Serious bug reporting

Discussion in 'ESET Smart Security' started by forbidden, Oct 1, 2011.

Thread Status:
Not open for further replies.
  1. forbidden

    forbidden Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    Hi!

    Is this an official contact channel for ESET?

    I reported a serious issue with ESS over the contact form on the web site, but got zero response. (ironically, the issue was closed for the reason "no activity from my side").

    The issue is about malware evading detection and executing (on a PC runing ESS), so I would prefer to not make the details public.
    Unless ESET has nothing against that.

    Regards,
    forbidden (my first choice of username was rejected for containing forbidden words...)
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. forbidden

    forbidden Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    Re: Serius bug reporting

    Not sure (it does not display any form on that page, weird).
    It was some contact form somewhere on ESET web site.
    I got an email response, that it is being forwarded to engineers or similar.
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Did you submit samples per the instructions that Cudni referenced? If so, please send me a private message with the email address used, subject of the email and the approximate date it was sent, and I can check with ESET's virus lab on the status of your sample submission.

    Regards,

    Aryeh Goretsky
     
  5. forbidden

    forbidden Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    As mentioned, I did not send email, but used a web form.
    In the replies I received this was mentioned: ESET id: 908247


    Does that help?

    PS: There was no sample involved, it is a general issue.
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The '908247' ID does not seem to be for a support ticket in the U.S. system (the location where I am based). In any case, ESET's virus lab is operated separately from its support department.

    If you wish to report malicious software, please follow the instructions here to contact ESET's virus lab.

    Regards,

    Aryeh Goretsky
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I heard back from the distributor you reported the issue to, who forwarded to ESET's developers for review. It is under investigation, and as soon as more information is available (or they have additional questions) someone will be in touch with you.

    Regards,

    Aryeh Goretsky
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    2 weeks for a response from ESET on here :eek:

    Seems to happen a lot :(

    Why ?
     
  9. forbidden

    forbidden Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    1.) Another AV vendor fixed a similar issue in 7 days after reporting.

    2.) I reported this issue to ESET in August. Additionally I informed the contact that I plan to publish the information in October. As I got new response from ESET (basically this forum thread), I decided to postpone that to November.

    November is around the corner. So, does anyone have any objections?

    Regards,
    forbidden
     
  10. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The issue was fixed in Antivirus and Antispyware module v1329, released to the public a few days ago.

    Regards,

    Aryeh Goretsky
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd add that it wasn't a real issue as there hasn't been much malware exploiting it and all such malware was detected at least during memory scans and removed upon the next system start.
     
  12. forbidden

    forbidden Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    Is memory scan automatic?
    After I started my test file it kept on running.
    It was killed if I started a manual scan.

    The new module fails to delete such a file when on a USB stick. It recommends a reboot (I did not test that).
     
Thread Status:
Not open for further replies.