Scan eset endpoint detected EFI/CompuTrace.A

[Xaviku 0]

Hi, today i scan a laptop dell inspiron 3501 with the last bios version, and appear the detection EFI/CompuTrace.A, how i can fix this?

[Marcos 4,704]

Since it's unlikely that upgrading your UEFI firmware would get rid of the Computrace app, the only way how to deal with it is typically creating a detection exclusion as per https://support.eset.com/en/kb6567.

[Xaviku 0]

I know about that this topic and i was read that way to could create an exclusion in ESET, but my principal question is if this kind of detection it´s a virus or no?, it´s a topic with importance, because in the machine with this detection in a Santander portal Bank, yesterday the bank close the session and drop an alert showing that the machine having  a malware, i was run a scan in the laptop and the only detection was EFI/CompuTrace.A:

\\Uefi Partition » UEFI » uefi:\\Volume 6\Firmware Volume Image {1303221F-4197-B792-2466-F49E45233681}\Volume 1\efiinstnats - una variante de EFI/CompuTrace.A aplicación potencialmente no segura - no se puede desinfectar

 

It´s secure work with this laptop in my bank´s portal?

[itman 1,538]

20 minutes ago, Xaviku said:

t´s a topic with importance, because in the machine with this detection in a Santander portal Bank, yesterday the bank close the session and drop an alert showing that the machine having  a malware

Were you running the browser in Eset Banking and Payment Protection mode when this occurred?

B&PP mode would be invoked if you have the "Secure all browsers" option enabled or you manually invoked B&PP via its desktop icon.

[itman 1,538]

As far as CompuTrace goes, it's not malware per se but rather, vulnerable software that can be exploited.

Ref.: https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/

[Xaviku 0]

Were you running the browser in Eset Banking and Payment Protection mode when this occurred?

No, the user are use the Google Chrome.

Ok, i understand, so i don´t need anything to solve this detection only exluded?, this detection is not a virus?

[itman 1,538]

As far as Banco Santander's web site goes: https://www.santander.com.mx/ , it appears it is using IBM's Trusteer Rapport software for security protection. That software is super aggressive. I am wondering if it conflicts with Eset B&PP?

[Xaviku 0]

This is the warning window that appear in the computer. the user use google chrome, not incognit mode or the secure search of ESET. Can you explain me the B&PP i do not know what is?

[itman 1,538]

3 minutes ago, Xaviku said:

Ok, i understand, so i don´t need anything to solve this detection only exluded?, this detection is not a virus?

Eset classifies CompuTrace as a PUA.

[itman 1,538]

4 minutes ago, Xaviku said:

Can you explain me the B&PP i do not know what is

Sorry, appears Eset Endpoint products don't include Banking & Payment Protection feature.

[itman 1,538]

6 minutes ago, Xaviku said:

I am not fluent in the Spanish language. You will need to translate the alert to English.

[Xaviku 0]

sorry:

Dear customer, our anti-fraud systems have alerted a possible situation of malicious virus (malware) in your computer equipment. For security this session will be closed and should:
1. Run Trusteer Rapport or your antivirus of choice to remove the malware and update the password.
2. operate on other equipment that has no suspicion of infection

[Xaviku 0]

The topic here is that, the only detection that appear in the laptop is that mentioned before.

[Xaviku 0]

The B&PP feature, how i can added to my Endpoint?

[Marcos 4,704]

1 hour ago, Xaviku said:

The B&PP feature, how i can added to my Endpoint?

It's called Secure browser in Endpoint:

[Xaviku 0]

ok, and activating this option: secure all browsers, i´m protected?

[itman 1,538]

-EDIT- The first thing to check is if Trusteer Rapport software is installed on the device. If it is, read the following.

I have a hunch what the issue may be in regards to the Truster Rapport alert from the Banco Santander's web site.

It's been a few years since I've "played" with Trusteer Rapport. However, I believe the following still applies to its use. Banks that use Trusteer Rapport software on their servers usually offer their customers the option to download and install the client version of the software w/o charge. In fact I would assume a number of these banks mandate the use of the client software in order to perform online banking with them. 

The problem is the client version of Trusteer Rapport conflicts with a number of AV vendors software in contradiction to Trusteer Rapport's claims it does not. One thing I noticed "off the top" is this URL, https://www.santander.com.mx/ , is not excluded from Eset's SSL/TLS protocol scanning. My suspicion here is Trusteer Rapport is detecting Eset's SSL/TLS protocol scanning as malicious man-in-the-middle activity. You can try to add the certificate associated with the above URL to Eset SSL/TLS list of known certificates which will eliminate Eset from scanning on that web page. The problem here is if Banco Santander uses a different certificate for each web site page/section. If that's the case, each certificate would have to be added. 

Edited April 13 by itman