-
1 Attachment(s)
ESET AV issue
Hello Friedrich
I see ESET/NOD32 is doing their best to make life a misery for us again.
I use web-based updating based on your example and ESET is flagging the
update file as suspicious and "most likely containing a new threat" -
see attachment.
The so-called suspect africlock-update.exe is signed with Comodo yet
this still happens.
Any ideas or advice?
Regards
Daan Marais
-
Re: ESET AV issue
Do what the dialog says - submit it to ESET. I'd also open a support
ticket
--
Russ Eggen
RADFusion International, LLC
-
Re: ESET AV issue
Thanks Russ, both done - will update here when I hear from them.
Daan
-
Re: ESET AV issue
Appreciate it as I have ESET too and they came up with false positives
in the past. Problem was, they seemed awfully slow in providing a fix.
--
Russ Eggen
RADFusion International, LLC
-
Re: ESET AV issue
Hi Daan,
ESET is a never ending story. We even had to add additional compiler
warnings.
For example:
---
CHANGE : IDE: Under certain circumstances, customers with "ESET security
solutions" installed (e.g. NOD32) sometimes get a "Fatal
Compiler Error: GEN1094: Cannot inject stub loader entrypoint:
Para1: C:\yada\yada.exe Para2: 91648 Para3: 6664" error during
the setup compilation process. This is caused by a
(false-positive) bug in ESET products. We have added an
additional compiler text: 'Note: If you are using an ESET
product and you see this error message, please contact ESET
Customer Care and refer to #TICKET 83977'.
---
Always report false-positives to the protection software vendor.
http://www.lindersoft.com/forums/showthread.php?p=69157
Friedrich
-
Re: ESET AV issue
Hello Friedrich
Yes - it is a shame because it is actually a very good anti-virus IMO -
we have been using it since 2005 and never had a single problem with
viruses in that time.
We actually recommend it to our customers as well, despite the injection
problem you mentioned and which I also experienced - maybe time for a
bit of thought...
In any event, here is the ticket number, from their South African
office: [Ticket#2013050910001476]
Regards
Daan
-
Re: ESET AV issue
I'd beg to differ. I got called into to take over the HW support for a
company and found viruses on their server & workstations becuase the
default settings which is how the previous HW support company installed
it. Some malware is not considered to be a virus and thus can get into
a system unhindered then opens up a backdoor for the authors to do what
they like with their system. Malware whilst not technically a virus can
and do open up backdoors onto systems for other bad software, like
making it a botnet for example.
I've hilighted numerous bugs in their software and wrong default
settings which has been relayed back to Romania for them to fix. As I
dont get paid to reports bugs I've stopped reporting them to ESET.
Below is part of one such conversation. Considering Flash & Java were
used in something like 80% of all hack attempts in 2012, the email
reply below from Eset is significant imo.
I also find it funny that ESET UK who sell their own antispam products
for MS Exchange and they use MS Exchange if you look in the email
headers, feel their technology is so superior they use Symantecs
recently purchased Messagelabs anti-spam service. Nothing like faith in
one's own products hey?
http://mxtoolbox.com/SuperTool.aspx?...k&run=toolpage
I've compared Eset's antispam against Messagelabs and messagelabs comes
out tops becuase they can see patterns which can only be seen from a
cloud or peer2peer setup where data is exchanged between all sites. For
example the only way to update the white/black lists in Eset is to stop
the service, update the white/black list then start the service again.
In that time frame an email containing a virus could enter the MS
exchange and you have zero scanning protection. They dont even have an
API to facilitate the white/black list updates for external programs to
use other, you have to write your own code to control the management of
services.
Eset have risen to prominence due to the generous kick backs they give
companies who provide HW support to SME's who resell their products.
Their CPU load on workstations is higher than other AV products I've
reviewed as well, due to customers complaining their workstations have
slowed down.
This is part of a long conversation that I sent to Eset support.
Re the Java virus, I’ll check the strict cleaning option as was using
the ERA program on the server to push a new task in this case a scan
with cleaning enabled to the workstation.
Is there anyway the AV can scan and block these though, we’d rather not
let them into the network and systems in the first place.
And this is what I got back. Its worth noting an AV update typically
contains the automated updated variations of a known or existing virus.
AV companies can take anything from a few months to a few years to
reverse engineer and decide if a program they are suspicious about is
actually considered and defined as a virus. Thats right if I released a
new virus into the world today, it could take them at least a few
months to spot it, its why Stuxnet and others took so long to find and
track down.
----------->8---------------
From: Jonathan Deane [mailto:x@eset.co.uk]
Sent: 13 September 2012 08:21
To: Robot
Subject: RE: ESET Support
The only way to prevent Java exploits is to uninstall Java.
Can you send me an export of your EMSX configuration.
*** It is VERY important that if you reply to this message you include
ALL previous correspondence
Jonathan Deane MCTS, ESET Certified Technician
Technical Team Leader - ESET UK
p: 0845 838 0832 - Opt 3 (Support) f: 0845 838 0834 e:
x@eset.co.uk w: www.eset.co.uk
-
Re: ESET AV issue
Thanks for sharing, Richard!!!
> I've hilighted numerous bugs in their software and wrong
> default settings which has been relayed back to Romania
> for them to fix. As I dont get paid to reports bugs I've
> stopped reporting them to ESET.
Dealing with the ESET Customer Care guys (Bratislava, Slovak Republic) was a
nightmare. I had to give up -- seriously thought about committing suicide.
http://www.lindersoft.com/forums/sho...7142#post67142
Friedrich
-
Re: ESET AV issue
My Norton 360 is finally about to expire. Norton has often annoyed
me, so I was planning change. I figured it would be ESET, but I'm
wondering if there's something "better". What's your take on the
subject?
Mike Hanson
www.boxsoft.net
-
Re: ESET AV issue
So what should I use instead? (Currently on Norton 360, but about to
expire.)
Mike Hanson
www.boxsoft.net