Stina 0 Posted February 11, 2023 Share Posted February 11, 2023 ESET Blocking Chrome Metamask Extension Download Today, my Metamask extension randomly corrupted on Chrome. I tried to reinstall the extension, but now ESET is repeatedly blocking it for being a "suspicious file." It does the same when trying to add it to Brave. I ran multiple scans & nothing has come up. I also additionally am able to use Metamask just fine on Firefox. I know I can simply un-quarantine the file on ESET, but I am concerned as to why this warning is coming up. I also had my boyfriend, who is on the same network and ESET license, try to download the extension, and it worked with no issue for him. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted February 11, 2023 Administrators Share Posted February 11, 2023 I was unable to reproduce it with Chrome. Was a threat detected after you've added the extension? Link to comment Share on other sites More sharing options...
Stina 0 Posted February 11, 2023 Author Share Posted February 11, 2023 Yes - every time I remove the extension and then re-add it, the threat comes back up. Link to comment Share on other sites More sharing options...
Stina 0 Posted February 11, 2023 Author Share Posted February 11, 2023 Link to comment Share on other sites More sharing options...
itman 1,758 Posted February 11, 2023 Share Posted February 11, 2023 Clear your Chrome browser cache. Then install legit Metamask extension from Chrome store. My best guess is Chrome is loading a bogus Metamask extension from its cache. Link to comment Share on other sites More sharing options...
Stina 0 Posted February 11, 2023 Author Share Posted February 11, 2023 Just now, itman said: Clear your Chrome browser cache. Then install legit Metamask extension from Chrome store. My best guess is Chrome is loading a bogus Metamask extension from its cache. I've cleared my cache and confirmed it's the legit link - still not working. I also cannot add the extension to any other browser (i.e. Brave). Link to comment Share on other sites More sharing options...
Stina 0 Posted February 11, 2023 Author Share Posted February 11, 2023 4 minutes ago, itman said: Clear your Chrome browser cache. Then install legit Metamask extension from Chrome store. My best guess is Chrome is loading a bogus Metamask extension from its cache. I also forgot to note that I even tried this on a completely fresh Chrome profile - no cache, no previous browsing history, etc. - still the same issue. Link to comment Share on other sites More sharing options...
itman 1,758 Posted February 11, 2023 Share Posted February 11, 2023 The next possibility is malware somehow is trying to load a bogus Metamask extension from a prior downloaded file on your disk: https://www.gtricks.com/chrome/how-to-manually-download-and-install-chrome-extensions/ . Since Brave is based on Chrome, I assume it also allows extensions to be manually loaded. Link to comment Share on other sites More sharing options...
Stina 0 Posted February 11, 2023 Author Share Posted February 11, 2023 1 minute ago, itman said: The next possibility is malware somehow is trying to load a bogus Metamask extension from a prior downloaded file on your disk: https://www.gtricks.com/chrome/how-to-manually-download-and-install-chrome-extensions/ . Since Brave is based on Chrome, I assume it also allows extensions to be manually loaded. I've ran several scans with both ESET and Malwarebytes and both are returning nothing. How could I potentially find this file? Link to comment Share on other sites More sharing options...
itman 1,758 Posted February 11, 2023 Share Posted February 11, 2023 (edited) 4 minutes ago, Stina said: I've ran several scans with both ESET and Malwarebytes and both are returning nothing. How could I potentially find this file? If the file is packed, encrypted, etc.., the code won't manifest until loaded into memory at which time is when Eset detects it. Edited February 11, 2023 by itman Link to comment Share on other sites More sharing options...
Stina 0 Posted February 11, 2023 Author Share Posted February 11, 2023 9 minutes ago, itman said: If the file is packed, encrypted, etc.., the code won't manifest until loaded into memory at which time is when Eset detects it. So at this point I just wait? Link to comment Share on other sites More sharing options...
Zeeman 0 Posted February 12, 2023 Share Posted February 12, 2023 I've had this from two separate machines tonight.. Can anyone test Brave with Metamask and ESET and see if this is a false positive perhaps? Link to comment Share on other sites More sharing options...
IsoPlanarPolygon 0 Posted February 12, 2023 Share Posted February 12, 2023 This is the same thing I am seeing. I did a quick screen capture. No it's not synched up I couldn't figure out how to record to separate windows at the same time. So I recorded the chrome extension window and the ESET window separately and cut them together. Link to comment Share on other sites More sharing options...
Stina 0 Posted February 12, 2023 Author Share Posted February 12, 2023 This definitely appears to be an ESET issue btw - I whitelisted the file and re-downloaded it with no issues and no threats. Link to comment Share on other sites More sharing options...
Stina 0 Posted February 12, 2023 Author Share Posted February 12, 2023 Appears I am not the only one! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted February 12, 2023 Administrators Share Posted February 12, 2023 9 hours ago, Stina said: Yes - every time I remove the extension and then re-add it, the threat comes back up. Please provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
Daarky0 0 Posted February 12, 2023 Share Posted February 12, 2023 Hello, I am in the same situation as. Since yesterday morning, eset has detected the metamask extension as a suspicious object Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted February 12, 2023 Administrators Share Posted February 12, 2023 4 hours ago, Daarky0 said: I am in the same situation as. Since yesterday morning, eset has detected the metamask extension as a suspicious object Please do as requested in my post above and provide ELC logs. Link to comment Share on other sites More sharing options...
Stina 0 Posted February 12, 2023 Author Share Posted February 12, 2023 15 hours ago, Stina said: Yes - every time I remove the extension and then re-add it, the threat comes back up. I provided logs here. I already resolved the issue by just adding the file to list of exceptions because frankly I knew it was a bug Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted February 12, 2023 Administrators Share Posted February 12, 2023 35 minutes ago, Stina said: I provided logs here. I already resolved the issue by just adding the file to list of exceptions because frankly I knew it was a bug I see only screenshots you've posted, not logs collected with ESET Log Collector which are needed since I'm unable to reproduce the detection by adding the said browser extension. Link to comment Share on other sites More sharing options...
Daarky0 0 Posted February 12, 2023 Share Posted February 12, 2023 1 hour ago, Marcos said: Please do as requested in my post above and provide ESET Log Collector logs. I can't create a support ticket with logs because the max upload is 21 mb, my zip have 51 mb Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted February 12, 2023 Administrators Share Posted February 12, 2023 The limit for uploaded files here in the forum is 100MB. If the generated archive is bigger upload it to a file sharing service, such as OneDrive, Dropbox, etc. and drop me a private message with a download link. Link to comment Share on other sites More sharing options...
IsoPlanarPolygon 0 Posted February 12, 2023 Share Posted February 12, 2023 I figured out how to add output of multiple windows with OBS. Just can't get the popup that shows. Here is the complete log in binary as requested. It's still an ongoing problem. DoingLogCollect.mp4 essp_logs.zip Link to comment Share on other sites More sharing options...
IsoPlanarPolygon 0 Posted February 12, 2023 Share Posted February 12, 2023 I figured out how to do display capture in OBS. So you see the true effect of the situation. I hesitate to use the "fix" of ignore the file. I understand that will work, but not knowing why this is occuring makes me wonder if there is indeed an issue. On another note, For some unknown reason the "primary" display appears kind of shaded in OBS compared to the secondary other one. 2023-02-12 11-26-22.mp4 Link to comment Share on other sites More sharing options...
triple_f 0 Posted February 12, 2023 Share Posted February 12, 2023 Same problem here since 8 hours ago: Eset is treating Metamask files as suspicious. No workaround here, sadly Link to comment Share on other sites More sharing options...
Recommended Posts