EzheTThezh 1 Posted April 4, 2015 Share Posted April 4, 2015 Hello, I face a simple yet annoying problem: sometime when I download a file, it is blocked by Nod32 because (this is not the original message as I run Nod32 in french version so it may sound a bit different in the english version): "your download has been blocked because this file seems to be infected by a virus or a malware". I would like Nod32 to finish the download and then ask me what I want to do but I don't have the choice: my download is automatically aborted :/ How can I do that ? Thank you in advance, Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted April 4, 2015 Administrators Share Posted April 4, 2015 If it is malware what you download then ESET won't give you a chance to continue with the download. However, if it's a potentially unwanted, unsafe or suspicious application which is detected, you'll be asked whether you want to terminate connection or take no action so that the download is completed. Link to comment Share on other sites More sharing options...
rugk 397 Posted April 4, 2015 Share Posted April 4, 2015 (edited) Here you can get more information about PUAs: What is a potentially unwanted application? There you can also see a message of a blocked download of a PUA and as you can see you can continue it. But if it's malware then you can't do this of course. Maybe some specific examples or screenshots would help to determinate what kind of detection it is. Edited April 4, 2015 by rugk Link to comment Share on other sites More sharing options...
EzheTThezh 1 Posted April 4, 2015 Author Share Posted April 4, 2015 Thank you for your answer. What leads me to confusion is that Eset tells me that the downloaded file seems to be infected by a virus or a malware, which lets me think that, possiblly, it may not be infected. Maybe this is the result of its heuristic engine and that it could be a false positive ? So again, I am looking for a way to decide by myself if I choose to continue the download or if I stop it. Do I have to understand that you are telling me it is impossible ? I tried several anti virus in the past years and, so far, I never saw one stopping a download without expressly asking me if I want to continue or not. Link to comment Share on other sites More sharing options...
rugk 397 Posted April 4, 2015 Share Posted April 4, 2015 Well... of course you could completely deactivate the protocol scanning (which triggers this message) or exclude your browser (as you can see in the second screenshot below), but this would deactivate an important protection layer of NOD32. So could you provide some screenshots of the message, where it states it "seems" to be infected? If this is not a PUA detection and "seems" to be infected then this is a bit strange. You can also post some links here, but if you do so please "unlink" them by replacing hxxp:// with hxxp:// e.g. Link to comment Share on other sites More sharing options...
SweX 871 Posted April 4, 2015 Share Posted April 4, 2015 IMO, instead of fiddling around with exclusions and start believing the product is wrong and that it may be a FP each time it detects something(doing its job), simply send in a FP report to ESET and be done with it. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1428166173832 If it really is a FP they will take care of it, if not then the detection will stay, and if you're still not happy after that then you can use exclusions provided you know about the risks. "I never saw one stopping a download without expressly asking me if I want to continue or not." And if the user takes the wrong decision and end up infected they would blame the product, and the vendor would blame the user for taking the wrong decision. Therefore, no questions asked is best for the majority of users. But when it comes to user optional detections like Unsafe/Unwanted the choice is totally yours. Link to comment Share on other sites More sharing options...
EzheTThezh 1 Posted April 5, 2015 Author Share Posted April 5, 2015 Thank you very much for your explanations. I understand better how things work with Eset now. @rugk: I will definitely not disable the protocol scanning. I can not post any screenshot because I chose to stop downloading the file: I didn't understand that a malware is way too risky compared to an adware. Thank you again Link to comment Share on other sites More sharing options...
EzheTThezh 1 Posted April 5, 2015 Author Share Posted April 5, 2015 I tried to download again the file and the problem occured again: see the screenshot (french): Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted April 5, 2015 Share Posted April 5, 2015 What exactly are you downloading? Can you provide a link? Link to comment Share on other sites More sharing options...
EzheTThezh 1 Posted April 5, 2015 Author Share Posted April 5, 2015 (edited) This is some 3D stuff found on a blog: hxxp://uploaded.net/file/gftnv1nv/yen.2415.78-3D_Max_model_mouldings.rar Edited April 5, 2015 by EzheTThezh Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted April 5, 2015 Share Posted April 5, 2015 Well even Google Chrome gave me a warning so I would not trust it. It may not be malware related but no way would I trust downloading it. Link to comment Share on other sites More sharing options...
EzheTThezh 1 Posted April 6, 2015 Author Share Posted April 6, 2015 I would like to download this file though and see by myself what's inside of it: if there is any kind of .exe file I won't open it for sure. So I tried what rugk suggested above and excluded Firefox from the protocol filtering. This time the download went further on, but at the very end Firefox gave me the same message "download blocked because etc ...". And I couldn't retrieve the file. Link to comment Share on other sites More sharing options...
rugk 397 Posted April 6, 2015 Share Posted April 6, 2015 (edited) I think this block is maybe a block from Firefox. Many browser also block malicious downloads. So as this file got blocked by seemingly 1000 parties I really would stay away from it. BTW under what name is it detected from NOD32? Edited April 6, 2015 by rugk Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted April 6, 2015 Share Posted April 6, 2015 Not sure what else to tell you. Eset, Google Chrome and Firefox are all warning you not to download it. If you absolutely need the file then I suggest emailing the person who made the file and telling them. Link to comment Share on other sites More sharing options...
EzheTThezh 1 Posted April 7, 2015 Author Share Posted April 7, 2015 OK you guys are probably right, I won't try to download it anymore, it would just be kind of stupid to do that. @rugk: I can't give you any response because NOD32 doesn't give any name in the message. Link to comment Share on other sites More sharing options...
SweX 871 Posted April 7, 2015 Share Posted April 7, 2015 @rugk: I can't give you any response because NOD32 doesn't give any name in the message. I don't believe the notification in your screenshot in post #8 is an ESET detection notification, at least it doesn't look like it. It seems to be from the browser itself. Firefox uses "malware data" provided by Google, so if it is blocked in Chrome there is a chance that it is blocked in Firefox as well. Link to comment Share on other sites More sharing options...
Solution EzheTThezh 1 Posted April 7, 2015 Author Solution Share Posted April 7, 2015 Thank you all for your clear explanations Link to comment Share on other sites More sharing options...
Recommended Posts