Jump to content

Archived

This topic is now archived and is closed to further replies.

Jez

amtso.org CloudCar testfile not detected - any advice please

Recommended Posts

Hi,

 

I have ESS 7 installed and have just run the AMTSO tests against my system.

 

ESET passed all tests thrown at it, with just one exception failing the CloudCar testfile download test.

 

The AMTSO page gives the following advice:

 

"If you are able to download this file successfully, your Anti-Malware Cloud Lookup solution is NOT configured correctly."

 

I cannot see any reference to cloud lookup settings in ESS.

 

AMTSO shows that ESET is a partner and that if any tests are failed to seek advice from the vendors support forums, hence this request:

 

Could anone tell me which setting(s) I should adjust to correct this?

 

Many thanks in advance.

 

Jez

Share this post


Link to post
Share on other sites

Can you consistently reproduce the download successfully ?

 

I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26

 

post-1101-0-64525100-1388619431_thumb.jpg

post-1101-0-64315800-1388619442_thumb.jpg

Share this post


Link to post
Share on other sites

Can you consistently reproduce the download successfully ?

 

I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26

Hi Arakasi, Thanks for replying.

 

Yes I have tried it three or four times and it just downloads with no warning generated. All other AMTSO tests were detected perfectly.

 

Jez

Share this post


Link to post
Share on other sites

 

Can you consistently reproduce the download successfully ?

 

I was blocked from Downloading, see attached images with ESET nod32 version 7.0.302.26

Hi Arakasi, Thanks for replying.

 

Yes I have tried it three or four times and it just downloads with no warning generated. All other AMTSO tests were detected perfectly.

 

Jez

 

I have just tried a "right click" scan on with ESS on the downloaded .exe file and this comes back as no threat found also.

Share this post


Link to post
Share on other sites

@Jez have you changed any settings in the product?

 

FWIW it's detected fine here too.

Share this post


Link to post
Share on other sites

Do you have all the following options checked in Advanced setup :

 

post-1101-0-11916000-1388621101_thumb.jpg

post-1101-0-34806700-1388621107_thumb.jpg

Share this post


Link to post
Share on other sites

Very good screenies Arakasi. Same as me   :)

Share this post


Link to post
Share on other sites

Also make sure that the Eicar test file is detected by the http scanner. If it's not, cloudcar.exe won't be detected either.

Hi Marcos, SweX and Arakasi,

 

Arakasi - yes, my settings show as on your excellent screenshot.

 

Yes Marcos, the Eicar test file is detected as a threat and blocked. It is simply the cloudcar file.

 

SweX: I have the firewall changed to "interactive" and have ticked options to detect PUPs etc. Other than those changes, I don't believe I have changed anything else -  nothing is unselected that shouldn't be as far as I can see .

 

Very strange.

 

Perhaps a full uninstall and re-install will fix it?

Share this post


Link to post
Share on other sites

I'd suggest installing v7 from scratch and making sure that you enable participation in LiveGrid during install.

Share this post


Link to post
Share on other sites

 

Also make sure that the Eicar test file is detected by the http scanner. If it's not, cloudcar.exe won't be detected either.

Hi Marcos, SweX and Arakasi,

 

Arakasi - yes, my settings show as on your excellent screenshot.

 

Yes Marcos, the Eicar test file is detected as a threat and blocked. It is simply the cloudcar file.

 

SweX: I have the firewall changed to "interactive" and have ticked options to detect PUPs etc. Other than those changes, I don't believe I have changed anything else -  nothing is unselected that shouldn't be as far as I can see .

 

Very strange.

 

Perhaps a full uninstall and re-install will fix it?

 

 

Bingo!

 

Uninstalled and re-installed ESS 7 and now successfully detecting CloudCar testfile as threat!

 

Very odd indeed!

 

Thank you to all who replied.

Share this post


Link to post
Share on other sites

Case closed.

It could have been Live Grid was not selected, however i am glad you are fixed.

Share this post


Link to post
Share on other sites

Great that you got it sorted quite easy Jez  :)

Share this post


Link to post
Share on other sites

I just want to report that I've witnessed this several times in Nod32 7 and recently in 8 as well. For some reason LiveGrid does not function properly even though participation has been checked during the installation dialogue. Deactivating and reactivating in the configuration didn't help, only uninstallation followed by reinstallation. 

Share this post


Link to post
Share on other sites

@FleischmannTV

Was ESET LiveGrid really activated when checking and did you have a stable internet connection (LAN/WLAN/...)?

 

@all

And BTW: I downloaded the file on my Android device and EMS didn't noticed it either. (all other test from AMTSO, even the tests for desktop security solutions, went fine)

 

I don't know if this is by design for EMS, because it is an exe file that isn't such bad on Android devices and I don't know whether EMS provides (or should provide) cross-over-platform protection, but maybe you should know that this file wasn't detected by EMS.

As a hint: At the time of the test I was in a WLAN.

Share this post


Link to post
Share on other sites

I have just done further tests. I can download the cloudcar.exe with Chrome (32 and 64-bit), but it is blocked in Firefox and IE. Chrome protocol filtering is working though because the phishing page, EICAR and PUA downloads are blocked.

 

Edit:

 

When I try to save the cloudcar.exe in Chrome with right-click and "save as", ESET blocks the download in Chrome as well. When I try to save it by left-clicking the download link, it doesn't.

Share this post


Link to post
Share on other sites
@all

And BTW: I downloaded the file on my Android device and EMS didn't noticed it either. (all other test from AMTSO, even the tests for desktop security solutions, went fine)

 

I don't know if this is by design for EMS, because it is an exe file that isn't such bad on Android devices and I don't know whether EMS provides (or should provide) cross-over-platform protection, but maybe you should know that this file wasn't detected by EMS.

As a hint: At the time of the test I was in a WLAN.

Should I open a new topic about that?

I thought it isn't worth it, but if I don't get any answer here, I'll open a new topic - no matter.

Share this post


Link to post
Share on other sites

Exe files won't be detected on Android devices as they cannot run on them. I'll try to get more info about that.

Share this post


Link to post
Share on other sites

Exe files won't be detected on Android devices as they cannot run on them. I'll try to get more info about that.

Ok, so no cross-platform-protection. This could explain it all, but no sentence with no "but". ;)

 

But I tested the PotentiallyUnwanted.exe from AMTSO and it has been detected by EMS.

 

Here is the proof:

post-3952-0-78076500-1414091492_thumb.png

 

@FleischmannTV

Sorry for hijacking your topic. Now I now I had better open a new topic for that, but maybe a moderator can split this into a new topic.

Share this post


Link to post
Share on other sites

Hey there, I just wanted to report that with the latest Version left clicking to download the cloudcar testfile is now blocked in Chrome as well.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...