Aspiring Techie 0 Posted October 13, 2022 Share Posted October 13, 2022 Today I received a notification that ESET sent LsaIso.exe to the Virus Lab for analysis. The file has been on my computer since I first used it and I’m concerned as to why ESET is submitting it now. When I look at Task Manager and check it’s location and properties it takes me to System32 and it was signed by Microsoft last month. When I search for it in my File Explorer I get four instances of it. I scanned all four with ESET and they came back clean. ESET’s running process tool also says that it has a green reputation and was first discovered a week ago. I’m really concerned that it was either submitting an instance I can’t see of the file in File Explorer or that the legitimate one was hijacked. Please let me know if I should take action or not. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted October 13, 2022 Administrators Share Posted October 13, 2022 Please provide logs collected with ESET Log Collector. Clean files may be submitted too if they are suspicious for whatever reason or if they have not been received yet from other users. Link to comment Share on other sites More sharing options...
Aspiring Techie 0 Posted October 13, 2022 Author Share Posted October 13, 2022 5 minutes ago, Marcos said: Please provide logs collected with ESET Log Collector. Clean files may be submitted too if they are suspicious for whatever reason or if they have not been received yet from other users. Which boxes should I check on the Log Collector? Everything or just the ones related to ESET? Link to comment Share on other sites More sharing options...
Aspiring Techie 0 Posted October 13, 2022 Author Share Posted October 13, 2022 Going back to the four instances I put all four through ESET's Check File Reputation tool and another came back the same way with a green reputation and discovery of 1 week ago. But the other two came back saying Unavailable for both discovery time and reputation. I've scanned them and all four came back clean, but I'm still worried there's another instance of the file somewhere else that I can't find or get to or that one of the four I can get to have been hijacked and ESET submitted it because of that but can't clean it or detect the threat. Link to comment Share on other sites More sharing options...
Recommended Posts