Rohit 1 Posted March 9, 2019 Share Posted March 9, 2019 Today I renewed my ESET Internet Security license and upgraded to 12.1.31.0 . During system startup I noticed performance improvement. I am not sure there are really any optimizations at this stage or not. I performed a full scan but now 22 password-protected files were marked "Detections". The previous version was not marking this. Why a password-protected file is a Detection? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted March 9, 2019 Administrators Share Posted March 9, 2019 Please clarify what you mean by that password protected file is a detection. It's obviously not, ie. password protected files are not detected and cleaned like malware. Link to comment Share on other sites More sharing options...
Rohit 1 Posted March 9, 2019 Author Share Posted March 9, 2019 (edited) Edited March 9, 2019 by Rohit Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 9, 2019 Share Posted March 9, 2019 (edited) To begin with, password protected files are almost always archives as your screen shot shows. I checked a few of my 12.0.31 scan logs and see the same "error - password-protected file" associated with know password protected archive files. So this status is not unique to the new 12.1.31 version. I started seeing these log entries when I changed Eset's default Smart Scan profile ThreatSense settings to scan archive files. In previous Eset versions, the Smart Scan profile did not scan archive files. Note that it is impossible for Eset to open a password protected file. Hence the message shown in the log although I personally believe the message should be a warning. One possible explanation as to why "error - password-protected file" message is now showing in ver. 12.1.31 scan log is Eset might have changed the default Smart Scan profile to now scan archive files? Also in my scan logs with these messages, I show zero detections. It appears Eset is flagging a password protected file, script.dat, within an archive as suspicious. Normally, the entire archive is password protected. I also would treat this as suspicious since its a great way to hide malware within an installer for example. Edited March 9, 2019 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted March 9, 2019 Administrators Share Posted March 9, 2019 In v12.1 we changed the way how PUAs are treated. Before any unhandled detection was displayed in red which used to raise concerns and users tend to think they were infected even if only PUAs were detected. Now PUAs detection are only yellow. I see your point; we will internally discuss the colors for errors and PUA detections. Link to comment Share on other sites More sharing options...
Rohit 1 Posted March 9, 2019 Author Share Posted March 9, 2019 Ideally, password-protected file should be marked "Could not scan" instead of Detection and quarantined. Flagging as "Detection" unnecessary raises concern. Link to comment Share on other sites More sharing options...
Recommended Posts