blackbird7 0 Posted January 28, 2018 Share Posted January 28, 2018 I am currently running ESET Internet Security 11.0.159.0, and I have two file exclusions that previously prevented ESET from removing them. However, they are no longer being excluded from my computer scans. Whenever I open an application that uses the excluded file, it is quarantined. No matter how many times I right click "restore and exclude ...", it is detected and removed again. Any thoughts as to what I can do? Should I try a fresh reinstall of ESET? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 28, 2018 Administrators Share Posted January 28, 2018 Please provide: - a screen shot of your exclusion list - a complete record of the detection from the Detected threats log Link to comment Share on other sites More sharing options...
blackbird7 0 Posted January 28, 2018 Author Share Posted January 28, 2018 Hi Marcos, I decided to just reinstall ESET, and I no longer experience this issue. Thank you. Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted January 30, 2018 Share Posted January 30, 2018 (edited) On 01/28/2018 at 2:21 PM, Marcos said: Please provide: - a screen shot of your exclusion list - a complete record of the detection from the Detected threats log I can confirm this issue on version 11.0.159.0 EIS if you specify both the path and threat type (like the one auto-generated by selecting exclude threat in the threat prompt), the exclusion will not work if you only specify the path (enable "exclude all threats"), the exclusion will work Edited January 30, 2018 by 0xDEADBEEF Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 30, 2018 Administrators Share Posted January 30, 2018 3 hours ago, 0xDEADBEEF said: if you specify both the path and threat type (like the one auto-generated by selecting exclude threat in the threat prompt), the exclusion will not work if you only specify the path (enable "exclude all threats"), the exclusion will work Please provide a screen shot of the exclusion list. Is the detection name prepended with "@NAME="? You can also try excluding a potentially unwanted or unsafe application right from the yellow alert window upon detection. Also note that this only works for pot. unwanted and unsafe applications, not for malware detections. Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted January 30, 2018 Share Posted January 30, 2018 6 hours ago, Marcos said: Please provide a screen shot of the exclusion list. Is the detection name prepended with "@NAME="? You can also try excluding a potentially unwanted or unsafe application right from the yellow alert window upon detection. Also note that this only works for pot. unwanted and unsafe applications, not for malware detections. well, the entry shown in the attached screenshot is the one created by the yellow alert window. But I still get yellow prompt after adding this exclusion Link to comment Share on other sites More sharing options...
E7ak9fIEfB 0 Posted January 30, 2018 Share Posted January 30, 2018 (edited) Signed up just to confirm that I face the exact same issue as described by 0xDEADBEEF 21 hours ago, 0xDEADBEEF said: if you specify both the path and threat type (like the one auto-generated by selecting exclude threat in the threat prompt), the exclusion will not work if you only specify the path (enable "exclude all threats"), the exclusion will work Exactly this. This problem only showed up recently Edit: I too, am running an upgraded ESET instead of one that was freshly installed. Edited January 31, 2018 by E7ak9fIEfB More information added. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 30, 2018 Administrators Share Posted January 30, 2018 3 hours ago, 0xDEADBEEF said: well, the entry shown in the attached screenshot is the one created by the yellow alert window. But I still get yellow prompt after adding this exclusion Please provide a complete record from the Detected threats log. Is the file detected upon an attempt to launch it or when copying it to the same location? I was unable to reproduce it. Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted January 30, 2018 Share Posted January 30, 2018 (edited) 1 hour ago, Marcos said: Please provide a complete record from the Detected threats log. Is the file detected upon an attempt to launch it or when copying it to the same location? I was unable to reproduce it. OK so I successfully reproduce it on another machine running the same EIS version on same type of system (Windows 10 x64). My steps: 1) disable EIS and download bitcomet installer from official website 2) enable EIS protection, copy the installer to some path (in my case, D:\c\bitcomet_setup.exe) This will trigger ESET yellow prompt 3) select "Exclude from Detection" and click ignore A rule is confirmed to be added to the exclusion list with correct path 4) simply right click the file again, the yellow prompt shows again Detection log: Quote Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 01/30/2018 1:37:13 PM;Real-time file system protection;file;D:\c\bitcomet_setup.exe;Win32/InstallCore.Gen.A potentially unwanted application;cleaned by deleting;Machine\User;Event occurred during an attempt to access the file by the application: C:\Windows\explorer.exe (1C975DFA73F8C9389975A2ECE34AD74B165DD1C6).;6BDFD84B166038D76E5C5ECAF0A1AB5F8D6B4EFE;01/30/2018 1:35:49 PM The similarity of the two machines I reproduced the issue is that they both run ESET upgraded from a previous v11 version, instead of a fresh install. As indicated by the original author of this thread, he/she got rid of this issue after a fresh reinstall. So perhaps this is a factor you need to consider. Edited January 30, 2018 by 0xDEADBEEF Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 31, 2018 Administrators Share Posted January 31, 2018 Please check the attached video and find out what you did differently. exclusion.rar Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted January 31, 2018 Share Posted January 31, 2018 4 hours ago, Marcos said: Please check the attached video and find out what you did differently. exclusion.rar The only difference is I selected "Exclude from detection" while the video has "Exclude signature from detection" selected Selecting "Exclude from detection" will add a rule specifying both the path and the threat type, while selection "Exclude signature from detection" specifies the threat type only. If I select "Exclude signature from detection", the exclusion works I also tried to modify the working rule generated by selecting "Exclude signature from detection". I tried to modify the path wildcard "*" into a specific path like "D:\*" and the exclusion no longer works. Generally I feel like the exclusion will work if you specify either the path or the threat type, but will not work if you specify both. Let me know if you need more information. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted February 1, 2018 Administrators Share Posted February 1, 2018 This turned out to be a known issue which was fixed in December and a fix will be included in v11.1 which is going to be released soon. Link to comment Share on other sites More sharing options...
Fil 0 Posted March 5, 2018 Share Posted March 5, 2018 (edited) @0xDEADBEEF thanks a lot. I was getting sooo frustrated by new v11 version (11.0.159.9 as of now) as since I upgraded from v10 exclusions wasn't working 95% of times. I thought they just decided to ignore user request for exclusion if it is coin miner...When I checked exclusion list in settings there were multiple entries for the same file. What fixed it, was to edit existing rule and remove threat type as you said. Thanks. @Marcos what exactly soon means? we are plus one month... EDIT: also why some threats cannot be excluded? Just found some Trojan threat (red window) and exclude options are greyed out. What are you trying to do? Prevent us to use our computers the way we want? Edited March 5, 2018 by Fil Link to comment Share on other sites More sharing options...
Recommended Posts