pedoc 0 Posted March 4, 2023 Share Posted March 4, 2023 When I use ESET(16.0.26.0 and the latest virus library ) to scan C:/Windows, he appeared the following report: 扫描日志 检测引擎的版本: 26846P (20230304) 日期: 2023/3/4 时间: 19:30:18 已扫描的磁盘、文件夹和文件: C:\Windows C:\Windows\SysWOW64\KernelBase.dll - Suspicious Object - 已保留 C:\Windows\SysWOW64\fundisc.dll - Suspicious Object - 已保留 C:\Windows\SysWOW64\printui.dll - Suspicious Object - 已保留 C:\Windows\WinSxS\wow64_fundisc_31bf3856ad364e35_10.0.25309.1000_none_6295fde85cbafff1\fundisc.dll - Suspicious Object - 已保留 C:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.25309.1000_none_0db40763d66c8036\KernelBase.dll - Suspicious Object - 已保留 C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_10.0.25309.1000_none_c2e6df7a95d2f158\printui.dll - Suspicious Object - 已保留 已扫描的对象数: 123038 检测数: 6 已清除的对象数: 0 完成时间: 19:36:09 总扫描时间: 351 秒 (00:05:51) Kernelbase.dll Fundisc.dll Printui.dll is listed as a suspicious object. If ESET is wrongly deleted these files, I think it will cause the system to collapse. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted March 4, 2023 Administrators Share Posted March 4, 2023 Couldn't it be that you are using a developer version of Windows 11? Are the files still detected when you re-scan them? If so, please provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
vanroy 0 Posted March 4, 2023 Share Posted March 4, 2023 (edited) +1 is false positive or what? ? Edited March 5, 2023 by vanroy Link to comment Share on other sites More sharing options...
hekkyUK 0 Posted March 4, 2023 Share Posted March 4, 2023 I have the same problem with files in syswow64 being detected - In my case kernelbase.dll, devrt.dll and printui.dll I'm running the latest Windows 11 developer build 22H2 build 25309.1000 ESET log collector file is here - https://www.dropbox.com/s/9z0lkaa8xf83coh/eav_logs.zip?dl=0 Link to comment Share on other sites More sharing options...
YOLO_SWAGGINS 0 Posted March 4, 2023 Share Posted March 4, 2023 I am on the dev version (alpha) if Windows 11 and the exact same thing is happening to me too, It just started about an hour ago. Only been on twitter/facebook and reddit today. Link to comment Share on other sites More sharing options...
pedoc 0 Posted March 5, 2023 Author Share Posted March 5, 2023 10 hours ago, Marcos said: Couldn't it be that you are using a developer version of Windows 11? Are the files still detected when you re-scan them? If so, please provide logs collected with ESET Log Collector. windows: 22H2 25306.1000 (dev channel) eset: 16.0.26.0 检测引擎;26849P;2023/3/4 快速响应模块;21888P;2023/3/4 更新模块;1027;2022/7/7 病毒和间谍软件防护扫描程序模块;1595.2;2023/3/3 高级启发式扫描模块;1219;2023/2/3 压缩文件支持模块;1338;2023/2/10 清除器模块;1233;2023/2/6 反隐藏支持模块;1184;2022/11/30 防火墙模块;1428.3;2023/2/13 翻译支持模块;1961;2023/2/27 HIPS 支持模块;1454;2023/2/15 Internet 防护模块;1451;2023/1/31 高级反垃圾邮件模块;7947.1;2023/2/22 数据库模块;1120;2023/1/30 配置模块;2050.3;2023/1/18 直接云通信模块;1131.4;2023/2/1 银行和付款保护模块;1297;2023/2/23 Rootkit 删除和清除模块;1033;2022/9/16 网络防护模块;1692;2022/7/15 脚本扫描程序模块;1145;2023/2/20 网络检查器模块;1048;2022/1/20 加密协议支持模块;1074;2023/2/16 高级垃圾邮件防护模块数据库;9078P;2023/3/4 深度行为检测支持模块;1124;2022/11/28 高级机器学习模块;1130;2023/2/15 遥测模块;1066.1;2022/5/24 安全中心集成模块;1038;2022/7/28 At the same time as this problem occurs, ESET Log Collector cannot be used, as this program also depends on KernelBase.dll, which eventually leads to the error. Even selecting Ignore has no effect. Link to comment Share on other sites More sharing options...
