Super_Spartan

I updated my virus signature and it's still being detected Detection Engine: 21247 (20200429) Rapid Response module: 16159 (20200429) Update module: 1021 (20200218) Antivirus and antispyware scanner module: 1561 (20200326) Advanced heuristics module: 1198 (20200316) Archive support module: 1301 (20200403) Cleaner module: 1208 (20200319) Anti-Stealth support module: 1161 (20200306) ESET SysInspector module: 1276 (20200217) Translation support module: 1796 (20200421) HIPS support module: 1388 (20200331) Internet protection module: 1395 (20200331) Database module: 1110 (20190827) Configuration module (39): 1866 (20200401) LiveGrid communication module: 1061 (20200402) Specialized cleaner module: 1014 (20200129) Rootkit detection and cleaning module: 1019 (20170825) Network protection module: 1682 (20190801) Script scanner module: 1070 (20200406) Cryptographic protocol support module: 1042 (20200227) Deep behavioral inspection support module: 1091 (20200211) Advanced Machine Learning module: 1058 (20200401) Telemetry module: 1059 (20200204) Security Center integration module: 1020.1 (20200313)

What's weird is, if I scan the ZIP File, NOD32 says it's clean but when I extract it, it says CCleaner.exe and CCleaner64.exe are infected! So how come the scan of the ZIP file said it's clean? 🙄

This is the first time ESET detects CCleaner as malware. I submitted this to ESET as a false positive. Using the portable version by the way. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 29-Apr-20 8:39:25 PM;Real-time file system protection;file;D:\Software\CCleaner\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred during an attempt to access the file by the application: C:\Windows\explorer.exe (C8F083E4B6C60F7BB30F123DDA1ADC30B821F982).;4627B9C1B8CC3218121CB358042D35B74B7D496E;18-Apr-20 2:54:25 AM 29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;C6393C2ABEA0C3EDA4771729D092ED013EF8AD88;29-Apr-20 8:24:11 PM 29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;4627B9C1B8CC3218121CB358042D35B74B7D496E;29-Apr-20 8:24:11 PM

I find AV-TEST to be heavily biased and their tests make no sense to me. If you sort their results by performance category for example, you will find that 50% of the AVs get a 6/6 score! That is in no way the case as I've tested them all in real life! Kaspersky for example taking 6/6 for performance is a big lie! It is heavy and so is Trend Micro. IMHO they are being paid to publish not very honest results. I only trust AV-Comparatives. See how great ESET does in terms of performance, they are number 1: https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart4&chart_year=2019&chart_month=10&chart_sort=1&chart_zoom=0

I know that screen very well but I never got it. This is where I downloaded that installer from but for some reason now I can't see the download button.

Thanks for the explanation. I get number 2 now. But regarding point 1, no sir this is a clean install not an upgrade. I think ESET is now embedding the product key within the installer if you download it from My ESET near the license there is a Download Button. I am pretty sure because I copy/pasted the product key and was awaiting the point where it would ask me to enter the key or login via My Eset credentials but it didn't unless it actually sensed that key that I copied to the Windows clipboard and used that automatically. Anyway, it's a nice feature IMO I was just curious.

I'm an old customer since the days of NOD32 v2 but last year I switched to other products as I was not happy with ESET but decided to give it another try now so I bought a 3 year license for NOD32. I have a couple of questions: 1) When I installed it using the downloader that I got when I bought it, it didn't ask for a product key and just activated automatically. Is that something new I guess? Pretty neat.2) What I'm confused about is under exclusions there is performance exclusions and detection exclusions, can someone explain what is performance exclusions?

What I usually do is whitelist both folder locations of such programs, one from my source drive which is the partition on my laptop and another for my external backup SSD, never had a problem and then it doesn't matter if the file hash was changed or updated. Does that not work for you?

My boss at work has this same issue and I had to disable Email filtering for him. I wish ESET would fix this sluggish performance issue so we don't need to disable it completely.

Even if you disable Windows Defender, it services still run in the background. I always disable them with this reg tweak, it will only work if Windows Defender is disabled which in your case it is. This is the reg file: Disable Windows Defender.reg This is how my Windows Defender services look like:

I have both the Pro and Free version of MiniTool Partition Wizard 11.0 The Pro version seems to be clean but ESET detects the free version as a PUP. Here are the Virus Total results: https://www.virustotal.com/#/file/95dc5fadc420231d05e5106353f9998141e23421f92ac4048c83af5a546b4e0f/detection Is this really a threat or is it an FP as ESET seems to be the only AV that detects this.

I'd never buy a license from eBay no matter what. They are sold to multiple people and sooner or later will be flagged by the ESET Licensing Server and de-activated. You get what you pay for. Only buy from the Official ESET Resellers or website directly or from newegg which sells boxed versions of older years at a very cheap price but they still work and can be activated on the latest version of NOD32

Sorry I might have misunderstood you. How can I see this Open Folder Location context menu? I tried right clicking on a folder but can only see "Open in New Window"" also, when doing changes to the registry, you need to disable NOD32 first as it prevents tampering with the registry. Disable NOD32, do the changes that you want then reboot immediately,

You can use Winaero Tweaker to edit the context menu items. Open folder location is a part of Windows and cannot be removed.

Hi Marcos, I suggested to ESET in the past to give us an easier way of whitelisting by allowing us to multi select folders/apps in one shot rather than having to do it one at a time but they never replied to me or implemented it in the latest NOD32. See how easy it is to add items to the exclusion with checkbox multi selection method. this is just on example of many AVs out there which allow that

Ok, next reinstall I will do this. Thank you.

Whenever I import my ESET NOD32 settings after installing it, I get a notification on the bottom right that some parameters were invalid. So I deleted the file and the next time I made a clean install on my system, I created a whole new settings file again using the same version that was previously installed to ensure all the settings will actually match but still, same thing. Anyone experienced this? I don't have any crazy settings just a few exclusions for both file/folders and a few web application exclusions (for my VPN) and disabling Removable Media auto scanning, enabling potentially unsafe applications, and disabling the NOD32 splash screen. That's it.

I cannot activate my ESET NOD32 as well here

That did the trick! Thanks a lot Marcos.

I just formatted my laptop, installed EIS the first thing then installed Chrome. Then I notice every website I try to visit gives me this error: NET::ERR_CERT_DATE_INVALID So I searched for this and the solution was to ensure my system time is updated so I did just that letting Windows update the time from the Windows Time Server then tried again but no luck. I then cleared my browsing history and cache and still the same. I was just about to format then just for kicks, I tried excluding Chrome from EIS under Web Protection and what do you know, everything is now working How go I re-enable the Chrome protection and not have this error?

Just wanted to report that I installed Windows 10 Redstone 4 Build 17107 which was just released today as a clean install (not upgrade) and NOD32 v11.0.159.9 is working just fine.

you are absolutely right man. Just got KB4074588 which updated by Windows 10 to build 16299.248

Ok I installed NOD32 and rebooted and was immediately offered KB4074595 and KB4058258 which to my build up to 16299.214

I just formatted my laptop and didn't install NOD32, the latest updates offered were only up to 16299.125 so something is going on with Microsoft ESET has nothing to do with this.

I have two Samsung 960 PRO 2TB SSDs in RAID 0 Here are my tests With the AV Enabled: With the AV Disabled Yes there is a difference but it's very small not like how bad as you mentioned.