Jez 1 Posted January 1, 2014 Posted January 1, 2014 Hi, I have ESS 7 installed and have just run the AMTSO tests against my system. ESET passed all tests thrown at it, with just one exception failing the CloudCar testfile download test. The AMTSO page gives the following advice: "If you are able to download this file successfully, your Anti-Malware Cloud Lookup solution is NOT configured correctly." I cannot see any reference to cloud lookup settings in ESS. AMTSO shows that ESET is a partner and that if any tests are failed to seek advice from the vendors support forums, hence this request: Could anone tell me which setting(s) I should adjust to correct this? Many thanks in advance. Jez
Arakasi 549 Posted January 1, 2014 Posted January 1, 2014 Can you consistently reproduce the download successfully ? I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26
Jez 1 Posted January 1, 2014 Author Posted January 1, 2014 Can you consistently reproduce the download successfully ? I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26 Hi Arakasi, Thanks for replying. Yes I have tried it three or four times and it just downloads with no warning generated. All other AMTSO tests were detected perfectly. Jez
Jez 1 Posted January 1, 2014 Author Posted January 1, 2014 Can you consistently reproduce the download successfully ? I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26 Hi Arakasi, Thanks for replying. Yes I have tried it three or four times and it just downloads with no warning generated. All other AMTSO tests were detected perfectly. Jez I have just tried a "right click" scan on with ESS on the downloaded .exe file and this comes back as no threat found also.
SweX 871 Posted January 2, 2014 Posted January 2, 2014 @Jez have you changed any settings in the product? FWIW it's detected fine here too.
Arakasi 549 Posted January 2, 2014 Posted January 2, 2014 Do you have all the following options checked in Advanced setup :
SweX 871 Posted January 2, 2014 Posted January 2, 2014 (edited) Very good screenies Arakasi. Same as me Edited January 2, 2014 by SweX
Administrators Marcos 5,466 Posted January 2, 2014 Administrators Posted January 2, 2014 Also make sure that the Eicar test file is detected by the http scanner. If it's not, cloudcar.exe won't be detected either.
Jez 1 Posted January 2, 2014 Author Posted January 2, 2014 Also make sure that the Eicar test file is detected by the http scanner. If it's not, cloudcar.exe won't be detected either. Hi Marcos, SweX and Arakasi, Arakasi - yes, my settings show as on your excellent screenshot. Yes Marcos, the Eicar test file is detected as a threat and blocked. It is simply the cloudcar file. SweX: I have the firewall changed to "interactive" and have ticked options to detect PUPs etc. Other than those changes, I don't believe I have changed anything else - nothing is unselected that shouldn't be as far as I can see . Very strange. Perhaps a full uninstall and re-install will fix it?
Administrators Marcos 5,466 Posted January 2, 2014 Administrators Posted January 2, 2014 I'd suggest installing v7 from scratch and making sure that you enable participation in LiveGrid during install.
Solution Jez 1 Posted January 2, 2014 Author Solution Posted January 2, 2014 Also make sure that the Eicar test file is detected by the http scanner. If it's not, cloudcar.exe won't be detected either. Hi Marcos, SweX and Arakasi, Arakasi - yes, my settings show as on your excellent screenshot. Yes Marcos, the Eicar test file is detected as a threat and blocked. It is simply the cloudcar file. SweX: I have the firewall changed to "interactive" and have ticked options to detect PUPs etc. Other than those changes, I don't believe I have changed anything else - nothing is unselected that shouldn't be as far as I can see . Very strange. Perhaps a full uninstall and re-install will fix it? Bingo! Uninstalled and re-installed ESS 7 and now successfully detecting CloudCar testfile as threat! Very odd indeed! Thank you to all who replied.
Arakasi 549 Posted January 2, 2014 Posted January 2, 2014 Case closed. It could have been Live Grid was not selected, however i am glad you are fixed.
FleischmannTV 9 Posted October 14, 2014 Posted October 14, 2014 I just want to report that I've witnessed this several times in Nod32 7 and recently in 8 as well. For some reason LiveGrid does not function properly even though participation has been checked during the installation dialogue. Deactivating and reactivating in the configuration didn't help, only uninstallation followed by reinstallation.
rugk 397 Posted October 14, 2014 Posted October 14, 2014 @FleischmannTV Was ESET LiveGrid really activated when checking and did you have a stable internet connection (LAN/WLAN/...)? @all And BTW: I downloaded the file on my Android device and EMS didn't noticed it either. (all other test from AMTSO, even the tests for desktop security solutions, went fine) I don't know if this is by design for EMS, because it is an exe file that isn't such bad on Android devices and I don't know whether EMS provides (or should provide) cross-over-platform protection, but maybe you should know that this file wasn't detected by EMS. As a hint: At the time of the test I was in a WLAN.
FleischmannTV 9 Posted October 16, 2014 Posted October 16, 2014 (edited) I have just done further tests. I can download the cloudcar.exe with Chrome (32 and 64-bit), but it is blocked in Firefox and IE. Chrome protocol filtering is working though because the phishing page, EICAR and PUA downloads are blocked. Edit: When I try to save the cloudcar.exe in Chrome with right-click and "save as", ESET blocks the download in Chrome as well. When I try to save it by left-clicking the download link, it doesn't. Edited October 16, 2014 by FleischmannTV
rugk 397 Posted October 23, 2014 Posted October 23, 2014 (edited) @all And BTW: I downloaded the file on my Android device and EMS didn't noticed it either. (all other test from AMTSO, even the tests for desktop security solutions, went fine) I don't know if this is by design for EMS, because it is an exe file that isn't such bad on Android devices and I don't know whether EMS provides (or should provide) cross-over-platform protection, but maybe you should know that this file wasn't detected by EMS. As a hint: At the time of the test I was in a WLAN. Should I open a new topic about that? I thought it isn't worth it, but if I don't get any answer here, I'll open a new topic - no matter. Edited October 23, 2014 by rugk
Administrators Marcos 5,466 Posted October 23, 2014 Administrators Posted October 23, 2014 Exe files won't be detected on Android devices as they cannot run on them. I'll try to get more info about that.
rugk 397 Posted October 23, 2014 Posted October 23, 2014 (edited) Exe files won't be detected on Android devices as they cannot run on them. I'll try to get more info about that. Ok, so no cross-platform-protection. This could explain it all, but no sentence with no "but". But I tested the PotentiallyUnwanted.exe from AMTSO and it has been detected by EMS. Here is the proof: @FleischmannTV Sorry for hijacking your topic. Now I now I had better open a new topic for that, but maybe a moderator can split this into a new topic. Edited October 26, 2014 by rugk
FleischmannTV 9 Posted October 26, 2014 Posted October 26, 2014 Hey there, I just wanted to report that with the latest Version left clicking to download the cloudcar testfile is now blocked in Chrome as well.
Recommended Posts