Can't Remove PUP

[Trooper311 0]

Hi guys,

I have an endpoint that has found a PUP.  ESET is not able to "clean it" so wanted to remove it manually via Programs and Features.  However when we try to do this, it says we do not have permission to do so.

We are running the following.

ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)

ESET Endpoint Security 6.6.2046.0

When we try to override the protection on the endpoint, it works, but still keeps HIPS enabled.  We have domain admins setup to be the only ones able to override, but this is what happens.  Not sure if this is be design, or our policy needs tweaking.

So due to this, we are unable to remove said PUP.  Any advice please?

Also, is there a way to setup an exclusion or rule to allow PUPS that may be found both now and the in the future that we want to allow/whitelist etc?

Thanks in advance.

[Marcos 5,074]

Please post a complete record of the detection (ie. the whole line) from the Detected threats log in Endpoint.

As for HIPS, we do not recommend disabling it as doing so would also disable other crucial protection features, such as Advanced memory scanner, Exploit blocker and Self-defense. A computer restart is needed for HIPS to get disabled.