False detection - 2

[Viber Reputation team 0]

Hi,

 

i don't understand why you closed the last topic before i could even respond to your answer. i want to solve these things out.

 

1. what's wrong with viber installation? how it doesn't stand with your practices? can you point on the "wrong" issues, so we can understand how to fix things, if necessary? 

2. i have tried to install viber with ESET and that's right - there is a detections of PUA, BUT (!) it still doesn't let me to install viber. even when i click "no action" or "exclude detection" - and still, it blocks Viber. How do you explain that? 

 

 

 

Adi

Viber

[Arakasi 549]

Hello

Disable detection of PUA to go forward.

Marcos gave the link for best practices already.

[Viber Reputation team 0]

Hi,

 

i appreciate your answer, but when our users download Viber, maybe this feature is enable. we still need to understand with is the exact problem with our installer to go forward.

[Arakasi 549]

Here is your problem.

Get Helper.dll out of your software which was dropped here : C:\\users\current user\AppData\Local\Temp\nsl1E64.tmp

 

Second, Open up more control for the user in your installer. I did not have a clue where files were going; no choice in installation location.

 

Third, If the above cannot be met. Install programs in the default program files directory, not the Appdata folder which is a very common place for malware to reside or install. Your temp files are fine to go in appdata, but not your core program or executable.

 

Once the above is done, the only way to move forward is to re-send your msi or project to samples@eset.com for re-evaluation.

Posting back here for status or similar will usually yield no results, as this is not the place for disputes as the ESET employee and moderator Marcos stated.

Edited June 10, 2014 by Arakasi

[Arakasi 549]

Do you also modify the wininit.ini ?

 

Helper.dll also sits in the exe directory.

Edited June 9, 2014 by Arakasi

[Aryeh Goretsky 378]

Hello,

If you are the author of a software package which you believe may be incorrectly detected by ESET, you must contact ESET's threat research laboratory.

This forum is not ESET's threat research laboratory, but rather a support mechanism for ESET's customers. As such, any such discussions or questions about detection are going to the wrong place.

For instructions on contacting ESET's threat research laboratory, see ESET Knowledgebase Article 141, "How do I submit a virus, website or potential false positive sample to ESET's lab?."

As this is the only answer which can be provided via this customer support forum, we will now draw this communication to a close.

Regards,

Aryeh Goretsky