TheNikita

Since the file was analyzed in the LiveGuard sandbox, the single-player game has not launched once. With or without ESET installed, an error always appeared.

Neither disabling protection nor disabling HIPS helped. I even tried disabling LiveGuard - the error still occurs.

Here are the logs with ESET Smart Security Premium installed. essp_logs.zip

As far as I remember, the file being analyzed was marked as safe and was unlocked. By the way, maybe it analyzed not "iw5sp.exe", but the game's launcher itself - "MW3.exe". It was just a few months ago, so I don't remember exactly. But it doesn't change the essence - the analyzed file was marked as safe and after the analysis the single-player game stopped launching. ELC_logs.zip

Hello. 3-4 months ago I decided to try ESET Smart Security Premium product. I used it for a while and then uninstalled it. While using it, I launched the game "Call of Duty: Modern Warfare 3 (2011)", after which ESET LiveGuard proactive protection started analyzing the file "iw5sp.exe" (which is responsible for launching the single-player game) in the cloud. When this analysis finished, the single-player game simply stopped working. At startup I get the following message: "Modern Warfare 3 SP is not correct, please reinstall the game!". I've tried reinstalling it many times, even replacing the "iw5sp.exe" file with another one from the Internet, and nothing. I've tried reinstalling ESET Smart Security Premium - no help, I've tried uninstalling ESET remnants in safe mode with "ESET Uninstaller" - also no result. I copied the game from another computer where it worked - that didn't help either. I turn to you on the forum, since it happened exactly after your antivirus. Can you tell me what I can try to do to restore the single-player mode in the game "Call of Duty: Modern Warfare 3", which was damaged by your antivirus?

Okay, thanks for the clarification!

If I understood you correctly, this is when a malware known to ESET is registered in "Shell". What if the "Shell" contains some malware that is not yet known to ESET? Or, for example, if some program purposely changes the value of "Shell" to, for example, the same "notepad.exe"? In these cases, ESET will simply keep silent, even though it is supposed to restore the default "Shell" value, just like other antiviruses do.

Shouldn't ESET restore the default value whenever "Shell" is changed? For example, if you change "Shell" from "explorer.exe" to "notepad.exe", there must be some reaction to the change of "Shell", right? When I change "Shell", ESET does not react in any way.

Another thing I checked: when you change WinLogon (namely "Shell" and "Userinit") ESET also does not see anything and does not fix it.

Confirmed, I also disabled the task manager through the registry editor, but ESET is silent and does not see anything

Hello! I have a little question. Does ESET fix problems like locked task manager, disabled registry editor, changed WinLogon and so on? For example, Kaspersky Lab products have a special tool that fixes all this. The product from Dr.Web fixes it during a scan (if it finds it). Does ESET fix similar problems? Thank you in advance!

Okay, thank you! Will this technology be added in the future?

Hello! I am interested in one question: Does ESET have a technology to rollback malicious actions of a program (similar to the one in Kaspersky Lab products) whose behavior was deemed as malicious by the deep behavioral check? For example, moving the files created by such a program to quarantine, deleting registry entries associated with it and those created by it, etc. And if there is no such feature, will it be added in the future? Thank you in advance!