Moxtell 0 Posted April 27, 2023 Share Posted April 27, 2023 Hi When I try to install Sonys plugin (Catalyst Browse for Adobe Premiere Pro - https://support.d-imaging.sony.co.jp/app/cpplugin/en/preparation/) ESET removes it when I start. If I scan the file it also removes it with the following message: Log Scan Log Version of detection engine: 27140 (20230427) Date: 27-04-2023 Time: 17:11:45 Scanned disks, folders and files: C:\Users\username\Downloads\Catalyst_Prepare_Plugin_1.1.0.64.exe User: Username C:\Users\username\Downloads\Catalyst_Prepare_Plugin_1.1.0.64.exe » WIXSFX » 0002.cab » CAB » a0 » MSI » main.cab » CAB » ID403014be785d43dda085da58bbe8fbc2 - a variant of Win64/Packed.Themida.L suspicious application - cleaned by deleting [1] Number of scanned objects: 259 Number of detections: 1 Number of cleaned objects: 1 Time of completion: 17:12:05 Total scanning time: 20 sec (00:00:20) Notes: [1] Object has been deleted as it only contained the virus body. What to do? /Moxtell Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted April 27, 2023 Administrators Share Posted April 27, 2023 The detection is technically correct. Themida is a protector often misused by malware writers to elude detection. The file is not digitally signed which doesn't add on trustworthiness. The file is detected as a suspicious application and not as a threat per se. Link to comment Share on other sites More sharing options...
Moxtell 0 Posted April 27, 2023 Author Share Posted April 27, 2023 Just now, Marcos said: The detection is technically correct. Themida is a protector often misused by malware writers to elude detection. The file is not digitally signed which doesn't add on trustworthiness. The file is detected as a suspicious application and not as a threat per se. OK thx - but how do I get around it and get ESET to not remove it? Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,070 Posted April 27, 2023 Administrators Solution Share Posted April 27, 2023 The best would be if the author signed the executable, however, I assume that's not something you could influence. Therefore you could create a detection exclusion also with the path to the file or its hash if it doesn't update often. Link to comment Share on other sites More sharing options...
Recommended Posts