Jump to content

Reported a false positive via the ESET NOD32 context menu


Recommended Posts

How long does it take to get a response?  Getting a false positive on a file from a Computer game CD-rom from early 2000.

Link to comment
Share on other sites

Posted (edited)
1 hour ago, Marcos said:

Possible false positives must be reported to samples[at]eset.com as per https://support.eset.com/en/kb141.

@Marcos It is to big (around 300 MB for the CD-ROM) to send that way and the ESET NOD32 context menu let me submit the one file, yet it has been a few weeks since I sent it in.

Edited by Chas4
Link to comment
Share on other sites

  • Most Valued Members
22 hours ago, Chas4 said:

@Marcos It is to big (around 300 MB for the CD-ROM) to send that way and the ESET NOD32 context menu let me submit the one file, yet it has been a few weeks since I sent it in.

You could upload the file to a file sharing site and email the link. 

Link to comment
Share on other sites

33 minutes ago, peteyt said:

You could upload the file to a file sharing site and email the link. 

I already submitted the file to ESET almost a month ago (it is from an old game that requires the CD-ROM in the drive to be able to play the game).

The false positive is from a file from late 1999 and from Hasbro Interactive 

Link to comment
Share on other sites

  • Administrators

Honestly, the last email that we have received from your outlook.com email address is from 2018. Please send one more email to samples[at]eset.com with a download link after uploading the file to a file sharing service.

Link to comment
Share on other sites

I know that has to be false (there is more than one email, this report would have another one of Microsoft's domains on it tho it was sent via the ESET GUI to report the false positive, also reported 300+ emails to ESET).  I am asking here because I have not heard back on the false positive report I sent in (via ESET GUI) back in September 2022. 

Shared a CC'd myself in the email to samples at eset email with false positive subject and also referenced this thread.

Link to comment
Share on other sites

  • Administrators

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

Link to comment
Share on other sites

52 minutes ago, Marcos said:

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

Nope false positive on the file from 1999 (it came on the CD-ROM with the game and was part of the Hasbro Interactive code for the game, I think part of maybe online play), I got the file from the CD-ROM itself, and from a Windows ME machine with the game installed on it.

Link to comment
Share on other sites

  • Most Valued Members
22 hours ago, Chas4 said:

Nope false positive on the file from 1999 (it came on the CD-ROM with the game and was part of the Hasbro Interactive code for the game, I think part of maybe online play), I got the file from the CD-ROM itself, and from a Windows ME machine with the game installed on it.

This doesn't mean it's safe. Could be DRM but not sure, someone from Eset would be able to explain more 

Link to comment
Share on other sites

20 hours ago, peteyt said:

This doesn't mean it's safe. Could be DRM but not sure, someone from Eset would be able to explain more 

The DRM I know of the game is that the CD-Rom has to be in the disc drive to be played, also I got the same files from a Windows ME machine that was never on the internet.

Link to comment
Share on other sites

1 hour ago, Chas4 said:

Still no response from ESET on the file I sent in.

@Marcos already answered this;

Quote

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

You can exclude the PUA detection; your choice in doing so.

Link to comment
Share on other sites

  • Administrators
2 hours ago, Chas4 said:

Still no response from ESET on the file I sent in.

 

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

For samples submitted via the built-in form a response is not guaranteed:

image.png

 

Link to comment
Share on other sites

@Marcos Why the detection on a file about a decade after the was included on the CD-ROM for the game (the machine I copied it from was never on the internet).  The file is just in the game file folder 

I can share the CD-ROM files with ESET (I still have the CD-ROM) like I asked a while back and also I don't think the installer works on Windows 10 and higher, I also still have the about 64GB HDD (the drive is from around 2000) the file was first on machine also had only 64MB of RAM.

5 hours ago, itman said:

@Marcos already answered this;

You can exclude the PUA detection; your choice in doing so.

It is already excluded yet is picked up by the auto scheduled scan but does not show when I do a manual computer scan.

Link to comment
Share on other sites

4 hours ago, Marcos said:

 

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

For samples submitted via the built-in form a response is not guaranteed:

image.png

 

I submitted it via the ESET GUI first and it does not say I will not get a response from ESET.

Link to comment
Share on other sites

  • Administrators
8 minutes ago, Chas4 said:

Why the detection on a file about a decade after the was included on the CD-ROM for the game (the machine I copied it from was never on the internet).  The file is just in the game file folder

As I wrote, the detection is from 2009 so no wonder that it was detected on an older CD.

Link to comment
Share on other sites

1 hour ago, Marcos said:

As I wrote, the detection is from 2009 so no wonder that it was detected on an older CD.

But what about it still being detected even tho it is excluded and it being a possible false positive for that 1 file?

 

Also sent you a message about the other issue (one dating to a 2+ years old bug)

 

Link to comment
Share on other sites

16 hours ago, Chas4 said:

It is already excluded yet is picked up by the auto scheduled scan but does not show when I do a manual computer scan.

You probably didn't exclude it via Detection exclusion:

Eset_Detection.thumb.png.bb2fcb03ee5fa50c073bdb8d6d66d845.png

Link to comment
Share on other sites

2 hours ago, Marcos said:

It's Mac but ESET products for MacOS also support detection exclusions.

@MarcosNo this one is on Windows where I reported the false positive from.

 

2 hours ago, itman said:

You probably didn't exclude it via Detection exclusion:

Eset_Detection.thumb.png.bb2fcb03ee5fa50c073bdb8d6d66d845.png

I added it via the real time scanner when it picked it up and told it to exclude it.

Link to comment
Share on other sites

  • Administrators
1 hour ago, Chas4 said:

I added it via the real time scanner when it picked it up and told it to exclude it.

I'd recommend editing the detection exclusion and changing the path to *

Link to comment
Share on other sites

On 10/20/2022 at 12:07 PM, Marcos said:

I'd recommend editing the detection exclusion and changing the path to *

Looks like that is how one of the detections was set by ESET

Link to comment
Share on other sites

On 10/20/2022 at 12:07 PM, Marcos said:

I'd recommend editing the detection exclusion and changing the path to *

It is now picking up items that are in the exclusion list (some reason the option to exclude the detections is not in that list of file detected).

Link to comment
Share on other sites

  • Administrators

Not sure what you mean. We have tested detection exclusions with "*" in the path (without quotation marks) and it worked. If there's an issue, I'd recommend opening a support ticket since the config would have to be checked by technical support.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...