Jump to content

Antivirus keeps detecting the same files even after I instruct it to Ignore. Also auto deletion of detections not authorized.


Recommended Posts

After initial scan, notifications keep popping up with same detections that I previously instructed the program to ignore, even with the bottom 2 checkboxes enabled that I believe said something like (paraphrasing) "exclude (or ignore) this (file) or (application)" and  "exclude (or ignore) this (signature?)".  At least 4 times the same files were detected (and interrupting me) even after I said to ignore and remember.

Also I don't like the auto delete (or clean) of my files and programs without permission.  I hate having to manually answer every detection, but if I have to do it to preserve my programs, I expect to only have to do it once, and not be asked continually regarding the same files or programs.  Also if it's going to notify me in the corner, I should be able to click the notification and bring up the application interface and instruct the program how to deal with detection, not have it fade away while it's deleting my stuff.

All IMHO, of course.

Link to comment
Share on other sites

  • Administrators

Couldn't it be that the files were detected in c:\documents and settings and c:\users? The former is a junction point that points to the latter so both need to be excluded.

Please provide logs collected with ESET Log Collector.

Link to comment
Share on other sites

It's possible, but it's been days and days and it still keeps finding the same files.  The log files just show the detections from the first days scans, so they must just be telling me about the same ones.

I Also get constantly reminded about the same changes to the start menu.  It's getting kind of annoying.

Link to comment
Share on other sites

  • Administrators
1 hour ago, Martian said:

It's possible, but it's been days and days and it still keeps finding the same files.  The log files just show the detections from the first days scans, so they must just be telling me about the same ones.

Please provide logs collected with ESET Log Collector should files be detected after creating a detection exclusions.

1 hour ago, Martian said:

I Also get constantly reminded about the same changes to the start menu.  It's getting kind of annoying.

Not sure what you mean without a screenshot, please post one if it happens with this setting in the advanced HIPS setup disabled:

image.png

Link to comment
Share on other sites

Sending log files.

 I can try that fix you suggested, but I do like to know if something is messing with my start menu.

Waiting to catch screenshot.  Of course it won't do it when I want it to.   I'm sending log files now, I will send screenshot later.

Thanks for your help

essp_logs.zip

Link to comment
Share on other sites

  • Administrators

As I assumed, you have the above setting in the advanced HIPS setup enabled. Please disable it which should stop the notifications from popping up.

Link to comment
Share on other sites

I would like to know if someone is messing with my startup settings.  I just don't know why they would keep changing the same ones.  I will turn that setting off for now to see what happens.  I have some screenshots of those messages as well as the detections that keep coming up.  I don't know how many you want to see.

 

I have more if you want them.

RecurringMulti_Detection7-B.png

RecurringMulti_Detection7-c.png

RecurringMulti_Detection7-d.png

RecurringSINGLE_Detection1.png

RecurringSINGLE_Detection2.png

RecurringSINGLE_Detection3.png

RecurringSINGLE_Detection4.png

Link to comment
Share on other sites

  • Administrators

You have created detection exclusions but not for the CoinMiner variants in the screenshots. In the configuration youve' provided you have the following variants excluded from detection:

Win64/CoinMiner.MR potentially unwanted application
Win64/CoinMiner.GG potentially unwanted application

Since you have even more variants, you'll need to exclude each.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...