Jump to content

Real-time protection of ESET IS v13.0.24.0 false alarm


Recommended Posts

Real-time protection of ESET IS v13.0.24.0 (not a manual scan !!!) with the latest database gives false alerts, If I start Kaspersky Virus Removal Tool under Windows 10 64bit Pro v1909 build18363.535. Only when I start Kaspersky Virus Removal Tool, Not when downloading it! Kaspersky Virus Removal Tool

2019-12-13_115400.jpg

2019-12-13_115523.jpg

2019-12-13_115615.jpg

See: https://www.wilderssecurity.com/threads/eset-windows-home-products-version-13.422360/page-2#post-2879101

Edited by karaszumu54
Link to comment
Share on other sites

https://forums.malwarebytes.com/topic/253174-kaspersky-total-security-2020-hangs-with-mbam/?do=findComment&comment=1350691

Scroll down this #79 post and see the (allegedly) 512 Security Apps Incompatible with Kapersky Total Security 20 (v 19 is OK) --- So one more Kapersky App issue shouldn't surprise.

There seems to be a good explanation on Pg 3 of the Link at bottom of your post of what is happening to cause the ESET Popup.

An Exclusion for -- kvrt.exe -- allows Use with No Popup but I presume you, like the post-er, assume the Removal Tool could have a future Virus and you want ESET to adjust to the Kapersky App, Right?

Edited by COStark26
Link to comment
Share on other sites

35 minutes ago, COStark26 said:

https://forums.malwarebytes.com/topic/253174-kaspersky-total-security-2020-hangs-with-mbam/?do=findComment&comment=1350691

Scroll down this #79 post and see the (allegedly) 512 Security Apps allegedly Incompatible with Kapersky Total Security 20 (NOT v 19) --- and one more Kapersky App issue shouldn't surprise.

There seems to be a good explanation on Pg 3 of the Link at bottom of your post of what is happening to cause the ESET Popup.

An Exclusion for -- kvrt.exe -- allows Use with No Popup but I presume you, like the post-er, assume the Removal Tool could have a future Virus and you want ESET to adjust to the Kapersky App, Right?

Yes, because, as with all false alarms, the real solution most often is to have the manufacturer fix the problem. Exception can only be a temporary solution.

The solution is never the exception, as the program may be infected in the future. With exceptions, I always punch a hole in my defense system. The exception is a hole in the defense.

Edited by karaszumu54
Link to comment
Share on other sites

3 hours ago, karaszumu54 said:

Yes, because, as with all false alarms, the real solution most often is to have the manufacturer fix the problem. Exception can only be a temporary solution.

The solution is never the exception, as the program may be infected in the future. With exceptions, I always punch a hole in my defense system. The exception is a hole in the defense.

Then just don't use KVRT.

Eset is not alone among security software manufacturers in stating that compatibility with those products is not guaranteed and use of them is not advisable. So don't expect Eset "to go through loops" in resolving this. If you want to run another AV product of this nature, do the logical thing. Disable Eset's real-time protection prior running the product. When the product scan is complete, re-enable Eset's real-time protection.

However, disabling Eset's real-time protection should immediately activate WD's real-time protection. It is entirely possible WD could also block KVRT. If so, you will also have to complain to Microsoft.

-EDIT- Rather than disable Eset's real-time protection which will cause WD to kick in, a better way to do this is to select the "Pause Antivirus and antispyware protection" option. This will not cause WD to kick in.

Edited by itman
Link to comment
Share on other sites

2 hours ago, itman said:

Then just don't use KVRT.

 

Is this a joke now? Is that the solution? Or Should I turn off ESET protection? KVRT is not a real-time protection. If I get a false alarm when using a program, shouldn't I use that program? I'm sorry, but it's ridiculous.

 
Link to comment
Share on other sites

1 hour ago, karaszumu54 said:

Or Should I turn off ESET protection? KVRT is not a real-time protection.

Thought I answered this above.

Correct, KVRT is not real-time protection. However, it is an AV solution and its execution can conflict with the existing AV real-time solution. Therefore the existing AV real-time solution should be temporarily disabled when KVRT is running.

Link to comment
Share on other sites

  • Administrators

The file is not detected any more. However, whether issues may occur when using the tool together with another AV if ignoring the warning from the tool, you should ask the maker of the tool.

