JerryG 4 Posted April 8, 2023 Posted April 8, 2023 Hi Admin and Superusers, I am a long time user and financial supporter of ESET and today i was working on another infected PC and was able to locate the infected file (fyi the file is about 18 months old so not new). I safely moved it to my PC and scanned it with ESET Internet Security and it came up clean. I then uploaded it to Virus total and 51 vendors cited it as being infected INCLUDING ESET-NOD32. I can't understand why if ESET on Virus Total flagged it, why didn't my current updated version on my PC flag it. My PC version: Internet Security 16.0.26.0, Version of detection engine: 27035 (20230407). Thanks In advance J
Administrators Marcos 5,725 Posted April 8, 2023 Administrators Posted April 8, 2023 Please provide: 1, A link to VirusTotal results 2, Logs collected with ESET Log Collector.
itman 1,920 Posted April 8, 2023 Posted April 8, 2023 13 hours ago, JerryG said: I safely moved it to my PC and scanned it with ESET Internet Security and it came up clean. I then uploaded it to Virus total and 51 vendors cited it as being infected INCLUDING ESET-NOD32. I can't understand why if ESET on Virus Total flagged it, why didn't my current updated version on my PC flag it. File could be packed, obfuscated, etc.. In other words, malware won't be detected until executed and loaded into memory.
rotaru 15 Posted April 9, 2023 Posted April 9, 2023 On 4/8/2023 at 10:18 AM, itman said: malware won't be detected until executed and loaded into memory. With all due respect, I believe this is a wrong statement. I was under the impression that when you do a computer scan malwares will be detected without being executed in RAM
itman 1,920 Posted April 9, 2023 Posted April 9, 2023 (edited) 24 minutes ago, rotaru said: With all due respect, I believe this is a wrong statement. I was under the impression that when you do a computer scan malwares will be detected without being executed in RAM In this instance, Eset's real-time protection should have detected the the malware when it was created on the OP's device. Since it wasn't detected then, it wouldn't have been when the file was manually scanned since it uses the same real-time scanning methods. As I posted, not all malware can be detected via Eset's real-time heuristic sandbox processing. I assume if the OP was using ESSP and the file was submitted to the Eset Cloud via LiveGuard, it would have detected it. Edited April 9, 2023 by itman
rotaru 15 Posted April 9, 2023 Posted April 9, 2023 16 minutes ago, itman said: not all malware can be detected via Eset's real-time heuristic Why not assume that the specified malware is not detected by ESET, cloud or not?
itman 1,920 Posted April 9, 2023 Posted April 9, 2023 We need to stop speculating till the OP posts the VT detection link as requested. @Marcos can then download the sample from VT and determine if Eset detects it on file creation or not.
rotaru 15 Posted April 10, 2023 Posted April 10, 2023 1 hour ago, itman said: We need to stop speculating I agree, we should have never started with " In other words, malware won't be detected until executed and loaded into memory."
Recommended Posts