Jump to content
test_bot

ML/Augur found by ESET NOD32 INSIDE an application .exe I use often

Recommended Posts

Scanning files, NOD32 detected ML/Augur inside an executable I use often.  Do I clean this, or ignore it?  How the heck did ML/Augur get inside the .exe?  Why would ESET want to clean its own code (ML/Augur)?  Is ML/Augur the intellectual property of ESET?

Edited by test_bot
spelling in title

Share this post


Link to post
Share on other sites

Maybe it's a PUA and you have a similar (maybe new) variant of it. Please submit the detected file in an archive encrypted with the password "infected" to samples[at]eset.com.

For instructions, refer to  How to submit Suspicious file to ESET Research Lab via program GUI or How do I report a false positive or whitelist my software with ESET?

Share this post


Link to post
Share on other sites
On 10/23/2019 at 11:25 AM, Marcos said:

Maybe it's a PUA and you have a similar (maybe new) variant of it.

Augur appears to be flagging anything that displays malicious behavior whether its malicious or not. Worse, it will flag via a Smart scan. So the process doesn't even have to execute.

For example, yesterday I ran my first Smart scan under 13.0.22. It detected HitmanPro Alert's Test Tool as ML/Augur - trojan. Granted this is a security test tool that performs all kinds of simulated nasty malware behavior. If the detection was at attempted execution time, I could accept the detection. Note this file has existed on my disk for years w/o prior Eset detection issues.

Also, I have been receiving feedback via PM that many others are having their security test tools and the like being detected by Augur.

I am all for more aggressive Eset detection methods, but believe the best application for same is at execution time. 

Is the solution here to disable Advanced Heuristics on the Smart Scan?  

Share this post


Link to post
Share on other sites
4 hours ago, itman said:

For example, yesterday I ran my first Smart scan under 13.0.22. It detected HitmanPro Alert's Test Tool as ML/Augur - trojan. Granted this is a security test tool that performs all kinds of simulated nasty malware behavior. If the detection was at attempted execution time, I could accept the detection. Note this file has existed on my disk for years w/o prior Eset detection issues.

I've downloaded and installed HitmanPro and HitmanPro.Alert on a machine with v13 installed, ran a scan but no file was detected and blocked. Any details about the files that were detected? Ideally if you could provide them or at least SHA1.

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

I've downloaded and installed HitmanPro and HitmanPro.Alert

I was referring to neither.

As previously stated, it is the test tool designed to test HitmanPro Alert although it can be used to test any security software. Here's a video by the developer of OSArmor using it to test his product: https://www.youtube.com/watch?v=2fUBOVbAHcE .

Appears Sophos has discontinued the tool's download availability. I can't find it anymore on their web site.

-EDIT- Found an older version of the tool here: https://www.softpedia.com/get/Security/Security-Related/Exploit-Test-Tool.shtml

Edited by itman

Share this post


Link to post
Share on other sites

@Marcos, here's the user manual for the test tool: https://dl.surfright.nl/Exploit Test Tool Manual.pdf . It's for ver. 1.6 of the tool. However aside from new tests added in later test tool versions, the operations involved in testing are the same.

You can save me some work by seeing how Augur performs against these tests. Of course, Augur first has to allow the tool to run.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...