Blocked by the PUA blacklist.

[Hijin25 12]

Lately, in some downloads of programs that had been used for a long time, they show blocking alerts from eset, they are blocked by the PUA blacklist. For example:

Time; URL; Status; Application; User; IP Address; SHA1
02-24-2018 02:40:59 PM; https: //download.glarysoft.com; Blocked by the PUA blacklist; C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe; PC -Home \ Hijin; 216.137.41.124; 965951FF9FECED0F518908DC2FF7FEF6BE4550E8

Time; URL; Status; Application; User; IP Address; SHA1
02-24-2018 08:18:48 PM; https: //www.drivethelife.com; Blocked by the PUA blacklist; C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe; PC -Home \ Hijin; 54.183.15.164; 965951FF9FECED0F518908DC2FF7FEF6BE4550E8

However, when making an analysis on virustotal of said blocked pages, the same eset finds them as safe sites.

VirusTotal

What's going on?

[Marcos 4,929]

Most likely you have Win32/UwS.GlaryUtilities and Win32/UwS.DriverTalent extensions installed. Try running a full disk scan with no exclusion set up.

[itman 1,630]

Something strange going on here. The hash for the two downloads are identical. I would say the odds of that happening are next to zip.

Also that hash per VT equates to something named chrome_exe; not chrome.exe.

[Hijin25 12]

23 hours ago, Marcos said:

Most likely you have Win32/UwS.GlaryUtilities and Win32/UwS.DriverTalent extensions installed. Try running a full disk scan with no exclusion set up.

Thank you for responding, I have run a full scan of my system and it comes out clean. Moreover, I have not even been able to install glary utilities, since it was after a format that I wanted to reinstall the program.

13 hours ago, itman said:

Something strange going on here. The hash for the two downloads are identical. I would say the odds of that happening are next to zip.

Also that hash per VT equates to something named chrome_exe; not chrome.exe.

Thanks for answering, but I do not understand what you mean.

[itman 1,630]

10 hours ago, Hijin25 said:

Thanks for answering, but I do not understand what you mean

I assume the downloads from https: //download.glarysoft.com and https: //www.drivethelife.com were for different files. But your Eset log shows the hash value for the files were identical. The only way that can occur is if the file downloads are for the same file.

[Hijin25 12]

6 hours ago, itman said:

I assume the downloads from https: //download.glarysoft.com and https: //www.drivethelife.com were for different files. But your Eset log shows the hash value for the files were identical. The only way that can occur is if the file downloads are for the same file.

That is not because it blocks the page for the same type of threat?

Since it is not that it blocks the file, it blocks the page that leads to the download of the file, the legend appears that the site has been blocked because it may contain potentially dangerous or unwanted applications.

[itman 1,630]

17 minutes ago, Hijin25 said:

That is not because it blocks the page for the same type of threat?

Sort of. Forget my hash comments. Appears Eset uses this generic hash value, 965951FF9FECED0F518908DC2FF7FEF6BE4550E8, for all PUA blacklist detections.

And since it is a blacklist detection, Eset is blocking web site access and not any PUA file download. Both sites must be hosting a lot of crapware for Eset to block the sites outright.

[itman 1,630]

On ‎2‎/‎24‎/‎2018 at 11:25 PM, Marcos said:

Most likely you have Win32/UwS.GlaryUtilities and Win32/UwS.DriverTalent extensions installed. Try running a full disk scan with no exclusion set up.

BTW - I checked those websites in IE11 and received the same PUA alerts.