Xaviku 0 Posted April 11, 2023 Share Posted April 11, 2023 Hi, today i scan a laptop dell inspiron 3501 with the last bios version, and appear the detection EFI/CompuTrace.A, how i can fix this? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted April 12, 2023 Administrators Share Posted April 12, 2023 Since it's unlikely that upgrading your UEFI firmware would get rid of the Computrace app, the only way how to deal with it is typically creating a detection exclusion as per https://support.eset.com/en/kb6567. Link to comment Share on other sites More sharing options...
Xaviku 0 Posted April 12, 2023 Author Share Posted April 12, 2023 I know about that this topic and i was read that way to could create an exclusion in ESET, but my principal question is if this kind of detection it´s a virus or no?, it´s a topic with importance, because in the machine with this detection in a Santander portal Bank, yesterday the bank close the session and drop an alert showing that the machine having a malware, i was run a scan in the laptop and the only detection was EFI/CompuTrace.A: \\Uefi Partition » UEFI » uefi:\\Volume 6\Firmware Volume Image {1303221F-4197-B792-2466-F49E45233681}\Volume 1\efiinstnats - una variante de EFI/CompuTrace.A aplicación potencialmente no segura - no se puede desinfectar It´s secure work with this laptop in my bank´s portal? Link to comment Share on other sites More sharing options...
itman 1,755 Posted April 12, 2023 Share Posted April 12, 2023 20 minutes ago, Xaviku said: t´s a topic with importance, because in the machine with this detection in a Santander portal Bank, yesterday the bank close the session and drop an alert showing that the machine having a malware Were you running the browser in Eset Banking and Payment Protection mode when this occurred? B&PP mode would be invoked if you have the "Secure all browsers" option enabled or you manually invoked B&PP via its desktop icon. Link to comment Share on other sites More sharing options...
itman 1,755 Posted April 12, 2023 Share Posted April 12, 2023 As far as CompuTrace goes, it's not malware per se but rather, vulnerable software that can be exploited. Ref.: https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/ Link to comment Share on other sites More sharing options...
Xaviku 0 Posted April 12, 2023 Author Share Posted April 12, 2023 Were you running the browser in Eset Banking and Payment Protection mode when this occurred? No, the user are use the Google Chrome. Ok, i understand, so i don´t need anything to solve this detection only exluded?, this detection is not a virus? Link to comment Share on other sites More sharing options...
itman 1,755 Posted April 12, 2023 Share Posted April 12, 2023 As far as Banco Santander's web site goes: https://www.santander.com.mx/ , it appears it is using IBM's Trusteer Rapport software for security protection. That software is super aggressive. I am wondering if it conflicts with Eset B&PP? Link to comment Share on other sites More sharing options...
Xaviku 0 Posted April 12, 2023 Author Share Posted April 12, 2023 This is the warning window that appear in the computer. the user use google chrome, not incognit mode or the secure search of ESET. Can you explain me the B&PP i do not know what is? Link to comment Share on other sites More sharing options...
itman 1,755 Posted April 12, 2023 Share Posted April 12, 2023 3 minutes ago, Xaviku said: Ok, i understand, so i don´t need anything to solve this detection only exluded?, this detection is not a virus? Eset classifies CompuTrace as a PUA. Link to comment Share on other sites More sharing options...
itman 1,755 Posted April 12, 2023 Share Posted April 12, 2023 4 minutes ago, Xaviku said: Can you explain me the B&PP i do not know what is Sorry, appears Eset Endpoint products don't include Banking & Payment Protection feature. Link to comment Share on other sites More sharing options...
itman 1,755 Posted April 12, 2023 Share Posted April 12, 2023 6 minutes ago, Xaviku said: I am not fluent in the Spanish language. You will need to translate the alert to English. Link to comment Share on other sites More sharing options...
Xaviku 0 Posted April 12, 2023 Author Share Posted April 12, 2023 sorry: Dear customer, our anti-fraud systems have alerted a possible situation of malicious virus (malware) in your computer equipment. For security this session will be closed and should: 1. Run Trusteer Rapport or your antivirus of choice to remove the malware and update the password. 2. operate on other equipment that has no suspicion of infection Link to comment Share on other sites More sharing options...
Xaviku 0 Posted April 12, 2023 Author Share Posted April 12, 2023 The topic here is that, the only detection that appear in the laptop is that mentioned before. Link to comment Share on other sites More sharing options...
Xaviku 0 Posted April 12, 2023 Author Share Posted April 12, 2023 The B&PP feature, how i can added to my Endpoint? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted April 12, 2023 Administrators Share Posted April 12, 2023 1 hour ago, Xaviku said: The B&PP feature, how i can added to my Endpoint? It's called Secure browser in Endpoint: Link to comment Share on other sites More sharing options...
Xaviku 0 Posted April 12, 2023 Author Share Posted April 12, 2023 ok, and activating this option: secure all browsers, i´m protected? Link to comment Share on other sites More sharing options...
itman 1,755 Posted April 12, 2023 Share Posted April 12, 2023 (edited) -EDIT- The first thing to check is if Trusteer Rapport software is installed on the device. If it is, read the following. I have a hunch what the issue may be in regards to the Truster Rapport alert from the Banco Santander's web site. It's been a few years since I've "played" with Trusteer Rapport. However, I believe the following still applies to its use. Banks that use Trusteer Rapport software on their servers usually offer their customers the option to download and install the client version of the software w/o charge. In fact I would assume a number of these banks mandate the use of the client software in order to perform online banking with them. The problem is the client version of Trusteer Rapport conflicts with a number of AV vendors software in contradiction to Trusteer Rapport's claims it does not. One thing I noticed "off the top" is this URL, https://www.santander.com.mx/ , is not excluded from Eset's SSL/TLS protocol scanning. My suspicion here is Trusteer Rapport is detecting Eset's SSL/TLS protocol scanning as malicious man-in-the-middle activity. You can try to add the certificate associated with the above URL to Eset SSL/TLS list of known certificates which will eliminate Eset from scanning on that web page. The problem here is if Banco Santander uses a different certificate for each web site page/section. If that's the case, each certificate would have to be added. Edited April 13, 2023 by itman Link to comment Share on other sites More sharing options...
Recommended Posts