AnthonyQ 56 Posted March 5, 2023 Share Posted March 5, 2023 Not the first time that ESET LiveGrid incorrectly marks system files of Win 11 Dev version as suspicious objects. Simply whitelisting these files is not enough, the relevant team should find out the root cause of this false positive problem that happens again and again. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted March 5, 2023 Share Posted March 5, 2023 On 3/4/2023 at 7:42 PM, pedoc said: When I use ESET(16.0.26.0 and the latest virus library ) to scan C:/Windows, he appeared the following report: 扫描日志 检测引擎的版本: 26846P (20230304) 日期: 2023/3/4 时间: 19:30:18 已扫描的磁盘、文件夹和文件: C:\Windows C:\Windows\SysWOW64\KernelBase.dll - Suspicious Object - 已保留 C:\Windows\SysWOW64\fundisc.dll - Suspicious Object - 已保留 C:\Windows\SysWOW64\printui.dll - Suspicious Object - 已保留 C:\Windows\WinSxS\wow64_fundisc_31bf3856ad364e35_10.0.25309.1000_none_6295fde85cbafff1\fundisc.dll - Suspicious Object - 已保留 C:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.25309.1000_none_0db40763d66c8036\KernelBase.dll - Suspicious Object - 已保留 C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_10.0.25309.1000_none_c2e6df7a95d2f158\printui.dll - Suspicious Object - 已保留 已扫描的对象数: 123038 检测数: 6 已清除的对象数: 0 完成时间: 19:36:09 总扫描时间: 351 秒 (00:05:51) Kernelbase.dll Fundisc.dll Printui.dll is listed as a suspicious object. If ESET is wrongly deleted these files, I think it will cause the system to collapse. did you check for rootkits? Link to comment Share on other sites More sharing options...
pedoc 0 Posted March 5, 2023 Author Share Posted March 5, 2023 1 hour ago, el el amiril said: did you check for rootkits? After updating to the following versions, the problem seems to have gone away. 检测引擎;26851P;2023/3/5 快速响应模块;21890P;2023/3/5 更新模块;1027;2022/7/7 病毒和间谍软件防护扫描程序模块;1595.2;2023/3/3 高级启发式扫描模块;1219;2023/2/3 压缩文件支持模块;1338;2023/2/10 清除器模块;1233;2023/2/6 反隐藏支持模块;1184;2022/11/30 防火墙模块;1428.3;2023/2/13 翻译支持模块;1961;2023/2/27 HIPS 支持模块;1454;2023/2/15 Internet 防护模块;1451;2023/1/31 高级反垃圾邮件模块;7947.1;2023/2/22 数据库模块;1120;2023/1/30 配置模块;2050.3;2023/1/18 直接云通信模块;1131.4;2023/2/1 银行和付款保护模块;1297;2023/2/23 Rootkit 删除和清除模块;1033;2022/9/16 网络防护模块;1692;2022/7/15 脚本扫描程序模块;1145;2023/2/20 网络检查器模块;1048;2022/1/20 加密协议支持模块;1074;2023/2/16 高级垃圾邮件防护模块数据库;9080P;2023/3/5 深度行为检测支持模块;1124;2022/11/28 高级机器学习模块;1130;2023/2/15 遥测模块;1066.1;2022/5/24 安全中心集成模块;1038;2022/7/28 Link to comment Share on other sites More sharing options...
qpel 0 Posted March 5, 2023 Share Posted March 5, 2023 these files are still marked as suspicious Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted March 5, 2023 Administrators Share Posted March 5, 2023 1 hour ago, qpel said: these files are still marked as suspicious Please provide logs collected with ESET Log Collector. A screenshot won't help, we need the hashes of the detected files at least. Link to comment Share on other sites More sharing options...
pedoc 0 Posted March 6, 2023 Author Share Posted March 6, 2023 4 hours ago, Marcos said: Please provide logs collected with ESET Log Collector. A screenshot won't help, we need the hashes of the detected files at least. This problem has been mentioned in the previous reply, and the false positives make the ESET Log Collector tool not work properly. In addition, other netizens have provided logs. Also, the screenshot below contains the SHA-1 hash of the false positive file, but I can't copy it Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted March 6, 2023 Administrators Share Posted March 6, 2023 1 hour ago, pedoc said: This problem has been mentioned in the previous reply, and the false positives make the ESET Log Collector tool not work properly. In addition, other netizens have provided logs. Also, the screenshot below contains the SHA-1 hash of the false positive file, but I can't copy it None of the above hashes is blocked. 2 of them were removed from blacklist about 18 hours before you posted. Hashes can be copied from the Detections log by right-clicking the appropriate cell and selecting the appropriate option. Link to comment Share on other sites More sharing options...
vanroy 0 Posted March 11, 2023 Share Posted March 11, 2023 On 3/4/2023 at 9:51 AM, Marcos said: Couldn't it be that you are using a developer version of Windows 11? Are the files still detected when you re-scan them? If so, please provide logs collected with ESET Log Collector. Resolutions not use developer version of Windows 11. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted March 11, 2023 Administrators Share Posted March 11, 2023 More AVs detected those files initially, some were detected by Microsoft as well. We hope that Microsoft will start to sign their files or take other measures in cooperation with AV vendors to prevent false positives on non-prevalent files. el el amiril and peteyt 2 Link to comment Share on other sites More sharing options...
Recommended Posts