able to reactivate it. And if you've already activated it, I believe it can never be fully deactivated.” Thank you! Link to comment Share on other sites More sharing options...
PMIadmin 0 Posted June 2, 2022 Share Posted June 2, 2022 Computrace can be removed in the BIOS. Its called Computrace Lojack, its legit. Link to comment Share on other sites More sharing options...
Recommended Posts