Product Communities
Sign In Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines
J.1
Contributor

ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

I got a report from  my system's ESET endpoint security software today:

 

NEW NOTIFICATION

Firewall event detected and blocked by Eset

An Event Log notification has occurred with the following parameters:

Category: Firewall detection
Monitored static group: All
Attempt was made to reach 67.217.69.93 on port 80 by a machine at (internal address) and blocked
1 per minute were noticed
Firewall detection . Event is one of {Security vulnerability exploitation}

 

The official detection was cited as JAVA/Exploit.CVE-2021-44228 . The destination given up there is an IP address in LogMeIn's block. The program ESET claims made this exploitation attempt is C:\Program Files (x86)\GoToMyPC\g2comm.exe. Prior to this, one of our other security/IPS systems claimed that other machines also attempted Log4j exploitations against several IP addresses. All of the target IPs were LogMeIn addresses. Is there something in the Gotomypc agent that causes security systems to believe that a log4j attack is being made?

‎01-05-2022 02:47 PM
Labels:
Tags (3)
0 Kudos
Reply
9 REPLIES 9
AshC
GoTo Manager
GoTo Manager

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

Thanks @J.1 

We will try to investigate this further and let the Community know our findings. 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
‎01-06-2022 01:37 PM
0 Kudos
Reply
J.1
Contributor

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

It happened again over the weekend.

 

NEW NOTIFICATION

Firewall event detected and blocked by Eset

An Event Log notification has occurred with the following parameters:

Category: Firewall detection
Monitored static group: All
Attempt was made to reach 216.115.214.177 on port 80 by a machine at (different internal address than last time) and blocked
1 per minute were noticed
Firewall detection . Event is one of {Security vulnerability exploitation}

 

216.115.214.177 is a Logmein/Goto address. According to our ESET records, the process making this attempt was once again C:\Program Files (x86)\GoToMyPC\g2comm.exe and the specific exploitation was JAVA/Exploit.CVE-2021-44228.

‎01-10-2022 07:52 AM
0 Kudos
Reply
J.1
Contributor

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

Firewall event detected and blocked by Eset

An Event Log notification has occurred with the following parameters:

Category: Firewall detection
Monitored static group: All
Attempt was made to reach 68.64.26.45 on port 80 by a machine at (internal address) and blocked
1 per minute were noticed
Firewall detection . Event is one of {Security vulnerability exploitation}

 

Once again, the target is a LogMeIn IP, and ESET says the detection is JAVA/Exploit.CVE-2021-44228, with the guilty process being C:\Program Files (x86)\GoToMyPC\g2comm.exe.

‎01-10-2022 11:37 AM
0 Kudos
Reply
J.1
Contributor

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

Happened again, several seconds ago. Please let us know why Gotomypc appears to be triggering Log4j detectors even though it's supposed to no longer use that code. Thank you.

‎01-10-2022 11:59 AM
0 Kudos
Reply
AshC
GoTo Manager
GoTo Manager

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

@J.1   Can you tell us what ESET product / version you're using there? 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
‎01-11-2022 12:00 PM
0 Kudos
Reply
J.1
Contributor

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

ESET Endpoint Security version 9.0.2032.6.  

ESET PROTECT (Server), Version 9.0 (9.0.1141.0)
ESET PROTECT (Web Console), Version 9.0 (9.0.138.0)

‎01-11-2022 12:09 PM
0 Kudos
Reply
AshC
GoTo Manager
GoTo Manager

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

@J.1  Thanks, we continue to investigate.  


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
‎01-11-2022 03:05 PM
0 Kudos
Reply
J.1
Contributor

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

Has there been any kind of progress in figuring this one out?

 

Thank you.

‎01-14-2022 03:21 PM
0 Kudos
Reply
AshC
GoTo Manager
GoTo Manager

Re: ESET software claims g2comm.exe (Gotomypc) is attempting a log4j exploitation

@J.1  We've reached out to ESET several times, but they have yet to respond to our requests.  It would be best moving forward to report the blockage directly to their support group to gain more attention. 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
‎02-16-2022 01:39 PM
0 Kudos
Reply
About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved