Super_Spartan
-
Posts
556 -
Joined
-
Last visited
-
Days Won
3
Posts posted by Super_Spartan
-
-
What's weird is, if I scan the ZIP File, NOD32 says it's clean but when I extract it, it says CCleaner.exe and CCleaner64.exe are infected! So how come the scan of the ZIP file said it's clean? 🙄
-
This is the first time ESET detects CCleaner as malware. I submitted this to ESET as a false positive. Using the portable version by the way.
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
29-Apr-20 8:39:25 PM;Real-time file system protection;file;D:\Software\CCleaner\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred during an attempt to access the file by the application: C:\Windows\explorer.exe (C8F083E4B6C60F7BB30F123DDA1ADC30B821F982).;4627B9C1B8CC3218121CB358042D35B74B7D496E;18-Apr-20 2:54:25 AM
29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;C6393C2ABEA0C3EDA4771729D092ED013EF8AD88;29-Apr-20 8:24:11 PM
29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;4627B9C1B8CC3218121CB358042D35B74B7D496E;29-Apr-20 8:24:11 PM
-
3 hours ago, mallard65 said:
Hello.
Why is ESET's excellent Internet Security not tested at av-test.org?
ESET's Endpoint Security is tested by av-test.org.
I find AV-TEST to be heavily biased and their tests make no sense to me. If you sort their results by performance category for example, you will find that 50% of the AVs get a 6/6 score! That is in no way the case as I've tested them all in real life! Kaspersky for example taking 6/6 for performance is a big lie! It is heavy and so is Trend Micro. IMHO they are being paid to publish not very honest results.
I only trust AV-Comparatives. See how great ESET does in terms of performance, they are number 1: https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart4&chart_year=2019&chart_month=10&chart_sort=1&chart_zoom=0
-
I know that screen very well but I never got it. This is where I downloaded that installer from but for some reason now I can't see the download button.
-
29 minutes ago, Marcos said:
1, During installation the installer asks for a license key unless you upgrade an already activated product.
2, Detection exclusions serve to exclude a specific detection triggered on a file, typically PUA. The file is kept scanned and other detections may be triggered on it, e.g. in case it gets infected with a virus. Conversely performance exclusions serve to exclude files that are clean and safe but for some reason cause performance issues when scanned.
Thanks for the explanation. I get number 2 now. But regarding point 1, no sir this is a clean install not an upgrade. I think ESET is now embedding the product key within the installer if you download it from My ESET near the license there is a Download Button.
I am pretty sure because I copy/pasted the product key and was awaiting the point where it would ask me to enter the key or login via My Eset credentials but it didn't unless it actually sensed that key that I copied to the Windows clipboard and used that automatically. Anyway, it's a nice feature IMO I was just curious.
-
I'm an old customer since the days of NOD32 v2 but last year I switched to other products as I was not happy with ESET but decided to give it another try now so I bought a 3 year license for NOD32.
I have a couple of questions:
1) When I installed it using the downloader that I got when I bought it, it didn't ask for a product key and just activated automatically. Is that something new I guess? Pretty neat.
2) What I'm confused about is under exclusions there is performance exclusions and detection exclusions, can someone explain what is performance exclusions? -
On 3/30/2020 at 10:56 PM, TheDeeGee said:
With the recent update "Win32/Packed.AutoIt.UG" was detected as "Win32/Packed.Autoit.NBT" in the same files.
So i lost a bunch of files again and had to update the HASHs... lovely >_>
Never in the 15 years i use NOD32 i had so much hassle with it.
What I usually do is whitelist both folder locations of such programs, one from my source drive which is the partition on my laptop and another for my external backup SSD, never had a problem and then it doesn't matter if the file hash was changed or updated. Does that not work for you?
-
My boss at work has this same issue and I had to disable Email filtering for him. I wish ESET would fix this sluggish performance issue so we don't need to disable it completely.
-
On 7/1/2019 at 10:47 AM, ssmuu said:
Hello! This is my first post in this forum. I recently updated my windows 10 to 1903 version. There is a service called Windows Antimalware Executable that I cannot disable since I have a NOD32 Antivirus software. It uses my %10 cpu all the time. I checked all the policies, services about Windows defender and all seems to be disabled.
Can you help me :(
Even if you disable Windows Defender, it services still run in the background. I always disable them with this reg tweak, it will only work if Windows Defender is disabled which in your case it is.
This is the reg file: Disable Windows Defender.reg
QuoteWindows Registry Editor Version 5.00
;Windows Defender Security Center Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"Start"=dword:00000004;Windows Defender Antivirus Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000004;Windows Defender Antivirus Network Inspection Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc]
"Start"=dword:00000004;Windows Defender Antivirus Network Inspection System Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv]
"Start"=dword:00000004;Windows Defender Advanced Threat Protection Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense]
"Start"=dword:00000004
This is how my Windows Defender services look like:
-
I have both the Pro and Free version of MiniTool Partition Wizard 11.0
The Pro version seems to be clean but ESET detects the free version as a PUP.
Here are the Virus Total results: https://www.virustotal.com/#/file/95dc5fadc420231d05e5106353f9998141e23421f92ac4048c83af5a546b4e0f/detection
Is this really a threat or is it an FP as ESET seems to be the only AV that detects this.
