Hijin25 12 Posted February 25, 2018 Share Posted February 25, 2018 Lately, in some downloads of programs that had been used for a long time, they show blocking alerts from eset, they are blocked by the PUA blacklist. For example: Time; URL; Status; Application; User; IP Address; SHA1 02-24-2018 02:40:59 PM; https: //download.glarysoft.com; Blocked by the PUA blacklist; C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe; PC -Home \ Hijin; 216.137.41.124; 965951FF9FECED0F518908DC2FF7FEF6BE4550E8 Time; URL; Status; Application; User; IP Address; SHA1 02-24-2018 08:18:48 PM; https: //www.drivethelife.com; Blocked by the PUA blacklist; C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe; PC -Home \ Hijin; 54.183.15.164; 965951FF9FECED0F518908DC2FF7FEF6BE4550E8 However, when making an analysis on virustotal of said blocked pages, the same eset finds them as safe sites. VirusTotal What's going on? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,929 Posted February 25, 2018 Administrators Share Posted February 25, 2018 Most likely you have Win32/UwS.GlaryUtilities and Win32/UwS.DriverTalent extensions installed. Try running a full disk scan with no exclusion set up. Link to comment Share on other sites More sharing options...
itman 1,630 Posted February 25, 2018 Share Posted February 25, 2018 Something strange going on here. The hash for the two downloads are identical. I would say the odds of that happening are next to zip. Also that hash per VT equates to something named chrome_exe; not chrome.exe. Link to comment Share on other sites More sharing options...
Hijin25 12 Posted February 26, 2018 Author Share Posted February 26, 2018 23 hours ago, Marcos said: Most likely you have Win32/UwS.GlaryUtilities and Win32/UwS.DriverTalent extensions installed. Try running a full disk scan with no exclusion set up. Thank you for responding, I have run a full scan of my system and it comes out clean. Moreover, I have not even been able to install glary utilities, since it was after a format that I wanted to reinstall the program. 13 hours ago, itman said: Something strange going on here. The hash for the two downloads are identical. I would say the odds of that happening are next to zip. Also that hash per VT equates to something named chrome_exe; not chrome.exe. Thanks for answering, but I do not understand what you mean. Link to comment Share on other sites More sharing options...
itman 1,630 Posted February 26, 2018 Share Posted February 26, 2018 10 hours ago, Hijin25 said: Thanks for answering, but I do not understand what you mean I assume the downloads from https: //download.glarysoft.com and https: //www.drivethelife.com were for different files. But your Eset log shows the hash value for the files were identical. The only way that can occur is if the file downloads are for the same file. Link to comment Share on other sites More sharing options...
Hijin25 12 Posted February 26, 2018 Author Share Posted February 26, 2018 6 hours ago, itman said: I assume the downloads from https: //download.glarysoft.com and https: //www.drivethelife.com were for different files. But your Eset log shows the hash value for the files were identical. The only way that can occur is if the file downloads are for the same file. That is not because it blocks the page for the same type of threat? Since it is not that it blocks the file, it blocks the page that leads to the download of the file, the legend appears that the site has been blocked because it may contain potentially dangerous or unwanted applications. Link to comment Share on other sites More sharing options...
itman 1,630 Posted February 26, 2018 Share Posted February 26, 2018 17 minutes ago, Hijin25 said: That is not because it blocks the page for the same type of threat? Sort of. Forget my hash comments. Appears Eset uses this generic hash value, 965951FF9FECED0F518908DC2FF7FEF6BE4550E8, for all PUA blacklist detections. And since it is a blacklist detection, Eset is blocking web site access and not any PUA file download. Both sites must be hosting a lot of crapware for Eset to block the sites outright. Link to comment Share on other sites More sharing options...
itman 1,630 Posted February 26, 2018 Share Posted February 26, 2018 On 2/24/2018 at 11:25 PM, Marcos said: Most likely you have Win32/UwS.GlaryUtilities and Win32/UwS.DriverTalent extensions installed. Try running a full disk scan with no exclusion set up. BTW - I checked those websites in IE11 and received the same PUA alerts. Link to comment Share on other sites More sharing options...
Recommended Posts