Chas4 10 Posted October 22, 2023 Author Share Posted October 22, 2023 7 hours ago, sesk said: ur not on sonoma, are u? if the log collector crash, your system is probably not as clean as it should be?! Nope can't get macOS 14 on this one (can via a 3rd party tool). And the log collector crash is an older bug I have seen in in previous versions of the ESET log collector also (even ESET support has seen it crash when collecting logs while in a remote session) Link to comment Share on other sites More sharing options...
Chas4 10 Posted October 30, 2023 Author Share Posted October 30, 2023 GUI still broken after ESET update Update release notes link in ESET hxxp://repository.eset.com/v1/com/eset/apps/home/eav/mac/v7/7.4.1600.0/eset_cybersecurity_mlp_10.pkg.changelog.html Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted October 30, 2023 ESET Staff Share Posted October 30, 2023 Your quarantine issue is not fixed in 7.4.1600.0 yet. As I wrote you in private message: I advice you to restore file you are need and were moved to quarantine by reinstalling those application, or from valid backup and then delete quarantine content by deleting quarantine folder. macOS restart after quarantine folder deletion is required. If the product is still detecting you files and you are sure that it is false positive detections you could setup performance exclusion on those files but it lowers your security. It is on you own risk!!!, you must be sure that files you are excluding are safe. Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted November 3, 2023 ESET Staff Share Posted November 3, 2023 Chas4, we apologies for long time of processing files you were reported to ESET. Thank you for your reports. Now, we made some improvements in false positive detections. Product should not detect file for latest installation of WINE or CrossOver as infections. It should be applied to already released builds, so 7.4.1600.0 should not detect it as well. Link to comment Share on other sites More sharing options...
Chas4 10 Posted November 3, 2023 Author Share Posted November 3, 2023 33 minutes ago, Robertos said: Chas4, we apologies for long time of processing files you were reported to ESET. Thank you for your reports. Now, we made some improvements in false positive detections. Product should not detect file for latest installation of WINE or CrossOver as infections. It should be applied to already released builds, so 7.4.1600.0 should not detect it as well. Won't be able to check till the quarantine GUI bug is fixed or if I can manually remove the file Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted November 4, 2023 ESET Staff Share Posted November 4, 2023 We are working on quarantine fix, but next planned release for ECS is in Q2/2024. May be there will be not-planned hot fix release, but as you know it is not planned so I can not tell when it will be released or whether it will be. If in the quarantine are files required by WINE or CrossOver is not better choice for you to make new clean installation of latest versions of those product and manually delete quarantine in ECS? Link to comment Share on other sites More sharing options...
Chas4 10 Posted November 4, 2023 Author Share Posted November 4, 2023 2 hours ago, Robertos said: We are working on quarantine fix, but next planned release for ECS is in Q2/2024. May be there will be not-planned hot fix release, but as you know it is not planned so I can not tell when it will be released or whether it will be. If in the quarantine are files required by WINE or CrossOver is not better choice for you to make new clean installation of latest versions of those product and manually delete quarantine in ECS? Is there a way to manually figure out what the 1 file is so I can manually remove the file to get the GUI working again? It is just Crossover which has a polished version of WINE (https://www.codeweavers.com/crossover#mac) and a GUI and scripts, and CPU level translations that make it easier to install Windows programs on macOS without Windows, and it is frameworks used by the apps that have had false positives for years. Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted November 5, 2023 ESET Staff Share Posted November 5, 2023 We do not know it yet. I will inform you if find any useable workaround. Link to comment Share on other sites More sharing options...
Chas4 10 Posted November 5, 2023 Author Share Posted November 5, 2023 Until the work around I can't get a path to the false positive on the WINE file that I noticed. Or if you can figure out what the cryptic name for the 1 byte file is I can manually remove that from the quarantine (the file I got from a phishing email with that attached). Side note https://www.virustotal.com/gui/file/14c6bb9271eb740d5244759e52badbc309ab294299434b71bf132985a37cbbc3/detection That .doc file I sent to ESET 10 days ago, it is part of a IRS phishing email (it is 424 KB in size so it would be more than just a url in the email) Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted November 8, 2023 ESET Staff Share Posted November 8, 2023 Chas4, if you delete these files from your quarantine: /Library/Application Support/ESET/Security/cache/quarantine/root/356A192B7913B04C54574D18C28D46E6395428AB.NDF /Library/Application Support/ESET/Security/cache/quarantine/root/356A192B7913B04C54574D18C28D46E6395428AB.NQF quarantine in the product will start to work again. Link to comment Share on other sites More sharing options...
