Jump to content
An upgrade will take place on June 18, 2024 during the midday hours (UTC). The Forum will not be accessible for a short period of time. ×

How to exclude Win32/NSSM.D for false positive ExpressVPN updates


Recommended Posts

Guest Grampa Frank

We spent way too much time trying to figure out how to exclude the false positives on the ExpressVPN updates and maybe it's time to ask the people of this forum for some help. We have not been able to update ExpressVPN for quite some time now, which kind of worries me.

In the following post a forum member Marcos posts the solution in the form of a picture, but we cannot find this setting (Endpoint security in the advanced setup), which is where we are supposed to exclude @NAME=Win32/NSSM.D.  Could someone please help and explain this solution with a bit more words so that old geezers like us can understand what to do and most of all, where to find this Endpoint security form?

Thank you very much in advance and have a great weekend.


 

Link to comment
Guest Grampa Frank

Thank you for your reply, Marcos. Unfortunately we have already tried that, did not work. No matter the settings, and we tried a lot of them, the file will be deleted immediately upon download, see picture below.

What I would like to know is, where is the setting that you posted about that leads to the form that you posted a picture of, the Endpoint security form to exclude @NAME=Win32/NSSM.D? I asked about this in my first post and I would like to try that.

7khXxFJ.png

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
05/02/2022 3:38:09 AM;HTTP filter;file;https://www.expressvpn.works/clients/windows/expressvpn_windows_10.17.0.28_release.exe;ESET LiveGuard;deleted;DESKTOP-XXXXXX\frank;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (80ED756A35A9A476EB64B7F5C9028F1266FB1D52).;8FEE1A80F0E786B2802693BC6AC1B1FBA4D3DDD6;04/02/2022 6:40:11 PM

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
27/01/2022 8:10:10 PM;HTTP filter;file;https://www.expressvpn.works/clients/windows/expressvpn_windows_10.16.0.8_release.exe;ESET LiveGuard;deleted;DESKTOP-XXXXXX\frank;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (7FC11558C992CC8110E0391F1BBE7171C82E2DC6).;513FD49F7CEC3628BFFA2DA6EAC9D8AF4CFBA63D;26/01/2022 9:00:13 PM

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
05/01/2022 7:39:15 PM;ESET LiveGuard;file;F:\BBup2022\Install stuff\expressvpn_windows_10.15.0.8_release.exe;ESET LiveGuard;deleted;;;434457D1FE6E707556C6309509F8EB93A1E21ADD;05/01/2022 7:35:43 PM

 

Link to comment
  • Administrators

The above record from the Detections log helped to understand what's going on. It's a LiveGuard detection so an exclusion by the detection name won't work. You must exclude the hashes that were logged. There are 3 hashes in your logs because you downloaded 3 different versions of the sw.

Link to comment
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...