Jump to content

How to let ME block or not downloaded files (and not Nod32) ?


EzheTThezh
 Share

Go to solution Solved by EzheTThezh,

Recommended Posts

Hello,

 

I face a simple yet annoying problem: sometime when I download a file, it is blocked by Nod32 because (this is not the original message as I run Nod32 in french version so it may sound a bit different in the english version): "your download has been blocked because this file seems to be infected by a virus or  a malware".

 

I would like Nod32 to finish the download and then ask me what I want to do but I don't have the choice: my download is automatically aborted  :/

 

How can I do that ?

 

Thank you in advance,

 

Link to comment
Share on other sites

  • Administrators

If it is malware what you download then ESET won't give you a chance to continue with the download. However, if it's a potentially unwanted, unsafe or suspicious application which is detected, you'll be asked whether you want to terminate connection or take no action so that the download is completed.

Link to comment
Share on other sites

Here you can get more information about PUAs: What is a potentially unwanted application?

There you can also see a message of a blocked download of a PUA and as you can see you can continue it.

But if it's malware then you can't do this of course.

 

Maybe some specific examples or screenshots would help to determinate what kind of detection it is.

Edited by rugk
Link to comment
Share on other sites

Thank you for your answer.

What leads me to confusion is that Eset tells me that the downloaded file seems to be infected by a virus or a malware, which lets me think that, possiblly,  it may not be infected. Maybe this is the result of its heuristic engine and that it could be a false positive ? So again, I am looking for a way to decide by myself if I choose to continue the download or if I stop it.

Do I have to understand that you are telling me it is impossible ?

I tried several anti virus in the past years and, so far, I never saw one stopping a download without expressly asking me if I want to continue or not.

Link to comment
Share on other sites

Well... of course you could completely deactivate the protocol scanning (which triggers this message) or exclude your browser (as you can see in the second screenshot below), but this would deactivate an important protection layer of NOD32.

post-3952-0-61729700-1412442130_thumb.pngpost-3952-0-03387900-1412441622_thumb.png
 
So could you provide some screenshots of the message, where it states it "seems" to be infected?

If this is not a PUA detection and "seems" to be infected then this is a bit strange.

You can also post some links here, but if you do so please "unlink" them by replacing hxxp:// with hxxp:// e.g.

Link to comment
Share on other sites

IMO, instead of fiddling around with exclusions and start believing the product is wrong and that it may be a FP each time it detects something(doing its job), simply send in a FP report to ESET and be done with it.

 

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1428166173832

 

If it really is a FP they will take care of it, if not then the detection will stay, and if you're still not happy after that then you can use exclusions provided you know about the risks. 

 

"I never saw one stopping a download without expressly asking me if I want to continue or not."

 

And if the user takes the wrong decision and end up infected they would blame the product, and the vendor would blame the user for taking the wrong decision. Therefore, no questions asked is best for the majority of users. But when it comes to user optional detections like Unsafe/Unwanted the choice is totally yours.

Link to comment
Share on other sites

Thank you very much for your explanations. I understand better how things work with Eset now.

@rugk: I will definitely not disable the protocol scanning.

I can not post any screenshot because I chose to stop downloading the file: I didn't understand that a malware is way too risky compared to an adware.

Thank you again

Link to comment
Share on other sites

This is some 3D stuff found on a blog:

hxxp://uploaded.net/file/gftnv1nv/yen.2415.78-3D_Max_model_mouldings.rar

Edited by EzheTThezh
Link to comment
Share on other sites

I would like to download this file though and see by myself what's inside of it: if there is any kind of .exe file I won't open it for sure. So I tried what rugk suggested above and excluded Firefox from the protocol filtering. This time the download went further on, but at the very end Firefox gave me the same message "download blocked because  etc ...". And I couldn't retrieve the file.

Link to comment
Share on other sites

I think this block is maybe a block from Firefox. Many browser also block malicious downloads.

So as this file got blocked by seemingly 1000 parties I really would stay away from it.

 

BTW under what name is it detected from NOD32?

Edited by rugk
Link to comment
Share on other sites

Not sure what else to tell you. Eset, Google Chrome and Firefox are all warning you not to download it. If you absolutely need the file then I suggest emailing the person who made the file and telling them. 

Link to comment
Share on other sites

OK you guys are probably right, I won't try to download it anymore, it would just be kind of stupid to do that.

@rugk: I can't give you any response because NOD32 doesn't give any name in the message.

Link to comment
Share on other sites

@rugk: I can't give you any response because NOD32 doesn't give any name in the message.

I don't believe the notification in your screenshot in post #8 is an ESET detection notification, at least it doesn't look like it. It seems to be from the browser itself. Firefox uses "malware data" provided by Google, so if it is blocked in Chrome there is a chance that it is blocked in Firefox as well.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...