Jump to content

Potentially unsafe application detected on UEFI

eclipse79

By eclipse79
in ESET PROTECT Cloud

 Share
Go to solution Solved by Peter Randziak,

Recommended Posts

eclipse79

eclipse79 4

Posted
Posted

Hello

I recently set Eset to report Potentially Unsafe Application to Aggressive level. It detects 2 items in one of my clients:

 

Hash
88329937BD250FAE619BE31D16F1336A12854C29
Nome
EFI/CompuTrace.A
Tipo di rilevamento
Applicazione potenzialmente pericolosa
Tipo di oggetto
file
Uniform Resource Identifier (URI)
file://///Uefi Partition
Nome processo
C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
 
Hash
C6829973D3B488D1A55D3C8FE4708F7A388C5292
Nome
EFI/CompuTrace.A
Tipo di rilevamento
Applicazione potenzialmente pericolosa
Tipo di oggetto
file
Uniform Resource Identifier (URI)
file://///Uefi Partition/uefi:\\Volume 1\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\FjComputraceComponents
Nome processo
C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
 
Do you think it should be a false positive?
 
Thanks
 
 
 
 
Link to comment
Share on other sites
  • ESET Staff
IggyPop

IggyPop 14

Posted
  • ESET Staff
Posted (edited)

Hi,

if you are unsure if it should be the false positive I would recommend sending it to the samples@eset.com as a possible FP and asking them if it is a false positive or if not. But before doing that I would recommend checking out following KB article - https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab or another article which could be benefitial to you.

 

Thanks. 

Iggy 

Edited by IggyPop
Link to comment
Share on other sites
BrianMorris

BrianMorris 14

Posted
Posted

here’s an interesting comment:

 

https://www.dell.com/community/Virus-Spyware/UEFI-infiltration-found-by-ESET/td-p/6191946

CompuTrace is a commercial product that is embedded into firmware to help people recover stolen laptops.  Doing that requires it to exhibit some virus-like behavior, such as phoning home, and it can also be used to remotely wipe the system since some companies might want to do that if their laptops are stolen.  But before you can do any of that, you first have to activate your system's CompuTrace instance.  Dell includes the actual application in the firmware, but it doesn't do anything until it's activated.  If you haven't yet activated it, you also have the option of deactivating it, but if you do that you will NEVER be able to reactivate it.  And if you've already activated it, I believe it can never be fully deactivated.”

 

 

Link to comment
Share on other sites
eclipse79

eclipse79 4

Posted
  • Author
Posted
4 minutes ago, BrianMorris said:

here’s an interesting comment:

 

https://www.dell.com/community/Virus-Spyware/UEFI-infiltration-found-by-ESET/td-p/6191946

CompuTrace is a commercial product that is embedded into firmware to help people recover stolen laptops.  Doing that requires it to exhibit some virus-like behavior, such as phoning home, and it can also be used to remotely wipe the system since some companies might want to do that if their laptops are stolen.  But before you can do any of that, you first have to activate your system's CompuTrace instance.  Dell includes the actual application in the firmware, but it doesn't do anything until it's activated.  If you haven't yet activated it, you also have the option of deactivating it, but if you do that you will NEVER be able to reactivate it.  And if you've already activated it, I believe it can never be fully deactivated.”

 

 

Thank you!

Link to comment
Share on other sites
  • 1 month later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...