TheDeeGee

With the recent update "Win32/Packed.AutoIt.UG" was detected as "Win32/Packed.Autoit.NBT" in the same files. So i lost a bunch of files again and had to update the HASHs... lovely >_> Never in the 15 years i use NOD32 i had so much hassle with it.

I only ended up exluding the files, not the entire PUA. So any future treats of the AutoIt are still being detected.

Aaaah now i see. It's the one from the second line, not the actual HASH from the program itself. And to confirm, yes they're cracked programs. It's just that the source they come is a trusted one, since it's a very small community i been part of for a long time. Don't worry, i actually pay for my NOD32 License. As i said, i been using it for atleast 15 years now 😁

Yeah, i'd rather be able to exclude the 3 files i have. I don't feel comfortable whitelisting the AutoIt for my entire system. Bit of a shame that whitelisting files is so cumbersome in NOD32. Guess i'll keep digging the internet until i find a way on how to Marcos made that SHA1 HASH.

Yes, the same "Win32/Packed.AutoIt.UG". I had these files for quite a while and they never caused any problems for NOD32.

Hopefully Marcos can share some more information about this, because there are two other files like that, that also need to be excluded.

Actually it does work, but how did you get the SHA1 HASH from that file? Whenever i check it with Powershell it outputs a different code.

Sadly that doesn't work for the said file. It get's detected and deleted shortly after it's being copied outside it's safe zone. Right now i settled with this, it seems to be the easiest way to deal with it:

Yeah, that doesn't work because NOD32 detects the PUA.

Is this what you're looking for? That's what shows up in the log files after i copy the file from it's excluded place to my desktop for example. This didn't happen until, well... yesterday when i was going to backup my files, which i do monthly.

I just wish it was possible to exclude a single file from the entire scanning process, regardless of location on the system.

I tried adding the PUA to the exclusions, but then the files still get deleted when copied elsewhere. The PUA in question is "Win32/Packed.AutoIt.UG". It must have been added to the database recently, because it never acted like this. The only solution i found so far is adding every single location i often copy these files to to the exclusion list.

I'm trying to exclude a couple of unattended installers from being detected and deleted, but without luck so far. I have added the said files in the exclusion lists at 4 different locations, in Detection Engine, Real-Time and HIPS. But whenever i copy and paste the file to another location it get's caught and deleted. I even added the SHA1 HASHes, but that doesn't seem to work either. The only option seems to be disabling the entire Antivirus while doing backups and moving files around, which is not a good solution. I have been using ESET NOD32 Antivirus for almost 15 years and never had this issue before.