Guest Grampa Frank Posted February 4, 2022 Share Posted February 4, 2022 We spent way too much time trying to figure out how to exclude the false positives on the ExpressVPN updates and maybe it's time to ask the people of this forum for some help. We have not been able to update ExpressVPN for quite some time now, which kind of worries me. In the following post a forum member Marcos posts the solution in the form of a picture, but we cannot find this setting (Endpoint security in the advanced setup), which is where we are supposed to exclude @NAME=Win32/NSSM.D. Could someone please help and explain this solution with a bit more words so that old geezers like us can understand what to do and most of all, where to find this Endpoint security form? Thank you very much in advance and have a great weekend. Link to comment
Administrators Marcos 5,238 Posted February 4, 2022 Administrators Share Posted February 4, 2022 You can exclude a particular detection by name as per https://support.eset.com/en/kb2629 Link to comment
Guest Grampa Frank Posted February 5, 2022 Share Posted February 5, 2022 Thank you for your reply, Marcos. Unfortunately we have already tried that, did not work. No matter the settings, and we tried a lot of them, the file will be deleted immediately upon download, see picture below. What I would like to know is, where is the setting that you posted about that leads to the form that you posted a picture of, the Endpoint security form to exclude @NAME=Win32/NSSM.D? I asked about this in my first post and I would like to try that. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 05/02/2022 3:38:09 AM;HTTP filter;file;https://www.expressvpn.works/clients/windows/expressvpn_windows_10.17.0.28_release.exe;ESET LiveGuard;deleted;DESKTOP-XXXXXX\frank;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (80ED756A35A9A476EB64B7F5C9028F1266FB1D52).;8FEE1A80F0E786B2802693BC6AC1B1FBA4D3DDD6;04/02/2022 6:40:11 PM Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 27/01/2022 8:10:10 PM;HTTP filter;file;https://www.expressvpn.works/clients/windows/expressvpn_windows_10.16.0.8_release.exe;ESET LiveGuard;deleted;DESKTOP-XXXXXX\frank;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (7FC11558C992CC8110E0391F1BBE7171C82E2DC6).;513FD49F7CEC3628BFFA2DA6EAC9D8AF4CFBA63D;26/01/2022 9:00:13 PM Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 05/01/2022 7:39:15 PM;ESET LiveGuard;file;F:\BBup2022\Install stuff\expressvpn_windows_10.15.0.8_release.exe;ESET LiveGuard;deleted;;;434457D1FE6E707556C6309509F8EB93A1E21ADD;05/01/2022 7:35:43 PM Link to comment
Administrators Marcos 5,238 Posted February 5, 2022 Administrators Share Posted February 5, 2022 The above record from the Detections log helped to understand what's going on. It's a LiveGuard detection so an exclusion by the detection name won't work. You must exclude the hashes that were logged. There are 3 hashes in your logs because you downloaded 3 different versions of the sw. Link to comment
itman 1,743 Posted February 5, 2022 Share Posted February 5, 2022 As far as ExpressVPN use, you might want to read this article: https://www.zdnet.com/article/trust-but-verify-an-in-depth-analysis-of-expressvpns-terrible-horrible-no-good-very-bad-week/ . Personally, I would trust LiveGuard's detections on this one. Link to comment
Recommended Posts