-
I'd never buy a license from eBay no matter what. They are sold to multiple people and sooner or later will be flagged by the ESET Licensing Server and de-activated. You get what you pay for. Only buy from the Official ESET Resellers or website directly or from newegg which sells boxed versions of older years at a very cheap price but they still work and can be activated on the latest version of NOD32
-
10 hours ago, xkajxkajx said:
With all due respect ,the entries I'm talking about are NOT in :
1. HKEY_CLASSES_ROOT\*\shell
or
2. HKEY_CLASSES_ROOT\*\shellex
They are located in
1.HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
2.HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Library Location
Read this one carefully "https://www.howtogeek.com/howto/windows-vista/how-to-clean-up-your-messy-windows-context-menu/
Again, we are not talking about the location of the registry entries. We are talking about " Why do they insist coming back? "
I did uninstall ESET and wait (2 hours booting and rebooting ) to make sure if these entries are coming back or not .Guess what ? they don't.
COULD PLEASE TELL ME WHY ?
I think ESET is restricting MY USER ACCOUNT to delete or modify some registry entries . PROVE ME WRONG .
THNX
Sorry I might have misunderstood you. How can I see this Open Folder Location context menu? I tried right clicking on a folder but can only see "Open in New Window""
also, when doing changes to the registry, you need to disable NOD32 first as it prevents tampering with the registry. Disable NOD32, do the changes that you want then reboot immediately,
-
You can use Winaero Tweaker to edit the context menu items.
Open folder location is a part of Windows and cannot be removed.
-
Hi Marcos,
I suggested to ESET in the past to give us an easier way of whitelisting by allowing us to multi select folders/apps in one shot rather than having to do it one at a time but they never replied to me or implemented it in the latest NOD32.
See how easy it is to add items to the exclusion with checkbox multi selection method. this is just on example of many AVs out there which allow that
-
6 hours ago, Marcos said:
Please gather logs with ESET Log Collector and upload the generated archive here. Only moderators have access to attachments.
Ok, next reinstall I will do this. Thank you.
-
Whenever I import my ESET NOD32 settings after installing it, I get a notification on the bottom right that some parameters were invalid. So I deleted the file and the next time I made a clean install on my system, I created a whole new settings file again using the same version that was previously installed to ensure all the settings will actually match but still, same thing.
Anyone experienced this? I don't have any crazy settings just a few exclusions for both file/folders and a few web application exclusions (for my VPN) and disabling Removable Media auto scanning, enabling potentially unsafe applications, and disabling the NOD32 splash screen. That's it.
-
I cannot activate my ESET NOD32 as well here
-
That did the trick! Thanks a lot Marcos.
-
I just formatted my laptop, installed EIS the first thing then installed Chrome. Then I notice every website I try to visit gives me this error:
NET::ERR_CERT_DATE_INVALID
So I searched for this and the solution was to ensure my system time is updated so I did just that letting Windows update the time from the Windows Time Server then tried again but no luck.
I then cleared my browsing history and cache and still the same.
I was just about to format then just for kicks, I tried excluding Chrome from EIS under Web Protection and what do you know, everything is now working
How go I re-enable the Chrome protection and not have this error?
-
Just wanted to report that I installed Windows 10 Redstone 4 Build 17107 which was just released today as a clean install (not upgrade) and NOD32 v11.0.159.9 is working just fine.
-
1 hour ago, howardagoldberg said:
@Phoenix There you go! Of course stand by, because patch Tuesday starts in 5 minutes!
you are absolutely right man.
Just got KB4074588 which updated by Windows 10 to build 16299.248
-
35 minutes ago, howardagoldberg said:
@Phoenix There must be another issue at play, and I suspect it is this: To get the .192 build that was released in early January that started the Spectre/Meltdown patching madness, you had to have a registry key set by an AV vendor or manually, otherwise the update would not be pulled by Microsoft (see MS's own notes on this). In order to get builds released beginning in January 2018, at least that key needs to be set. You may need to let Defender do its thing for a bit (update definition, etc.), or enter the key yourself.
Otherwise, install ESET. Make sure you get the latest AV and anti-stealth modules (as detailed in this thread), which update the needed registry keys, and try to pull the updates again.
That's your issue :-) With a new install today, I would actually expect the exact behavior you described (as annoying as that behavior is).
ESET has already acknowledged that there was an issue which was resolved with the anti-stealth module that was released this morning.
Ok I installed NOD32 and rebooted and was immediately offered KB4074595 and KB4058258 which to my build up to 16299.214
-
I just formatted my laptop and didn't install NOD32, the latest updates offered were only up to 16299.125 so something is going on with Microsoft ESET has nothing to do with this.
-
I have two Samsung 960 PRO 2TB SSDs in RAID 0
Here are my tests
With the AV Enabled:
With the AV Disabled
Yes there is a difference but it's very small not like how bad as you mentioned.
False positive ?
in Malware Finding and Cleaning
Posted
I updated my virus signature and it's still being detected
Detection Engine: 21247 (20200429) Rapid Response module: 16159 (20200429) Update module: 1021 (20200218) Antivirus and antispyware scanner module: 1561 (20200326) Advanced heuristics module: 1198 (20200316) Archive support module: 1301 (20200403) Cleaner module: 1208 (20200319) Anti-Stealth support module: 1161 (20200306) ESET SysInspector module: 1276 (20200217) Translation support module: 1796 (20200421) HIPS support module: 1388 (20200331) Internet protection module: 1395 (20200331) Database module: 1110 (20190827) Configuration module (39): 1866 (20200401) LiveGrid communication module: 1061 (20200402) Specialized cleaner module: 1014 (20200129) Rootkit detection and cleaning module: 1019 (20170825) Network protection module: 1682 (20190801) Script scanner module: 1070 (20200406) Cryptographic protocol support module: 1042 (20200227) Deep behavioral inspection support module: 1091 (20200211) Advanced Machine Learning module: 1058 (20200401) Telemetry module: 1059 (20200204) Security Center integration module: 1020.1 (20200313)