Tetranitrocubane 0 Posted May 25 Share Posted May 25 (edited) I was doing some various troubleshooting on my computer this afternoon, when something odd started happening. At a certain point, I ran Sysinspector to ensure that nothing untoward was happening on the system. Two and a half hours later, the ESET event log showed that ESET started to upload Sysinspector files to the ESET Virus lab, and continued doing so every few hours. I cannot locate these files that ESET is uploading. The ESET log shows that ESET never uploaded anything to the Virus Lab before today, so this has me very worried. If these files are suspicious, why didn't ESET alert me to them? Why didn't ESET even verify or notify me that it was uploading these files? Why is ESET suspicious of files generated by a part of its own software? Why does ESET continue to find more and more of the .mdmp files, even though I've only collect two Sysinspector snapshots? Where ARE these .mdmp files located on the system? I cannot find them anywhere, even with a powershell driven command line search. Overall, is this expected and normal behavior? Or an indication something is wrong? If something is wrong, why is ESET silently doing this without sending me notice? Thanks tremendously. I admit I'm out of my depth on this one. Edited May 25 by Tetranitrocubane Clarification in a sentence Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted May 25 Administrators Share Posted May 25 Those mdmp are minidumps from a crash. It appears that SysInspector was crashing on your machine for some reason. Have you recently tried to launch it several times and each time a minidump was generated? Please provide logs collected with ESET Log Collector from the machine. Quote Link to comment Share on other sites More sharing options...
itman 1,538 Posted May 25 Share Posted May 25 9 hours ago, Tetranitrocubane said: Overall, is this expected and normal behavior? Or an indication something is wrong? If something is wrong, why is ESET silently doing this without sending me notice? If you do not desire Eset statistical and performance date to be submitted to Eset servers, disable the two settings shown in the below screen shot: Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 0 Posted May 25 Author Share Posted May 25 7 hours ago, Marcos said: Those mdmp are minidumps from a crash. It appears that SysInspector was crashing on your machine for some reason. Have you recently tried to launch it several times and each time a minidump was generated? Please provide logs collected with ESET Log Collector from the machine. No, as a matter of fact, at the times when theses minidumps were uploaded, I was not trying to run Sysinspector at all. This smells fishy. I have generated the requested logs. Is it safe to upload them here? I am unsure if the logs contain sensitive system information that should not be public. Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 0 Posted May 25 Author Share Posted May 25 2 minutes ago, itman said: If you do not desire Eset statistical and performance date to be submitted to Eset servers, disable the two settings shown in the below screen shot: I have no issue with the samples being submitted - I just would like ESET to alert me when it sees malware activity so I know a system is potentially compromised. Quote Link to comment Share on other sites More sharing options...
itman 1,538 Posted May 25 Share Posted May 25 1 minute ago, Tetranitrocubane said: I have generated the requested logs. Is it safe to upload them here? I am unsure if the logs contain sensitive system information that should not be public. Only Eset moderators can access forum posted attachments. Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 0 Posted May 25 Author Share Posted May 25 7 minutes ago, itman said: Only Eset moderators can access forum posted attachments. Great! Thank you for the reassurance, itman. I have uploaded the logs as requested. eav_logs_2.zip Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 0 Posted May 26 Author Share Posted May 26 On 5/25/2023 at 6:26 AM, Tetranitrocubane said: Great! Thank you for the reassurance, itman. I have uploaded the logs as requested. eav_logs_2.zip 57.5 MB · 0 downloads Not to be rude, but is any further information required? I am trying to avoid using the impacted machine until there's word on these logs. Thanks much! Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted May 26 Administrators Share Posted May 26 A ticket has been created for developers, we'll keep you posted. However, it's just a dump from a SysInspector crash so if you don't experience any issues with it, it's not a problem. P_ESSW-16604 Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 0 Posted May 26 Author Share Posted May 26 12 minutes ago, Marcos said: A ticket has been created for developers, we'll keep you posted. However, it's just a dump from a SysInspector crash so if you don't experience any issues with it, it's not a problem. P_ESSW-16604 Thanks tremendously, Marcos! I'll stand by, and in the meantime, proceed as normal. Very much appreciate your help! Quote Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,704 Posted Wednesday at 09:17 AM Administrators Solution Share Posted Wednesday at 09:17 AM A fix for the crash will be included in v16.2 and newer once available. Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 0 Posted 14 hours ago Author Share Posted 14 hours ago On 5/31/2023 at 2:17 AM, Marcos said: A fix for the crash will be included in v16.2 and newer once available. Much appreciated! I still don't understand how Sysinspector could crash when I wasn't running it, but this seems like an issue that will be resolved with the next version update. Thank you much. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.