nod32user 0 Posted October 17, 2013 Share Posted October 17, 2013 Hello all, I just updated to NOD32 AV 7.0.302.0 yesterday from 5.2.15.2 on Windows 7 Ultimate 64-bit. Uninstalled the program using the normal uninstaller and then just to be sure rebooted into Safe Mode and ran the cleanup utility. Overall happy with 7.x so far except for a couple of niggling issues that I hope someone can help me with: 1) Every time I clear the logs or do something similar (using an admin account BTW) a UAC prompt for ESET Elevated Client pops up. Can't even begin to tell you just how irritating this is! Simple log cleaning shouldn't require further elevation and indeed, neither NOD32 AV 4.x nor 5.x ever exhibited such behavior. How do I turn this off? 2) The initial scan and a second full scan of my system showed no threats, yet strangely under Tools it says Number of quarantined objects: 1. However when I open Quarantine it shows nothing! This has never happened before. According to a post on the Wilders Security Forum I should be looking for an encrypted .NDF or .NQF file under %AppData%\ESET\ESET NOD32 Antivirus\Quarantine or perhaps %LocalAppData%\ESET\ESET NOD32 Antivirus\Quarantine. I have searched C:\Users and indeed the entire C: partition but no such files exist anywhere. Has the extension for quarantined files been changed in 7.x? How can I get rid of this ghostly quarantined file? Thanks Link to comment Share on other sites More sharing options...
ESET Insiders PodrskaNORT 17 Posted October 18, 2013 ESET Insiders Share Posted October 18, 2013 @nod32user 1) Try with this: hxxp://download.eset.com/manuals/eset_eav_7_userguide_enu.pdf -> 4.5.4 Access setup "Require full administrator rights..." Tomo Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted October 18, 2013 Administrators Share Posted October 18, 2013 Yes, that's it. If EAV is configured to require full administrator rights to perform tasks requiring them, then UAC will prompt you when such an action is attempted (indicated by a shield in a button). Disabling this option will disable UAC prompts. As for quarantine files, neither the format nor file extensions have changed. Do you see the gui reporting 1 file in quarantine even after a computer restart? Link to comment Share on other sites More sharing options...
nod32user 0 Posted October 18, 2013 Author Share Posted October 18, 2013 (edited) Yes, that's it. If EAV is configured to require full administrator rights to perform tasks requiring them, then UAC will prompt you when such an action is attempted (indicated by a shield in a button). Disabling this option will disable UAC prompts. Thanks (to PodrskaNORT too), I'll try turning off Advanced setup > User interface > Access setup > Require full administrator rights for limited administrator accounts and get back to you if it doesn't help. As for quarantine files, neither the format nor file extensions have changed. Do you see the gui reporting 1 file in quarantine even after a computer restart? Yes, multiple restarts and cold boot too but no change. UI keeps showing 1 ghost file in Quarantine. Where is this count stored? Registry? Perhaps I can reset it to zero and see if that helps. Edited October 18, 2013 by nod32user Link to comment Share on other sites More sharing options...
nod32user 0 Posted October 22, 2013 Author Share Posted October 22, 2013 So Marcos, I'll try my luck again... Where is the Quarantine count stored? I would like to tinker with it and see if it solves this issue. Can you please help? Link to comment Share on other sites More sharing options...
ESET Insiders stackz 115 Posted October 22, 2013 ESET Insiders Share Posted October 22, 2013 Have a look for: C:\Users\[user name]\AppData\Local\ESET\ESET Smart Security\Quarantine\INFO.NQI Link to comment Share on other sites More sharing options...
ESET Insiders PodrskaNORT 17 Posted October 22, 2013 ESET Insiders Share Posted October 22, 2013 @nod32user Can you try to deliberately quarantinte one file (eicar, for example) and then empty the quarantine? Maybe that will reset counter... I can not reproduce the problem so I could not test this theory, but this little trick works with Recycle Bin in Windows, maybe it would work here, too :-) Tomo Link to comment Share on other sites More sharing options...
Arakasi 549 Posted October 22, 2013 Share Posted October 22, 2013 Lol the recycle bin bug. Been a while since i seen that. Link to comment Share on other sites More sharing options...
nod32user 0 Posted October 23, 2013 Author Share Posted October 23, 2013 Have a look for: C:\Users\[user name]\AppData\Local\ESET\ESET Smart Security\Quarantine\INFO.NQI Here's the content of C:\Users\UserName\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine\INFO.NQI: I don't see any values there, just an "EQIF" header. I tried deleting this file and rebooting but no change. @nod32user Can you try to deliberately quarantinte one file (eicar, for example) and then empty the quarantine? Maybe that will reset counter... I can not reproduce the problem so I could not test this theory, but this little trick works with Recycle Bin in Windows, maybe it would work here, too :-) Tomo Count Before: Adding File to Quarantine: Count After: Unfortunately, after deleting the quarantined file the count's now back at 1. So... any more ideas? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted October 28, 2013 Administrators Share Posted October 28, 2013 Try creating a batch file with the following content (e.g. getquar.bat) and run it then: @echo off for /r c:\users %%a in (*.n?f) do echo %%a && copy "%%a" c:\quarantine && goto eof Finally check the content of the c:\quarantine folder to see if it contains some files. Link to comment Share on other sites More sharing options...
linsj 0 Posted April 20, 2014 Share Posted April 20, 2014 I have the same ghost file problem in quarantine. The quarantined objects number shows 1, but none are listed. I checked the c:\user... line above and found this file in the quarantine folder: info.nqi. Should I delete it or leave it? Link to comment Share on other sites More sharing options...
Fanzine 0 Posted October 29, 2014 Share Posted October 29, 2014 Problem solved. I found several hidden accounts with an ESET folder in them. I deleted all those folders. I removed ESET completly. Then went into safe mode used the clean up tool. Searched for any traces of ESET. Rebooted back to normal and re-installed. No more left over quarantined files left in the log window. Thanks again. Make sure to show all hidden files and folders. Go into your user document folders and look look at all the user accounts and remove all ESET folders they will be hidden under application data and or local settings application files. look deep into all user accounts. Link to comment Share on other sites More sharing options...
Dracula 0 Posted April 22, 2015 Share Posted April 22, 2015 #1.C:\Users\Scipio_A\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine\ [hidden files] #2. delete all files .NQF and .NDF #3. restart PC. Enjoy ! Link to comment Share on other sites More sharing options...
linsj 0 Posted April 23, 2015 Share Posted April 23, 2015 I don't have any .NQF or .NDF files in quarantine, only INFO.NQI. Quarantine still shows the ghostly 1 but no files. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted April 23, 2015 Administrators Share Posted April 23, 2015 I don't have any .NQF or .NDF files in quarantine, only INFO.NQI. Quarantine still shows the ghostly 1 but no files. Search the whole c: drive for *.nqi and *.ndf files. Link to comment Share on other sites More sharing options...
Recommended Posts