Jump to content

Exclusions not working anymore in ESET latest version


Go to solution Solved by revanmj,

Recommended Posts

Hello,

I just realised not long ago that ESET no longer cares of the exceptions, or even of what protections are on.

Example: I downloaded Optimizer from https://github.com/hellzerg/optimizer (official website/repo) and ESET deleted it. No problem. But if I add an exception for it, it still is deleted. So I turn off the live protection, and it still deletes the file. Even after turning off every protection I could find in ESET's interface, it still deletes the EXE of the software.

This happens not only with this software which didn't asked anything, but also with development software like MITMProxy (https://mitmproxy.org/) but I understand this kind of app is detected, but ESET will ever try to delete the main EXE of the software, even with every detection turned off.

Worst part of all: being a developper, I make some little software, or atleast scripts. And Windows builds I do of my software gets deleted too!

Any idea of what's wrong? Thanks in advance.

 

See also: https://github.com/hellzerg/optimizer/issues/546

Link to comment
Share on other sites

Eset sees something suspicious in the .exe download and won't allow it. Based on the below detection, I don't see how an exception could be created. Looks like it is signature related to the Github website itself;

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
9/23/2024 3:58:27 PM;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/103370157/9e50da51-9462-4d5f-aca9-492fad3154e6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction/20240923/us-east-1/s3/aws4_request&X-Amz-Date=20240923T195827Z&X-Amz-Expires=300&X-Amz-Signature=57fde7f509dc6c2c9be9593a3a66190029eafaff5fed23cc6634ab3f332178ed&X-Amz-SignedHeaders=host&response-content-disposition=attachment; filename=Optimizer-16.7.exe&response-content-type=application/octet-stream;Suspicious Object;connection terminated;xxxxxxxxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (BF6FE3B2F9E7FF98FB025182DFFBF7298BD348BF).;3BFC4B12A533EE1CE62E5D348027D4AC90AB49DB;9/23/2024 3:58:27 PM

Edited by itman
Link to comment
Share on other sites

Hello, thanks for the response.

So actually what's detected and blocked is not the file but the response of the website?

That seems weird to me, because installing a software as I said like MITMProxy also got detected and exclusiosn didn't worked either, but maybe it's an online installer.

Also I tried to disable every security feature, but that didn't worked. Perhaps I forgot to turn Internet protection off?

And I retried to download Optimizer, but this time it worked. Rechecked for MITMProxy and it still detects it. Disabling live scan and LiveGuard didn't helped either. Same goes for disabling internet securities.

Link to comment
Share on other sites

I have similar issue - ESET started removing gogdl and nile binaries (used by Heroic Launcher for handling GOG and Amazon Games stores respectively). If I try to download them again (latest releases from their GitHub repositories), it deletes them while they're still in browser's cache with random name, so I cannot even add an exception.

Edited by revanmj
Link to comment
Share on other sites

  • Solution

I finally found out how to make ESET stop silently removing gogdl and nile (and possibly other "suspicious file" false positives) - you must add advanced exclusion for SHA1/SHA256 hash of the removed file (it is in the logs) instead of trying to use its name or path.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...