Link to comment
Share on other sites

14 hours ago, Marcos said:

The file is not detected any more. However, whether issues may occur when using the tool together with another AV if ignoring the warning from the tool, you should ask the maker of the tool.

That's exactly what I did. Kaspersky's support also suggested this. By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). This is logical as well. ESET gives a false alarm, ESET needs to correct the error.

Link to comment
Share on other sites

17 hours ago, karaszumu54 said:

That's exactly what I did. Kaspersky's support also suggested this. By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). This is logical as well. ESET gives a false alarm, ESET needs to correct the error.

Different vendor different policy for handle the scanning its look like between automation software both should be shake hand otherwise will be not function the automation.

 

Link to comment
Share on other sites

1 hour ago, HANDJOJO said:

Different vendor different policy for handle the scanning its look like between automation software both should be shake hand otherwise will be not function the automation.

 

By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). But for some reason, the ESET does not want to be respected agreement.

 
Link to comment
Share on other sites

  • Administrators
1 hour ago, karaszumu54 said:

By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). But for some reason, the ESET does not want to be respected agreement.

There are no such agreements. It would mean that every AV maker would have to have an agreement with every company or person in the world that compiles files and creates applications. It is obvious that AV makers fix false positives in their own interest as well.

Also I wrote that the detection was fixed so your conclusion is incorrect.

Link to comment
Share on other sites

1 hour ago, Marcos said:

Also I wrote that the detection was fixed so your conclusion is incorrect.

I checked it. It is true, but it took quite a while and it was not enough to write on the supports I had to write here as well. Of course, better late than never.

Edited by karaszumu54
Link to comment
Share on other sites

  • Administrators

It was resolved immediately when you reported it here. Not sure what exactly you mean by "supports" but a correct way how to report false positives is following the instructions at https://support.eset.com/en/submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab.

Link to comment
Share on other sites

9 hours ago, Marcos said:

It was resolved immediately when you reported it here. Not sure what exactly you mean by "supports" but a correct way how to report false positives is following the instructions at https://support.eset.com/en/submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab.

I wrote here: support@sicontact.hu I have written here many times and they have always helped, including false positive alarms too, but not now. Thank you for the address.

Edited by karaszumu54
Link to comment
Share on other sites

  • ESET Moderators

Hello,

The email address you mentioned is, I believe, for ESET's Hungarian distributor.  While they can certainly receive your report and forward it to ESET's threat lab, it is always going to be faster to contact ESET's threat lab directly using the instructions my colleague @Marcos provided.  False positive reports are treated with high priority by ESET, and the lab is staffed 7×24×365 with experts who can investigate them.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

  • 2 weeks later...

Again, the same false alarm occurs when running the Kaspersky Virus Removal Tool. A few days ago, I sent an email to sample@eset.com, but I did not receive an automatic reply to the email appearing on their computer and the error could not be corrected.

 

The ESET database is updated automatically on a regular basis.

 

2019-12-24_043057.jpg

Edited by karaszumu54
Link to comment
Share on other sites

12 hours ago, karaszumu54 said:

Again, the same false alarm occurs when running the Kaspersky Virus Removal Tool.

Appears this is a new version. At least, the file size is different from a previous ver. I recently downloaded.

Since Eset is detecting it via behavior methods, this situation is going to occur every time the program is changed. The best way to prevent this is to set an Eset permanent Augur real-time exclusion for the program. If you're concerned over the download security status, submit it to Virus Total, Hybrid-Analysis, or wherever for a scan prior to executing the download.

The real question is why are you constantly running this Kaspersky tool? It real purpose is to run an off-line scan when you suspect you might be infected with some malware:

Quote

Kaspersky Virus Removal Tool is a free tool that scans and disinfects Windows-based computers. The tool detects known types of malware as well as advertising software and applications that may be used for malicious purposes. For more information about such applications, see this article.

Kaspersky Virus Removal Tool is designed for one-time virus scan as it does not feature database updates and will not protect against new threats. Once the scan is complete, install an antivirus solution on your computer to ensure real-time protection.

https://support.kaspersky.com/8528

Bottom line - this tool should not be run on a continual basis.

Eset's Online Scanner tool does the same w/o any conflict with the existing Eset installation. Additionally, this Eset scanner uses current signature definitions.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...