Jump to content

Suddenly, multiple File 'Sysinspector_[Numbers].mdmp' was sent to ESET Virus Lab' Entries...

Tetranitrocubane
 Share
Go to solution Solved by Marcos,

Recommended Posts

Tetranitrocubane

Tetranitrocubane 1

Posted
Posted (edited)

I was doing some various troubleshooting on my computer this afternoon, when something odd started happening.

At a certain point, I ran Sysinspector to ensure that nothing untoward was happening on the system. Two and a half hours later, the ESET event log showed that ESET started to upload Sysinspector files to the ESET Virus lab, and continued doing so every few hours. I cannot locate these files that ESET is uploading.

image.thumb.png.8c3c5758a0198852d0809f0b615f2e12.png The ESET log shows that ESET never uploaded anything to the Virus Lab before today, so this has me very worried.

  1. If these files are suspicious, why didn't ESET alert me to them? Why didn't ESET even verify or notify me that it was uploading these files?
  2. Why is ESET suspicious of files generated by a part of its own software?
  3. Why does ESET continue to find more and more of the .mdmp files, even though I've only collect two Sysinspector snapshots?
  4. Where ARE these .mdmp files located on the system? I cannot find them anywhere, even with a powershell driven command line search.

Overall, is this expected and normal behavior? Or an indication something is wrong? If something is wrong, why is ESET silently doing this without sending me notice?

Thanks tremendously. I admit I'm out of my depth on this one.

Edited by Tetranitrocubane
Clarification in a sentence
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,071

Posted
  • Administrators
Posted

Those mdmp are minidumps from a crash. It appears that SysInspector was crashing on your machine for some reason. Have you recently tried to launch it several times and each time a minidump was generated?

Please provide logs collected with ESET Log Collector from the machine.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
9 hours ago, Tetranitrocubane said:

Overall, is this expected and normal behavior? Or an indication something is wrong? If something is wrong, why is ESET silently doing this without sending me notice?

If you do not desire Eset statistical and performance date to be submitted to Eset servers, disable the two settings shown in the below screen shot:

Eset_Diagnostics.thumb.png.a9c84c780ec581f554607b330b13b66d.png

Link to comment
Share on other sites
Tetranitrocubane

Tetranitrocubane 1

Posted
  • Author
Posted
7 hours ago, Marcos said:

Those mdmp are minidumps from a crash. It appears that SysInspector was crashing on your machine for some reason. Have you recently tried to launch it several times and each time a minidump was generated?

Please provide logs collected with ESET Log Collector from the machine.

No, as a matter of fact, at the times when theses minidumps were uploaded, I was not trying to run Sysinspector at all. This smells fishy.

I have generated the requested logs. Is it safe to upload them here? I am unsure if the logs contain sensitive system information that should not be public.

Link to comment
Share on other sites
Tetranitrocubane

Tetranitrocubane 1

Posted
  • Author
Posted
2 minutes ago, itman said:

If you do not desire Eset statistical and performance date to be submitted to Eset servers, disable the two settings shown in the below screen shot:

Eset_Diagnostics.thumb.png.a9c84c780ec581f554607b330b13b66d.png

I have no issue with the samples being submitted - I just would like ESET to alert me when it sees malware activity so I know a system is potentially compromised.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
1 minute ago, Tetranitrocubane said:

I have generated the requested logs. Is it safe to upload them here? I am unsure if the logs contain sensitive system information that should not be public.

Only Eset moderators can access forum posted attachments.

Link to comment
Share on other sites
Tetranitrocubane

Tetranitrocubane 1

Posted
  • Author
Posted
On 5/25/2023 at 6:26 AM, Tetranitrocubane said:

Great! Thank you for the reassurance, itman. 

I have uploaded the logs as requested.

eav_logs_2.zip 57.5 MB · 0 downloads

Not to be rude, but is any further information required? I am trying to avoid using the impacted machine until there's word on these logs. Thanks much!

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,071

Posted
  • Administrators
Posted

A ticket has been created for developers, we'll keep you posted. However, it's just a dump from a SysInspector crash so if you don't experience any issues with it, it's not a problem.

P_ESSW-16604

Link to comment
Share on other sites
Tetranitrocubane

Tetranitrocubane 1

Posted
  • Author
Posted
12 minutes ago, Marcos said:

A ticket has been created for developers, we'll keep you posted. However, it's just a dump from a SysInspector crash so if you don't experience any issues with it, it's not a problem.

P_ESSW-16604

Thanks tremendously, Marcos! I'll stand by, and in the meantime, proceed as normal.

Very much appreciate your help!

Link to comment
Share on other sites
Tetranitrocubane

Tetranitrocubane 1

Posted
  • Author
Posted
On 5/31/2023 at 2:17 AM, Marcos said:

A fix for the crash will be included in v16.2 and newer once available.

Much appreciated! I still don't understand how Sysinspector could crash when I wasn't running it, but this seems like an issue that will be resolved with the next version update. Thank you much.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...