Real-time protection of ESET IS v13.0.24.0 false alarm

[karaszumu54 0]

Real-time protection of ESET IS v13.0.24.0 (not a manual scan !!!) with the latest database gives false alerts, If I start Kaspersky Virus Removal Tool under Windows 10 64bit Pro v1909 build18363.535. Only when I start Kaspersky Virus Removal Tool, Not when downloading it! Kaspersky Virus Removal Tool

See: https://www.wilderssecurity.com/threads/eset-windows-home-products-version-13.422360/page-2#post-2879101

Edited December 13, 2019 by karaszumu54

[COStark26 10]

https://forums.malwarebytes.com/topic/253174-kaspersky-total-security-2020-hangs-with-mbam/?do=findComment&comment=1350691

Scroll down this #79 post and see the (allegedly) 512 Security Apps Incompatible with Kapersky Total Security 20 (v 19 is OK) --- So one more Kapersky App issue shouldn't surprise.

There seems to be a good explanation on Pg 3 of the Link at bottom of your post of what is happening to cause the ESET Popup.

An Exclusion for -- kvrt.exe -- allows Use with No Popup but I presume you, like the post-er, assume the Removal Tool could have a future Virus and you want ESET to adjust to the Kapersky App, Right?

Edited December 14, 2019 by COStark26

[karaszumu54 0]

35 minutes ago, COStark26 said:

https://forums.malwarebytes.com/topic/253174-kaspersky-total-security-2020-hangs-with-mbam/?do=findComment&comment=1350691

Scroll down this #79 post and see the (allegedly) 512 Security Apps allegedly Incompatible with Kapersky Total Security 20 (NOT v 19) --- and one more Kapersky App issue shouldn't surprise.

There seems to be a good explanation on Pg 3 of the Link at bottom of your post of what is happening to cause the ESET Popup.

An Exclusion for -- kvrt.exe -- allows Use with No Popup but I presume you, like the post-er, assume the Removal Tool could have a future Virus and you want ESET to adjust to the Kapersky App, Right?

Yes, because, as with all false alarms, the real solution most often is to have the manufacturer fix the problem. Exception can only be a temporary solution.

The solution is never the exception, as the program may be infected in the future. With exceptions, I always punch a hole in my defense system. The exception is a hole in the defense.

Edited December 14, 2019 by karaszumu54

[itman 1,627]

3 hours ago, karaszumu54 said:

Yes, because, as with all false alarms, the real solution most often is to have the manufacturer fix the problem. Exception can only be a temporary solution.

The solution is never the exception, as the program may be infected in the future. With exceptions, I always punch a hole in my defense system. The exception is a hole in the defense.

Then just don't use KVRT.

Eset is not alone among security software manufacturers in stating that compatibility with those products is not guaranteed and use of them is not advisable. So don't expect Eset "to go through loops" in resolving this. If you want to run another AV product of this nature, do the logical thing. Disable Eset's real-time protection prior running the product. When the product scan is complete, re-enable Eset's real-time protection.

However, disabling Eset's real-time protection should immediately activate WD's real-time protection. It is entirely possible WD could also block KVRT. If so, you will also have to complain to Microsoft.

-EDIT- Rather than disable Eset's real-time protection which will cause WD to kick in, a better way to do this is to select the "Pause Antivirus and antispyware protection" option. This will not cause WD to kick in.

Edited December 14, 2019 by itman

[karaszumu54 0]

2 hours ago, itman said:

Then just don't use KVRT.

 

Is this a joke now? Is that the solution? Or Should I turn off ESET protection? KVRT is not a real-time protection. If I get a false alarm when using a program, shouldn't I use that program? I'm sorry, but it's ridiculous.

 

[itman 1,627]

1 hour ago, karaszumu54 said:

Or Should I turn off ESET protection? KVRT is not a real-time protection.

Thought I answered this above.

Correct, KVRT is not real-time protection. However, it is an AV solution and its execution can conflict with the existing AV real-time solution. Therefore the existing AV real-time solution should be temporarily disabled when KVRT is running.

[Marcos 4,907]

The file is not detected any more. However, whether issues may occur when using the tool together with another AV if ignoring the warning from the tool, you should ask the maker of the tool.

