Jump to content

Failed to detect new instance of same file?


haioken
 Share

Recommended Posts

Hi ESET Community,

 

ESET AU support is taking a little bit longer than I'd like to get back to me (because I'm admittedly rather impatient.)

 

I am currently investigating rolling out ESET EndPoint antivirus to a domain of 50+ computers.

 

We have a document containing what ESET identifies as Win32/Kryptic.EMBF that I'm currently using for testing, as we had a PC recently infected via this document.

 

When emailled to me yesterday, this document was collected from my email and moved to infected items (which I expect). The copy in a folder on my desktop was also picked up and removed when accessing the directory in question.

I subsequently installed EndPoint antivirus on my Manager's machine with the same policies, and did the same as a demonstration, however unfortunately, it was not picked up in his email, nor in a folder on his desktop.

What is more worrying is that my manager has re-sent the file to me today, and while it was previously detected on this PC, in this case it was not detected by ESET EndPoint Secuirty. I have also saved and opened the infected document with no interference from ESET.

 

  • No alterations have been made to the configuration of my PC
  • the item has not been marked as safe
  • no directories are ignored
  • Email scanning is enabled
  • Realtime protection is enabled
  • Document scanning is enabled
  • Both PUA options are enabled
  • Detection of suspicious applications is enabled.

Scanning the file manually, the log entries are as follows:

 

Log

Scan Log
Version of virus signature database: 13493 (20160515)
Date: 16/5/2016  Time: 12:39:57 PM
Scanned disks, folders and files: C:\Users\haydenk\Desktop\instra.com_order_info.doc
Number of scanned objects: 1
Number of threats found: 0
Time of completion: 12:39:57 PM  Total scanning time: 0 sec (00:00:00)

 

Link to comment
Share on other sites

  • Administrators

Hello,

1, Win32/Kryptik detection is not a detection name for doc files but PE files. Please upload the file to a safe location and pm me the download link (maybe providing a hash would suffice).

2, Malicious doc files contain a macro that is removed during the cleaning. It could be that the doc file has already been cleaned and you then scanned a benign file that had no malicious code inside.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...