Jump to content

amtso.org CloudCar testfile not detected - any advice please

Jez
 Share
Go to solution Solved by Jez,

Recommended Posts

Jez

Jez 1

Posted
Posted

Hi,

 

I have ESS 7 installed and have just run the AMTSO tests against my system.

 

ESET passed all tests thrown at it, with just one exception failing the CloudCar testfile download test.

 

The AMTSO page gives the following advice:

 

"If you are able to download this file successfully, your Anti-Malware Cloud Lookup solution is NOT configured correctly."

 

I cannot see any reference to cloud lookup settings in ESS.

 

AMTSO shows that ESET is a partner and that if any tests are failed to seek advice from the vendors support forums, hence this request:

 

Could anone tell me which setting(s) I should adjust to correct this?

 

Many thanks in advance.

 

Jez

Link to comment
Share on other sites
Arakasi

Arakasi 549

Posted
Posted

Can you consistently reproduce the download successfully ?

 

I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26

 

post-1101-0-64525100-1388619431_thumb.jpg

post-1101-0-64315800-1388619442_thumb.jpg

Link to comment
Share on other sites
Jez

Jez 1

Posted
  • Author
Posted

Can you consistently reproduce the download successfully ?

 

I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26

Hi Arakasi, Thanks for replying.

 

Yes I have tried it three or four times and it just downloads with no warning generated. All other AMTSO tests were detected perfectly.

 

Jez

Link to comment
Share on other sites
Jez

Jez 1

Posted
  • Author
Posted

 

Can you consistently reproduce the download successfully ?

 

I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26

Hi Arakasi, Thanks for replying.

 

Yes I have tried it three or four times and it just downloads with no warning generated. All other AMTSO tests were detected perfectly.

 

Jez

 

I have just tried a "right click" scan on with ESS on the downloaded .exe file and this comes back as no threat found also.

Link to comment
Share on other sites
Jez

Jez 1

Posted
  • Author
Posted

Also make sure that the Eicar test file is detected by the http scanner. If it's not, cloudcar.exe won't be detected either.

Hi Marcos, SweX and Arakasi,

 

Arakasi - yes, my settings show as on your excellent screenshot.

 

Yes Marcos, the Eicar test file is detected as a threat and blocked. It is simply the cloudcar file.

 

SweX: I have the firewall changed to "interactive" and have ticked options to detect PUPs etc. Other than those changes, I don't believe I have changed anything else -  nothing is unselected that shouldn't be as far as I can see .

 

Very strange.

 

Perhaps a full uninstall and re-install will fix it?

Link to comment
Share on other sites
  • Solution
Jez

Jez 1

Posted
  • Author
  • Solution
Posted

 

Also make sure that the Eicar test file is detected by the http scanner. If it's not, cloudcar.exe won't be detected either.

Hi Marcos, SweX and Arakasi,

 

Arakasi - yes, my settings show as on your excellent screenshot.

 

Yes Marcos, the Eicar test file is detected as a threat and blocked. It is simply the cloudcar file.

 

SweX: I have the firewall changed to "interactive" and have ticked options to detect PUPs etc. Other than those changes, I don't believe I have changed anything else -  nothing is unselected that shouldn't be as far as I can see .

 

Very strange.

 

Perhaps a full uninstall and re-install will fix it?

 

 

Bingo!

 

Uninstalled and re-installed ESS 7 and now successfully detecting CloudCar testfile as threat!

 

Very odd indeed!

 

Thank you to all who replied.

Link to comment
Share on other sites
  • 9 months later...
FleischmannTV

FleischmannTV 9

Posted
Posted

I just want to report that I've witnessed this several times in Nod32 7 and recently in 8 as well. For some reason LiveGrid does not function properly even though participation has been checked during the installation dialogue. Deactivating and reactivating in the configuration didn't help, only uninstallation followed by reinstallation. 

Link to comment
Share on other sites
rugk

rugk 397

Posted
Posted

@FleischmannTV

Was ESET LiveGrid really activated when checking and did you have a stable internet connection (LAN/WLAN/...)?

 

@all

And BTW: I downloaded the file on my Android device and EMS didn't noticed it either. (all other test from AMTSO, even the tests for desktop security solutions, went fine)

 

I don't know if this is by design for EMS, because it is an exe file that isn't such bad on Android devices and I don't know whether EMS provides (or should provide) cross-over-platform protection, but maybe you should know that this file wasn't detected by EMS.

As a hint: At the time of the test I was in a WLAN.

Link to comment
Share on other sites
FleischmannTV

FleischmannTV 9

Posted
Posted (edited)

I have just done further tests. I can download the cloudcar.exe with Chrome (32 and 64-bit), but it is blocked in Firefox and IE. Chrome protocol filtering is working though because the phishing page, EICAR and PUA downloads are blocked.

 

Edit:

 

When I try to save the cloudcar.exe in Chrome with right-click and "save as", ESET blocks the download in Chrome as well. When I try to save it by left-clicking the download link, it doesn't.

Edited by FleischmannTV
Link to comment
Share on other sites
rugk

rugk 397

Posted
Posted (edited)
@all

And BTW: I downloaded the file on my Android device and EMS didn't noticed it either. (all other test from AMTSO, even the tests for desktop security solutions, went fine)

 

I don't know if this is by design for EMS, because it is an exe file that isn't such bad on Android devices and I don't know whether EMS provides (or should provide) cross-over-platform protection, but maybe you should know that this file wasn't detected by EMS.

As a hint: At the time of the test I was in a WLAN.

Should I open a new topic about that?

I thought it isn't worth it, but if I don't get any answer here, I'll open a new topic - no matter.

Edited by rugk
Link to comment
Share on other sites
rugk

rugk 397

Posted
Posted (edited)

Exe files won't be detected on Android devices as they cannot run on them. I'll try to get more info about that.

Ok, so no cross-platform-protection. This could explain it all, but no sentence with no "but". ;)

 

But I tested the PotentiallyUnwanted.exe from AMTSO and it has been detected by EMS.

 

Here is the proof:

post-3952-0-78076500-1414091492_thumb.png

 

@FleischmannTV

Sorry for hijacking your topic. Now I now I had better open a new topic for that, but maybe a moderator can split this into a new topic.

Edited by rugk
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...