ncc1707 1 Posted November 9, 2014 Posted November 9, 2014 Hi I have searched the forum, but didn't find an answer to my problem, so I am posting as a separate thread. I bought some software from COREL, and it offered a free version of WinZip 18.5. When I was downloading WinZip (in zip format) from Corel, ESET SS stopped the download, with a popup informing me that it contained variants of some stuff. I turned off protection for 10 mins, and d/l it, then had ESET SS check it again, with the same results. I copied the file to a CD and checked it with other AV's, and they found nothing. I think it is an FP. but I need to send it to ESET for clarification. I can't send the file to ESET (internally) for analysis, as it is too large, and if I follow the instructions of taking a print screen of the results and send it with the file, is is not feasible as it is already compressed, so to put a password on it in not possible. Can any one provide me with a URL where I can store the file, then I can send an email to ESET with the scanning results and have them access the file from that location. Also can I compress an already compressed file, so I can password protect it, so I can follow the rules. Your assistance is appreciated. Cheers
Arakasi 549 Posted November 10, 2014 Posted November 10, 2014 (edited) Hello, No need to submit the(your) file, and here is why !! ESET already detects the variant as you stated by blocking and providing a dialogue that stated Potentially harmful application. You can easily allow this download by checking in the advanced setup to ensure that detection of potentially unwanted applications and unsafe, are unchecked. Then try the download again, without having to disable the entire protection module. It is highly likely this is not a fp since PUPS are usually handled on a case by case basis, and if there is a detection, its most likely falling into a category already specified. The root problem is the package you received for WinZip 18.5 was a bundled package or msi that contained additional software besides Winzip, and this is what ESET detected. Edited November 10, 2014 by Arakasi
rugk 397 Posted November 10, 2014 Posted November 10, 2014 More information you can find here: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2629 And yes of course you can zip an already zipped file, but I assume it's not a FP, so there is no need to do it.
SweX 871 Posted November 10, 2014 Posted November 10, 2014 ESET is very good at detecting PUAs and PUPs, but for a second opinion you could always upload the file to https://www.virustotal.com/ and see if some of the other vendors detect the file as a Puppy as well, or something else. And I agree with Arakasi that it is highly unlikely to be a FP.
ncc1707 1 Posted November 10, 2014 Author Posted November 10, 2014 (edited) Thanks for all the feedback, it is appreciated. Cheers Edited November 10, 2014 by ncc1707
Recommended Posts