Jump to content

Doesn't respect exclusion list


Gorgshin
Go to solution Solved by Marcos,

Recommended Posts

So I mine bitcoin mine on my machine with cgminer. NOD32 keeps complaining about it being a bitcoin miner. So I add it to the exclusion list. 

 

But now it nod32 still complains about the program being in memory and prevents me from starting it. Now I have to shut down nod32 before I can run my miner. Is there a way to fix this?

Link to comment
Share on other sites

Update: Yes, I did set up exclusions properly. Setup > Advanced Setup > Computer > Antivirus & Antispyware > Exclusions.

 

I also uploaded my cgminer binaries to VirusTotal to double-check. No other program has an issue with this binary.

 

 

Link to comment
Share on other sites

Hi Gorgshin,

 

Thanks for posting !

I hope i can help you.

 

I did a little digging into your query on cgminer.

I was able to download version 2.0 without consequence; however when i downloaded version 3.9, i received what is quite possible the same alert you received.

I have attached mine, and have recognized that it is not labeling this as a high profile virulent file, trojan, worm, etc. but an 'unsafe application'

 

Detection of unsafe applications is off by default post installation.

The user decides whether to use this detection database or not.

I would recommend leaving detection of potentially unwanted applications on, but on some occasions, disabling or leaving unsafe unticked is with reason.

 

If i am on the wrong file or download, correct me, so were on the same page.

Thanks :)

post-1101-0-90831200-1392090954_thumb.jpg

Edited by Arakasi
Link to comment
Share on other sites

Hey,

 

Thanks a lot. Disabling detection of unsafe applications solved the issue! :D

 

However, I'm still curious why adding the file to the Exclusions did not prevent it from being flagged.

 

I'd still liked to be warned about potentially unsafe applications, but retain the ability to specifically whitelist the ones I installed deliberately.

Edited by Gorgshin
Link to comment
Share on other sites

Understood. ;)

 

Perhaps Marcos or another mod can shed some light.

 

To start with, are you adding one file to the exclusion list ? The miner file.

Maybe try the entire folder the miner is resident in with Example: C:\Miner\*.*

If the ESET alert does say memory catch found, i would at that point be scratching my head on a solution. :)

Link to comment
Share on other sites

This is the file added to extension list.

post-2403-0-15056400-1392095549_thumb.png

 

This is the detection flagged immediately on starting the executable.

post-2403-0-47254000-1392095549_thumb.png

 

I edited the screenshots to remove the path containing my account name for privacy reasons.

 

I've tried adding both the executable itself, and the whole folder. Should not be a problem even if the exclusions code was case sensitive.

Edited by Gorgshin
Link to comment
Share on other sites

Gorgshin,

 

I think the fact it communicates over the net for your mining, it may be the traffic.

Let's try adding it to this list also:

post-1101-0-03384600-1392098805_thumb.jpg

Edited by Arakasi
Link to comment
Share on other sites

  • Administrators

Only files on a disk can be excluded. In your first screen shot, the application was detected on a url upon an attempt to download it from the web. Selecting "No action" should allow the download.

The exclusion in your post #6 seems to be ok and the application shouldn't be detected in that folder. As for the detection upon execution, please post the appropriate record from the Detected threats log to get more information about the detection (you can remove a folder name if you deem it sensitive information).

Link to comment
Share on other sites

Hi Marcos,

 

The first screenshot was posted by Arakasi in an attempt to replicate my problem. NOD32 is still detecting the executable on disk and in memory despite being in the exclusions list. I'm attaching a screenshot of my detected threats log.

 

post-2403-0-61269700-1392158168_thumb.gif

 

Link to comment
Share on other sites

Marcos may have come across a good point.

 

Delete the exclusion, and re-add it back again, manually yourself, instead of the original exclusion on launch through the pop-up.

Then try again.

:)

Link to comment
Share on other sites

Thanks! That fixed the problem.

 

I removed the automatically added exclusion, and manually added it back in for the entire folder containing the executable. I also added the executable to the Protocol Filtering > Excluded Applications as Arakasi suggested.

 

Thanks for being helpful and responsive.

 

Marcos, you might want to check if automatically added exclusions are bugged, and file a formal bug report if you can replicate my problem.

Link to comment
Share on other sites

  • Administrators

If the application doesn't download updates that are detected as PUA by ESET, I wouldn't exclude them from protocol filtering. For instance, if malware injected into such process it might succeed to download components that would otherwise be blocked by web protection.

The point is to use exclusions only when necessary to solve a particular issue. Every exclusion makes the computer vulnerable to attacks; in particular if malware copies to a folder excluded from scanning it won't be detected and blocked even if it was detected otherwise.

Link to comment
Share on other sites

  • 4 months later...

i have same problem and not solutions above help me.

my excluded file delete on startup scan and delete from startup windows list too and store my file in quarantine.

and if eset cant delete it anyway give me BLUE SCREEN

problem on ESS 7.0.317.26 i have not this problem on any other versions before

Link to comment
Share on other sites

  • ESET Moderators

Hello Damoon,

 

please paste here appropriate lines for the threat log, screenshot from your exclusions and list of modules from the about window,

 

we will check it.

Link to comment
Share on other sites

  • Administrators

i have same problem and not solutions above help me.

my excluded file delete on startup scan and delete from startup windows list too and store my file in quarantine.

and if eset cant delete it anyway give me BLUE SCREEN

problem on ESS 7.0.317.26 i have not this problem on any other versions before

Please refrain from posting into multiple topics about the same issue and continue in the appropriate topic in the ESS forum.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...