Chas4 10 Posted November 8, 2023 Author Share Posted November 8, 2023 31 minutes ago, Robertos said: Chas4, if you delete these files from your quarantine: /Library/Application Support/ESET/Security/cache/quarantine/root/356A192B7913B04C54574D18C28D46E6395428AB.NDF /Library/Application Support/ESET/Security/cache/quarantine/root/356A192B7913B04C54574D18C28D46E6395428AB.NQF quarantine in the product will start to work again. @Robertos I did delete 356A192B7913B04C54574D18C28D46E6395428AB still no go, is it the same name for both of them? Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted November 8, 2023 ESET Staff Share Posted November 8, 2023 1 hour ago, Chas4 said: @Robertos I did delete 356A192B7913B04C54574D18C28D46E6395428AB still no go, is it the same name for both of them? Did you restart macOS? It is required after such change. Link to comment Share on other sites More sharing options...
Chas4 10 Posted November 8, 2023 Author Share Posted November 8, 2023 (edited) 1 hour ago, Robertos said: Did you restart macOS? It is required after such change. Not yet @Robertos it did not work after the restart (strange forum bug has bold stuck) Edited November 8, 2023 by Chas4 Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted November 8, 2023 ESET Staff Share Posted November 8, 2023 Two ESET developers replicated your issue with content of your quarantine. Removing '356A192B7913B04C54574D18C28D46E6395428AB.*' from root quarantine fixed the issue and quarantine started to work for both developers. Let me summarize what you should do, more deeply: upgrade product to ECS 7.4.1600.0, the latest version of v7, we tested it with this build go in Terminal to you quarantine folder cd /Library/Application Support/ESET/Security/cache/quarantine check owners and POSIX right of your quarantine subfolders and files. Check it for files in subfolders too. Correct settings is for folder is: rwxrwx--- eset-ecsm-scand eset-ecsm-daemons file is: rw------- eset-ecsm-scand eset-ecsm-daemons if you settings are different correct it by these commands for: files: sudo chown eset-ecsm-scand:eset-ecsm-daemons *.* sudo chmod 600 *.* subfolders: sudo chown eset-ecsm-scand:eset-ecsm-daemons <replace_by_subfolder_name> sudo chmod 770 <replace_by_subfolder_name> in quarantine folder fro root user delete problematic files cd root rm -Rf 356A192B7913B04C54574D18C28D46E6395428AB.* verify that problematic files are removed ls -la | grep 356A192B7913B04C54574D18C28D46E6395428AB must return nothing restart macOS you quarantine in GUI or terminal should be working Link to comment Share on other sites More sharing options...
Chas4 10 Posted November 8, 2023 Author Share Posted November 8, 2023 20 minutes ago, Robertos said: Two ESET developers replicated your issue with content of your quarantine. Removing '356A192B7913B04C54574D18C28D46E6395428AB.*' from root quarantine fixed the issue and quarantine started to work for both developers. Let me summarize what you should do, more deeply: upgrade product to ECS 7.4.1600.0, the latest version of v7, we tested it with this build go in Terminal to you quarantine folder cd /Library/Application Support/ESET/Security/cache/quarantine check owners and POSIX right of your quarantine subfolders and files. Check it for files in subfolders too. Correct settings is for folder is: rwxrwx--- eset-ecsm-scand eset-ecsm-daemons file is: rw------- eset-ecsm-scand eset-ecsm-daemons if you settings are different correct it by these commands for: files: sudo chown eset-ecsm-scand:eset-ecsm-daemons *.* sudo chmod 600 *.* subfolders: sudo chown eset-ecsm-scand:eset-ecsm-daemons <replace_by_subfolder_name> sudo chmod 770 <replace_by_subfolder_name> in quarantine folder fro root user delete problematic files cd root rm -Rf 356A192B7913B04C54574D18C28D46E6395428AB.* verify that problematic files are removed ls -la | grep 356A192B7913B04C54574D18C28D46E6395428AB must return nothing restart macOS you quarantine in GUI or terminal should be working Already updated to 7.4.1600.0, when it came out as mentioned above I manually removed the file listed from quarantine via Finder (temp added my user account to the folder permissions to do so, then removed when I was done). @Robertos Do you want to continue this in the private message? Link to comment Share on other sites More sharing options...
ESET Staff Robertos 44 Posted November 11, 2023 ESET Staff Share Posted November 11, 2023 If you did everything correctly and it still not working you should wait for release of build with fixed quarantine issue. May be you could try one more hint: problematic file is in quarantine subfolder 'root' You could move this folder outside of quarantine subfolder to another disc location, e.g. to you ~/Documents/. Move means thet root folder is deleted in original location. Next restart macoS. Then try quarantine in GUI again, it should work. This allows you to restore all files except the ones that were in root subfolder. You can return root subfolder back after we release build with quarantine fix and then you will could restore rest of you files. Link to comment Share on other sites More sharing options...
Chas4 10 Posted November 27, 2023 Author Share Posted November 27, 2023 A fix looks to be coming in a future version. Link to comment Share on other sites More sharing options...
Recommended Posts