[karaszumu54 0]

14 hours ago, Marcos said:

The file is not detected any more. However, whether issues may occur when using the tool together with another AV if ignoring the warning from the tool, you should ask the maker of the tool.

That's exactly what I did. Kaspersky's support also suggested this. By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). This is logical as well. ESET gives a false alarm, ESET needs to correct the error.

[HANDJOJO 11]

17 hours ago, karaszumu54 said:

That's exactly what I did. Kaspersky's support also suggested this. By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). This is logical as well. ESET gives a false alarm, ESET needs to correct the error.

Different vendor different policy for handle the scanning its look like between automation software both should be shake hand otherwise will be not function the automation.

 

[karaszumu54 0]

1 hour ago, HANDJOJO said:

Different vendor different policy for handle the scanning its look like between automation software both should be shake hand otherwise will be not function the automation.

 

By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). But for some reason, the ESET does not want to be respected agreement.

 

[Marcos 4,907]

1 hour ago, karaszumu54 said:

By agreement between the antivirus vendors, the manufacturer of the false alarm software will always correct the error (false alarm). But for some reason, the ESET does not want to be respected agreement.

There are no such agreements. It would mean that every AV maker would have to have an agreement with every company or person in the world that compiles files and creates applications. It is obvious that AV makers fix false positives in their own interest as well.

Also I wrote that the detection was fixed so your conclusion is incorrect.

[karaszumu54 0]

1 hour ago, Marcos said:

Also I wrote that the detection was fixed so your conclusion is incorrect.

I checked it. It is true, but it took quite a while and it was not enough to write on the supports I had to write here as well. Of course, better late than never.

Edited December 16, 2019 by karaszumu54

[Marcos 4,907]

It was resolved immediately when you reported it here. Not sure what exactly you mean by "supports" but a correct way how to report false positives is following the instructions at https://support.eset.com/en/submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab.

[karaszumu54 0]

9 hours ago, Marcos said:

It was resolved immediately when you reported it here. Not sure what exactly you mean by "supports" but a correct way how to report false positives is following the instructions at https://support.eset.com/en/submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab.

I wrote here: support@sicontact.hu I have written here many times and they have always helped, including false positive alarms too, but not now. Thank you for the address.

Edited December 16, 2019 by karaszumu54

[Aryeh Goretsky 366]

Hello,

The email address you mentioned is, I believe, for ESET's Hungarian distributor.  While they can certainly receive your report and forward it to ESET's threat lab, it is always going to be faster to contact ESET's threat lab directly using the instructions my colleague @Marcos provided.  False positive reports are treated with high priority by ESET, and the lab is staffed 7×24×365 with experts who can investigate them.

Regards,

Aryeh Goretsky

[karaszumu54 0]

Again, the same false alarm occurs when running the Kaspersky Virus Removal Tool. A few days ago, I sent an email to sample@eset.com, but I did not receive an automatic reply to the email appearing on their computer and the error could not be corrected.

 

The ESET database is updated automatically on a regular basis.

 

Edited December 25, 2019 by karaszumu54

[itman 1,627]

12 hours ago, karaszumu54 said:

Again, the same false alarm occurs when running the Kaspersky Virus Removal Tool.

Appears this is a new version. At least, the file size is different from a previous ver. I recently downloaded.

Since Eset is detecting it via behavior methods, this situation is going to occur every time the program is changed. The best way to prevent this is to set an Eset permanent Augur real-time exclusion for the program. If you're concerned over the download security status, submit it to Virus Total, Hybrid-Analysis, or wherever for a scan prior to executing the download.

The real question is why are you constantly running this Kaspersky tool? It real purpose is to run an off-line scan when you suspect you might be infected with some malware:

Quote

Kaspersky Virus Removal Tool is a free tool that scans and disinfects Windows-based computers. The tool detects known types of malware as well as advertising software and applications that may be used for malicious purposes. For more information about such applications, see this article.

Kaspersky Virus Removal Tool is designed for one-time virus scan as it does not feature database updates and will not protect against new threats. Once the scan is complete, install an antivirus solution on your computer to ensure real-time protection.

https://support.kaspersky.com/8528

Bottom line - this tool should not be run on a continual basis.

Eset's Online Scanner tool does the same w/o any conflict with the existing Eset installation. Additionally, this Eset scanner uses current signature definitions.

Edited December 25, 2019 by itman