Jump to content

Recommended Posts

Today I received a notification that ESET sent LsaIso.exe to the Virus Lab for analysis. The file has been on my computer since I first used it and I’m concerned as to why ESET is submitting it now. When I look at Task Manager and check it’s location and properties it takes me to System32 and it was signed by Microsoft last month. When I search for it in my File Explorer I get four instances of it. I scanned all four with ESET and they came back clean. ESET’s running process tool also says that it has a green reputation and was first discovered a week ago. I’m really concerned that it was either submitting an instance I can’t see of the file in File Explorer or that the legitimate one was hijacked. Please let me know if I should take action or not.

Link to comment
Share on other sites

  • Administrators

Please provide logs collected with ESET Log Collector. Clean files may be submitted too if they are suspicious for whatever reason or if they have not been received yet from other users.

Link to comment
Share on other sites

 

5 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector. Clean files may be submitted too if they are suspicious for whatever reason or if they have not been received yet from other users.

Which boxes should I check on the Log Collector? Everything or just the ones related to ESET?

Link to comment
Share on other sites

Going back to the four instances I put all four through ESET's Check File Reputation tool and another came back the same way with a green reputation and discovery of 1 week ago. But the other two came back saying Unavailable for both discovery time and reputation. I've scanned them and all four came back clean, but I'm still worried there's another instance of the file somewhere else that I can't find or get to or that one of the four I can get to have been hijacked and ESET submitted it because of that but can't clean it or detect the threat.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...