Jump to content

Mr.Wong

Members
  • Content Count

    22
  • Joined

  • Last visited

Posts posted by Mr.Wong

  1. 1 hour ago, Rami said:

    Lightshot installer has somekind of a toolbar that I never encountered , so you get a false positive only on the installer not on the application itself.

    Weird. I never see any toolbar or bundle in the app. Is it try to stealth install them junks?

     

    1 hour ago, Marcos said:

    It's not a false positive:

    setup-lightshot.exe\INNO\{tmp}\downloader.exe    Win32/Bundled.Toolbar.Yandex potentially unsafe application

    Other files in the installer also show that there's a Yandex toolbar bundled:

    elements-eula-tr.rtf         
    yandex_browser_setup_ru.bmp  
    downloader.exe               
    browser-page-ru.rtf          
    yandex_logo_en.bmp           
    elements-eula-ru.rtf         
    browser-elements-eula-tr.rtf
    browser-page-tr.rtf          
    setupupdater.exe             
    yandex_logo_ru.bmp           
    browser-elements-eula-ru.rtf
    browser-eula-tr.rtf          
    browser-eula-ru.rtf          
    yandex_browser_setup_tr.bmp  

    PUsA detection is optional and is disabled by default. If one needs to use a particular application detected as PUsA, he or she should exclude it from detection by the detection name.

    As for the CPU-Z driver, it's not detected at VT because VT doesn't use real-time protection but on-demand scanners to scan files. In this particular case it makes a difference.

    May I ask where you find those files you listed? I am curious though because I used this tool in the past for more than a year and just reinstalled it on my secondary machine with ESET as well and got flagged too, but I don't see any toolbar or bundle in the installer app. Is it try to stealth install them junks?

  2. 7 hours ago, Marcos said:

    The detection is correct, the said drivers are detected as a potentially unsafe application which is an optional detection and is disabled by default. CPU-Z had vulnerable drivers.

    But VT on that CPU-Z file is clean, and even ESET confirmed clean on VT.

    What about the lightshot app from the web url detection? Is it a false positive?

  3. Hello. I think these two detections are false positives.

    Capture.thumb.JPG.0bd632c97341bb8fb6054f6baf708e6e.JPG

    1) the file attached below and VT here: https://www.virustotal.com/gui/file/53fc9866b51dfbc0516436a1d6cc0789749f83fcd8ae84d6205595e7e20e1370/detection

    It is file associate with CPU-Z app.

    New Compressed (zipped) Folder.zip

    2) The second is lightshot that I used in the past, and it is safe so why flagged as a threat now? I can't install lightshot app. Site VT here: https://app.prntscr.com/en/index.html

     

  4. 14 hours ago, Rami said:

    Did you try using an adblocker?

     

    11 hours ago, SeriousHoax said:

    Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

    I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.

  5. 8 hours ago, Marcos said:

    A Procmon log created during a scan might shed more light. Start logging at least a couple of seconds before you run a scan.

    I got the log and I let it log while running a scan, and stop it when the scan it finished. I will send you my log via PM. However, I can't send it to you because it is over 100MB. The log file size is 1.85GB. 

  6. 6 hours ago, Marcos said:

    A Procmon log created during a scan might shed more light. Start logging at least a couple of seconds before you run a scan.

    How to do that? 

    1 hour ago, itman said:

    Do they?

    I believe a number of AV vendors do not display files in their log file's they cannot scan due to OS file locking. This would give one the impression that the files Eset shows as non-scannable were indeed scanned.  Personally, I don't know why Eset does not do likewise since this issue keeps appearing in the forum with regular frequency.

    They scanned fine. 

     

    1 hour ago, Rami said:

    I think it's better in terms of monitoring the scan , what was scanned and what was not , whether it was locked or something else, maybe adding a feature to hide them from the scanlog by default might help.

    Yeah....

  7. 50 minutes ago, itman said:

    The simple answer to this scanning issue is certain files; OS based, certain Microsoft applications, etc.. are preventing read access to those files. The only way Eset could scan these files is if it changed file access permissions so it could access those files. This is something Eset and no other security vendor for that matter is going to do. Nor is it something they should do since the possibility of a "bork" in doing so is high not to say the impact on overall scanning times which would be considerable. 

     

    2 hours ago, Marcos said:

    If ESET cannot scan certain files, then any possible malware would not be able to modify them either,

    I can't tell if my system is safe or not if I see more than 100 files that ESET skipped because it can't be open than there is something wrong with it. Kaspersky and Bitdefender scan them fine with no problem. 

  8. 7 hours ago, Marcos said:

    Please refer to https://support.eset.com/kb2155/ for clarification.

    The files are either inaccessible in your account (e.g. if you do not run a scan as an administrator) or they are exclusively used by the operating system and are unavailable to other applications.

    I ran the scan as the admin, and I am still getting " Unable to open files " on over 100 files on my C drive, and you are telling me ESET has no idea whether these files are safe or not?! I feels like 75% of my C drive only got scan and the other 25% ESET has no idea. 

×
×
  • Create New...