hellosky11

i contacted escan, here is what they replied, https://www.escanav.com/en/about-us/eScan-update-advisory.asp

so does that means escan antimalware contains the windivert as malicious stuff, and escan is totally relied on bitdefender signatures, so if bitdefender also releases detection for this, that means escan will trigger its own file as malicious, weird

can you please confirm from malware research team directly?

??

Is there any link through which I can send them? I’ve sent 2-3 emails over the past two weeks, and some were detected. Could you reach out to the researchers to find out how to submit them? Alternatively, I can PM you the link to the third-party site with the uploaded samples, and you can share it directly with them.

@Marcos I downloaded and checked various samples from VirusShare, VirusSign, and GitHub. ESET detected a lot of them, but there are still many samples that remain and need to be sent to the malware research team. The number of samples may exceed 1,000. First, I'm not even sure if the malware research team will check them, considering the sources from which the samples were downloaded are well-known across the web. That being said, in the past, I had a conversation with the malware research team and asked if I could use third-party websites like upload.ee, Google Drive, gofile, or WeTransfer. However, they said to send files via email attachments only. As we know, Gmail has a 25 MB attachment limit, and even if ZIP files are password-protected, Google often blocks them due to its advanced algorithms or security measures. The issue here is that sending around 1,000 samples with a 25 MB email attachment limit would result in a huge number of emails to the malware researchers, which is not feasible. I need you to contact the malware research team and ask them for a solution in this case. How should I send them the samples? I understand that email is the preferred method, but considering the volume, an online file-sharing service may be necessary. Thanks!

I still do not receive a response when I send a file to malware research team and they create detection which gets available after 2-3 days, and that is how I come to know! If ML.Augur is reported on a false negative file, you should remove it also!

ESET products detect some samples as 'ML Augur,' which is obviously machine learning-based rather than signature-based. I sent these Augur samples to the malware research team so that, if malicious, they can create signatures, or if not malicious, they can remove the ML detection. They have done this in the past, but they do not respond to the same email as well. @Marcos, to be very frank, why is the ESET malware research team not responding to the samples/hashes they receive? I understand they receive hundreds of sample emails daily, and I wait for more than a week before sending a follow-up email, as stated in your ESET support articles, which you're also aware of. Can you provide a logical explanation for why the malware research team isn’t responding to the samples or hashes they receive? I’m also wondering whether the follow-up email procedure mentioned in your support articles is still valid, as I’ve noticed that even follow-up emails go unanswered. I shared an image earlier showing how many emails I’ve sent to the malware research team, and none of them have been responded to. Please speak freely—does ESET have a limited number of malware researchers? From what I know, in the past, the team consisted of people who worked both as developers and malware researchers, meaning a single person was handling both roles on average.

-- redacted -- You think I'm 'all over the place' just because I'm pointing out two different issues with Eset?! -- redacted -- I've submitted multiple ML samples that Eset fails to detect, and yet they don't do anything about it. -- redacted --

are you telling that antimalware escan has made a pup in there setup!

now, it does not even gets restored, wow!

One of my friends is using eScan antivirus, and ESET is making it hard for him to install it. I know using two antimalware programs is not a good idea, but he still wants to do it. That being said, ESET is detecting the sys file of the eScan installation as a PUP, and due to this, the eScan installation fails. Even if I add the eScan setup to the exclusion list by disabling system protection during installation, ESET detects it again after re-enabling protection. It makes no sense that ESET is detecting components of another antimalware program as PUPs. This detection should be removed; it's really a false positive flagging files of other antimalware programs. No other vendor on VirusTotal detects it except ESET, which clearly indicates it's a false positive. This detection should be removed, as it is incorrectly flagging files of another antimalware program. b591e20101e858d2f1ebc8ac5a59c725693f141b80381d3b1e79f9f5504b0277 https://www.virustotal.com/gui/file/b591e20101e858d2f1ebc8ac5a59c725693f141b80381d3b1e79f9f5504b0277

ML is not an issue, and ML has very false positives too, I have submitted many ML samples to eset malware research team, neither they remove detection for ML, neither they create signature detection for ML, which they should either way.

Doesn't that mean VirusTotal should have more aggressive detection capabilities than the product? If so, under ESET, it should obviously detect malware whether it's detected by the ESET product or not.

why are eset not detecting those hashes, i randomly picked up hashes from github and checked on virustotal and see that others are detecting it even refreshing the virustotal sacn