Jump to content

ESET Detection / False Positive


Go to solution Solved by Marcos,

Recommended Posts

Hi All 

 

I am trying to download a software from a portal. This software is used to provide VOIP Telephony Client to our customers that we develop in conjunction with our partners. Recently, Eset Antivirus / Endpoint Security / Eset Internet Security is showing the download containing malware, yet when disabling the Protection, then re-enabling and scanning said file - No issues are found. 

 

Already submitted as an urgent request to whitelist the file as we need to provide this update to our clients, but this has not yielded a result. 

Can someone take a look at it for me?

 

FKO

CirrusVOIPClient.zip

Link to comment
Share on other sites

  • Administrators

I assume it's rather a potentially unwanted or unsafe application which was detected and not an actual threat. Unfortunately neither the standard password "infected" nor any of the passwords I've tried worked so I could not unpack the files from the archive and scan them. What password did you use?

Link to comment
Share on other sites

It occurs when downloading from the following addresses which is the verfied source. 

They instantly go into Quarantine, it doesnt matter which browser is used etc

 

https://portal.cirrusresponse.com/download/app/install_5.0.5.26_27_32.msi
https://portal.cirrusresponse.com/download/app/install_5.0.5.26_27_64.msi

 

 

Link to comment
Share on other sites

  • Administrators
  • Solution

I was able to find the root cause of detection, it will be fixed within a couple of minutes. Thanks for the heads-up.

Link to comment
Share on other sites

Ta muchly. Does the Endpoint Client need to be updated in anyway? If so what is the timescale I should expect for it to filter through? 

Link to comment
Share on other sites

Thank you for confirming :)

Finally - Are you able to tell me why it was doing it? If not - no worries, just need to cover all bases. 

Link to comment
Share on other sites

  • Administrators

It was a false positive like any other, in this case caused by a loose detection that could trigger also FPs upon downloading specific msi installers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...