Reported a false positive via the ESET NOD32 context menu

[Chas4 8]

How long does it take to get a response?  Getting a false positive on a file from a Computer game CD-rom from early 2000.

[Marcos 5,069]

Possible false positives must be reported to samples[at]eset.com as per https://support.eset.com/en/kb141.

[Chas4 8]

1 hour ago, Marcos said:

Possible false positives must be reported to samples[at]eset.com as per https://support.eset.com/en/kb141.

@Marcos It is to big (around 300 MB for the CD-ROM) to send that way and the ESET NOD32 context menu let me submit the one file, yet it has been a few weeks since I sent it in.

Edited October 9, 2022 by Chas4

[peteyt 393]

22 hours ago, Chas4 said:

@Marcos It is to big (around 300 MB for the CD-ROM) to send that way and the ESET NOD32 context menu let me submit the one file, yet it has been a few weeks since I sent it in.

You could upload the file to a file sharing site and email the link. 

[Chas4 8]

33 minutes ago, peteyt said:

You could upload the file to a file sharing site and email the link. 

I already submitted the file to ESET almost a month ago (it is from an old game that requires the CD-ROM in the drive to be able to play the game).

The false positive is from a file from late 1999 and from Hasbro Interactive 

[Marcos 5,069]

Honestly, the last email that we have received from your outlook.com email address is from 2018. Please send one more email to samples[at]eset.com with a download link after uploading the file to a file sharing service.

[Chas4 8]

I know that has to be false (there is more than one email, this report would have another one of Microsoft's domains on it tho it was sent via the ESET GUI to report the false positive, also reported 300+ emails to ESET).  I am asking here because I have not heard back on the false positive report I sent in (via ESET GUI) back in September 2022. 

Shared a CC'd myself in the email to samples at eset email with false positive subject and also referenced this thread.

[Marcos 5,069]

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

[Chas4 8]

52 minutes ago, Marcos said:

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

Nope false positive on the file from 1999 (it came on the CD-ROM with the game and was part of the Hasbro Interactive code for the game, I think part of maybe online play), I got the file from the CD-ROM itself, and from a Windows ME machine with the game installed on it.

[peteyt 393]

22 hours ago, Chas4 said:

Nope false positive on the file from 1999 (it came on the CD-ROM with the game and was part of the Hasbro Interactive code for the game, I think part of maybe online play), I got the file from the CD-ROM itself, and from a Windows ME machine with the game installed on it.

This doesn't mean it's safe. Could be DRM but not sure, someone from Eset would be able to explain more 

[Chas4 8]

20 hours ago, peteyt said:

This doesn't mean it's safe. Could be DRM but not sure, someone from Eset would be able to explain more 

The DRM I know of the game is that the CD-Rom has to be in the disc drive to be played, also I got the same files from a Windows ME machine that was never on the internet.

[Chas4 8]

Still no response from ESET on the file I sent in.

[itman 1,659]

1 hour ago, Chas4 said:

Still no response from ESET on the file I sent in.

@Marcos already answered this;

Quote

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

You can exclude the PUA detection; your choice in doing so.

[Marcos 5,069]

2 hours ago, Chas4 said:

Still no response from ESET on the file I sent in.

 

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

For samples submitted via the built-in form a response is not guaranteed:

 

[Chas4 8]

@Marcos Why the detection on a file about a decade after the was included on the CD-ROM for the game (the machine I copied it from was never on the internet).  The file is just in the game file folder 

I can share the CD-ROM files with ESET (I still have the CD-ROM) like I asked a while back and also I don't think the installer works on Windows 10 and higher, I also still have the about 64GB HDD (the drive is from around 2000) the file was first on machine also had only 64MB of RAM.

5 hours ago, itman said:

@Marcos already answered this;

You can exclude the PUA detection; your choice in doing so.

It is already excluded yet is picked up by the auto scheduled scan but does not show when I do a manual computer scan.

[Chas4 8]

4 hours ago, Marcos said:

 

HSBR-MP.exe contains Win32/PowerReg potentially unsafe application, ie. the detection is correct. The detection is from 2009.

For samples submitted via the built-in form a response is not guaranteed:

 

I submitted it via the ESET GUI first and it does not say I will not get a response from ESET.

[Marcos 5,069]

8 minutes ago, Chas4 said:

Why the detection on a file about a decade after the was included on the CD-ROM for the game (the machine I copied it from was never on the internet).  The file is just in the game file folder

As I wrote, the detection is from 2009 so no wonder that it was detected on an older CD.

[Chas4 8]

1 hour ago, Marcos said:

As I wrote, the detection is from 2009 so no wonder that it was detected on an older CD.

But what about it still being detected even tho it is excluded and it being a possible false positive for that 1 file?

 

Also sent you a message about the other issue (one dating to a 2+ years old bug)

 

[itman 1,659]

16 hours ago, Chas4 said:

It is already excluded yet is picked up by the auto scheduled scan but does not show when I do a manual computer scan.

You probably didn't exclude it via Detection exclusion:

[Marcos 5,069]

It's Mac but ESET products for MacOS also support detection exclusions.

[Chas4 8]

2 hours ago, Marcos said:

It's Mac but ESET products for MacOS also support detection exclusions.

@MarcosNo this one is on Windows where I reported the false positive from.

 

2 hours ago, itman said:

You probably didn't exclude it via Detection exclusion:

I added it via the real time scanner when it picked it up and told it to exclude it.

[Marcos 5,069]

1 hour ago, Chas4 said:

I added it via the real time scanner when it picked it up and told it to exclude it.

I'd recommend editing the detection exclusion and changing the path to *

[Chas4 8]

On 10/20/2022 at 12:07 PM, Marcos said:

I'd recommend editing the detection exclusion and changing the path to *

Looks like that is how one of the detections was set by ESET

[Chas4 8]

On 10/20/2022 at 12:07 PM, Marcos said:

I'd recommend editing the detection exclusion and changing the path to *

It is now picking up items that are in the exclusion list (some reason the option to exclude the detections is not in that list of file detected).

[Marcos 5,069]

Not sure what you mean. We have tested detection exclusions with "*" in the path (without quotation marks) and it worked. If there's an issue, I'd recommend opening a support ticket since the config would have to be checked by technical support.