Jump to content

Scan eset endpoint detected EFI/CompuTrace.A


Xaviku

Recommended Posts

Hi, today i scan a laptop dell inspiron 3501 with the last bios version, and appear the detection EFI/CompuTrace.A, how i can fix this?

Link to comment
Share on other sites

I know about that this topic and i was read that way to could create an exclusion in ESET, but my principal question is if this kind of detection it´s a virus or no?, it´s a topic with importance, because in the machine with this detection in a Santander portal Bank, yesterday the bank close the session and drop an alert showing that the machine having  a malware, i was run a scan in the laptop and the only detection was EFI/CompuTrace.A:

\\Uefi Partition » UEFI » uefi:\\Volume 6\Firmware Volume Image {1303221F-4197-B792-2466-F49E45233681}\Volume 1\efiinstnats - una variante de EFI/CompuTrace.A aplicación potencialmente no segura - no se puede desinfectar

 

It´s secure work with this laptop in my bank´s portal?

Link to comment
Share on other sites

20 minutes ago, Xaviku said:

t´s a topic with importance, because in the machine with this detection in a Santander portal Bank, yesterday the bank close the session and drop an alert showing that the machine having  a malware

Were you running the browser in Eset Banking and Payment Protection mode when this occurred?

B&PP mode would be invoked if you have the "Secure all browsers" option enabled or you manually invoked B&PP via its desktop icon.

Link to comment
Share on other sites

Were you running the browser in Eset Banking and Payment Protection mode when this occurred?

No, the user are use the Google Chrome.

Ok, i understand, so i don´t need anything to solve this detection only exluded?, this detection is not a virus?

Link to comment
Share on other sites

This is the warning window that appear in the computer. the user use google chrome, not incognit mode or the secure search of ESET. Can you explain me the B&PP i do not know what is?

image.png

Link to comment
Share on other sites

3 minutes ago, Xaviku said:

Ok, i understand, so i don´t need anything to solve this detection only exluded?, this detection is not a virus?

Eset classifies CompuTrace as a PUA.

Link to comment
Share on other sites

4 minutes ago, Xaviku said:

Can you explain me the B&PP i do not know what is

Sorry, appears Eset Endpoint products don't include Banking & Payment Protection feature.

Link to comment
Share on other sites

6 minutes ago, Xaviku said:

image.png

I am not fluent in the Spanish language. You will need to translate the alert to English.

Link to comment
Share on other sites

sorry:

Dear customer, our anti-fraud systems have alerted a possible situation of malicious virus (malware) in your computer equipment. For security this session will be closed and should:
1. Run Trusteer Rapport or your antivirus of choice to remove the malware and update the password.
2. operate on other equipment that has no suspicion of infection

Link to comment
Share on other sites

  • Administrators
1 hour ago, Xaviku said:

The B&PP feature, how i can added to my Endpoint?

It's called Secure browser in Endpoint:

image.png

Link to comment
Share on other sites

-EDIT- The first thing to check is if Trusteer Rapport software is installed on the device. If it is, read the following.

I have a hunch what the issue may be in regards to the Truster Rapport alert from the Banco Santander's web site.

It's been a few years since I've "played" with Trusteer Rapport. However, I believe the following still applies to its use. Banks that use Trusteer Rapport software on their servers usually offer their customers the option to download and install the client version of the software w/o charge. In fact I would assume a number of these banks mandate the use of the client software in order to perform online banking with them. 

The problem is the client version of Trusteer Rapport conflicts with a number of AV vendors software in contradiction to Trusteer Rapport's claims it does not. One thing I noticed "off the top" is this URL, https://www.santander.com.mx/ , is not excluded from Eset's SSL/TLS protocol scanning. My suspicion here is Trusteer Rapport is detecting Eset's SSL/TLS protocol scanning as malicious man-in-the-middle activity. You can try to add the certificate associated with the above URL to Eset SSL/TLS list of known certificates which will eliminate Eset from scanning on that web page. The problem here is if Banco Santander uses a different certificate for each web site page/section. If that's the case, each certificate would have to be added. 

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...