HGStyle 0 Posted September 23 Share Posted September 23 Hello, I just realised not long ago that ESET no longer cares of the exceptions, or even of what protections are on. Example: I downloaded Optimizer from https://github.com/hellzerg/optimizer (official website/repo) and ESET deleted it. No problem. But if I add an exception for it, it still is deleted. So I turn off the live protection, and it still deletes the file. Even after turning off every protection I could find in ESET's interface, it still deletes the EXE of the software. This happens not only with this software which didn't asked anything, but also with development software like MITMProxy (https://mitmproxy.org/) but I understand this kind of app is detected, but ESET will ever try to delete the main EXE of the software, even with every detection turned off. Worst part of all: being a developper, I make some little software, or atleast scripts. And Windows builds I do of my software gets deleted too! Any idea of what's wrong? Thanks in advance. See also: https://github.com/hellzerg/optimizer/issues/546 Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 23 Share Posted September 23 (edited) Eset sees something suspicious in the .exe download and won't allow it. Based on the below detection, I don't see how an exception could be created. Looks like it is signature related to the Github website itself; Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 9/23/2024 3:58:27 PM;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/103370157/9e50da51-9462-4d5f-aca9-492fad3154e6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction/20240923/us-east-1/s3/aws4_request&X-Amz-Date=20240923T195827Z&X-Amz-Expires=300&X-Amz-Signature=57fde7f509dc6c2c9be9593a3a66190029eafaff5fed23cc6634ab3f332178ed&X-Amz-SignedHeaders=host&response-content-disposition=attachment; filename=Optimizer-16.7.exe&response-content-type=application/octet-stream;Suspicious Object;connection terminated;xxxxxxxxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (BF6FE3B2F9E7FF98FB025182DFFBF7298BD348BF).;3BFC4B12A533EE1CE62E5D348027D4AC90AB49DB;9/23/2024 3:58:27 PM Edited September 23 by itman Quote Link to comment Share on other sites More sharing options...
HGStyle 0 Posted September 24 Author Share Posted September 24 Hello, thanks for the response. So actually what's detected and blocked is not the file but the response of the website? That seems weird to me, because installing a software as I said like MITMProxy also got detected and exclusiosn didn't worked either, but maybe it's an online installer. Also I tried to disable every security feature, but that didn't worked. Perhaps I forgot to turn Internet protection off? And I retried to download Optimizer, but this time it worked. Rechecked for MITMProxy and it still detects it. Disabling live scan and LiveGuard didn't helped either. Same goes for disabling internet securities. Quote Link to comment Share on other sites More sharing options...
revanmj 1 Posted September 27 Share Posted September 27 (edited) I have similar issue - ESET started removing gogdl and nile binaries (used by Heroic Launcher for handling GOG and Amazon Games stores respectively). If I try to download them again (latest releases from their GitHub repositories), it deletes them while they're still in browser's cache with random name, so I cannot even add an exception. Edited September 27 by revanmj Quote Link to comment Share on other sites More sharing options...
Solution revanmj 1 Posted September 28 Solution Share Posted September 28 I finally found out how to make ESET stop silently removing gogdl and nile (and possibly other "suspicious file" false positives) - you must add advanced exclusion for SHA1/SHA256 hash of the removed file (it is in the logs) instead of trying to use its name or path. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.