Sony catalyst_prepare_plugin_effect.plugin gets removed because of Themida.L

[Moxtell 0]

Hi

When I try to install Sonys plugin (Catalyst Browse for Adobe Premiere Pro - https://support.d-imaging.sony.co.jp/app/cpplugin/en/preparation/) ESET removes it when I start. If I scan the file it also removes it with the following message: 

Log
Scan Log
Version of detection engine: 27140 (20230427)
Date: 27-04-2023  Time: 17:11:45
Scanned disks, folders and files: C:\Users\username\Downloads\Catalyst_Prepare_Plugin_1.1.0.64.exe
User: Username
C:\Users\username\Downloads\Catalyst_Prepare_Plugin_1.1.0.64.exe » WIXSFX » 0002.cab » CAB » a0 » MSI » main.cab » CAB » ID403014be785d43dda085da58bbe8fbc2 - a variant of Win64/Packed.Themida.L suspicious application - cleaned by deleting [1]
Number of scanned objects: 259
Number of detections: 1
Number of cleaned objects: 1
Time of completion: 17:12:05  Total scanning time: 20 sec (00:00:20)

Notes:
[1] Object has been deleted as it only contained the virus body.

 

What to do? 

 

/Moxtell

 

 

 

[Marcos 5,070]

The detection is technically correct. Themida is a protector often misused by malware writers to elude detection. The file is not digitally signed which doesn't add on trustworthiness. The file is detected as a suspicious application and not as a threat per se.

[Moxtell 0]

Just now, Marcos said:

The detection is technically correct. Themida is a protector often misused by malware writers to elude detection. The file is not digitally signed which doesn't add on trustworthiness. The file is detected as a suspicious application and not as a threat per se.

OK thx - but how do I get around it and get ESET to not remove it? 

 

[Marcos 5,070]

The best would be if the author signed the executable, however, I assume that's not something you could influence. Therefore you could create a detection exclusion also with the path to the file or its hash if it doesn't update often.