Serious bug reporting

Hi!

Is this an official contact channel for ESET?

I reported a serious issue with ESS over the contact form on the web site, but got zero response. (ironically, the issue was closed for the reason "no activity from my side").

The issue is about malware evading detection and executing (on a PC runing ESS), so I would prefer to not make the details public.
Unless ESET has nothing against that.

Regards,
forbidden (my first choice of username was rejected for containing forbidden words...)

 

Re: Serius bug reporting

Submitted using this form or ?
http://kb.eset.com/esetkb/index?page=content&id=SOLN141

 

Re: Serius bug reporting

Not sure (it does not display any form on that page, weird).
It was some contact form somewhere on ESET web site.
I got an email response, that it is being forwarded to engineers or similar.

 

Hello,

Did you submit samples per the instructions that Cudni referenced? If so, please send me a private message with the email address used, subject of the email and the approximate date it was sent, and I can check with ESET's virus lab on the status of your sample submission.

Regards,

Aryeh Goretsky

 

As mentioned, I did not send email, but used a web form.
In the replies I received this was mentioned: ESET id: 908247


Does that help?

PS: There was no sample involved, it is a general issue.

 

Hello,

The '908247' ID does not seem to be for a support ticket in the U.S. system (the location where I am based). In any case, ESET's virus lab is operated separately from its support department.

If you wish to report malicious software, please follow the instructions here to contact ESET's virus lab.

Regards,

Aryeh Goretsky

 

Hello,

I heard back from the distributor you reported the issue to, who forwarded to ESET's developers for review. It is under investigation, and as soon as more information is available (or they have additional questions) someone will be in touch with you.

Regards,

Aryeh Goretsky

 

2 weeks for a response from ESET on here

Seems to happen a lot

Why ?

 

1.) Another AV vendor fixed a similar issue in 7 days after reporting.

2.) I reported this issue to ESET in August. Additionally I informed the contact that I plan to publish the information in October. As I got new response from ESET (basically this forum thread), I decided to postpone that to November.

November is around the corner. So, does anyone have any objections?

Regards,
forbidden

 

Hello,

The issue was fixed in Antivirus and Antispyware module v1329, released to the public a few days ago.

Regards,

Aryeh Goretsky

 

I'd add that it wasn't a real issue as there hasn't been much malware exploiting it and all such malware was detected at least during memory scans and removed upon the next system start.

 

Is memory scan automatic?
After I started my test file it kept on running.
It was killed if I started a manual scan.

The new module fails to delete such a file when on a USB stick. It recommends a reboot (I did not test that).