Nr2 0 Posted May 2 Posted May 2 I have Eset Protect and Endpoints in Windows 10 computers When double clicking a .xls file with macros, Eset shows a notification saying that it will scan the file. Menwhile Excel opens but says that it CANT open the file. Eset then announces that the file is safe. Closing excel and opening it again, now the file works. So, double click in an .xls file -> eset blocks and scan -> Excel says it cant open the file -> eset says the file is Ok -> close Excel -> Open file again I tried disabling macros in excel but the problem is prior to excel loading. Converting the file to .xlsx works but these files are generated by a system One workaround is opening Excel and then opening the file from within Excel but its time consuming.
Nr2 0 Posted May 2 Author Posted May 2 Latest version installed: .xls files are not on a network drive but locally downloaded.
Administrators Marcos 5,450 Posted May 2 Administrators Posted May 2 Where are the files downloaded from? Please provide a Procmon log from opening an xlsx file as it's not clear where they are located if not on a local or network drive.
Nr2 0 Posted May 2 Author Posted May 2 Files are downloaded from outlook.com But it doesn't matter where the files came from. I can copy the file or unblock it in the properties. I will procure a procmon log. In the meantime, you can see an example of this files here: https://dropmefiles.com/KdK3N
itman 1,801 Posted May 2 Posted May 2 3 hours ago, Nr2 said: So, double click in an .xls file -> eset blocks and scan -> Excel says it cant open the file -> eset says the file is Ok -> close Excel -> Open file again This sounds to me like normal LiveGuard cloud scanning behavior on unknown low reputation potentially suspicious files. Once the file is scanned and deemed safe, the file will not be blocked in the future.
Administrators Marcos 5,450 Posted May 2 Administrators Posted May 2 Yes, it appears to be a normal behavior of LiveGuard when proactive protection is enabled. You could create an exception by excluding "*.outlook.com/*" from submission. It should work with urls too.
Recommended Posts