Sample Submission for Analysis

[Arakasi 549]

Quick question for anyone that may know up front.

Is there a log for past files submitted ?

I would not want to submit a file i have already submitted previously.

 

Eset Nod32 & SS - Tools > Submit sample for Analysis

 

Thank you.

[stackz 94]

Is there a log for past files submitted ?

Not that I'm aware of, though the best way to submit files is by following the directions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1377139275407&ref=esf

[Arakasi 549]

Thank you stackz.

 

Its not really a false positive, or web url, or virus.

It kind of falls into a different category, so the traditional zip up and email, was kind of at the back of my mind.

Looking more for some insight on a particular service this program uses and why Eset is labeling it as Risky.

 

Kudos for your reply and thoughtfulness anyway !

 

Edit: I think i submitted it once already, was hoping to double check. lol

Edited August 22, 2013 by Arakasi

[Aryeh Goretsky 353]

Hello,

 

If you look in Advanced Setup under Tools|ESET Live Grid|Participate in ESET Live Grid|Advanced Setup|Contacct Email there is an option below it labeled Enable logging.  If this option is turned on, submissions to ESET should be logged

 

Alternately, if you want to send a private message to the moderators with your username ("EAV-########") and an approximate date a sample might have been submitted, along with any other relevant info (filename, URL, etc.) it might be possible to locate the information.

 

Regards,

 

Aryeh Goretsky

 

[Arakasi 549]

Thanks Aryeh

[mayaonline 0]

our file is submitted at samples@eset.com so many times for false positive and requried removal from your database but no one help me.

i have created two post and you are removing these posts. pls help us.

 

here is virustotal report : https://www.virustotal.com/en/file/4f89f5a827138f00c4e94b383c071064b4b2b81a790f60c80aae900bc906f229/analysis/1379506360/

 

we need removal because we want to test our product with vb100. this file is antivirus setup file. pls help us.

Edited September 18, 2013 by dwomack
Do not post direct links to executable files, especially those detected by ESET as potential threats.

[Arakasi 549]

Marcos or any mod.

We have a link again in previous post.

Please assist team.

Thanks

[mayaonline 0]

we have try everything but no result.

 

we are in touch at samples@eset.com from last 4 to 6 month but not getting any reply.

 

we have posted 2 post for this and both are removed.

 

we are Antivirus company and we want to send our product at vb100 for testing and vb100 told us that we have to remove this from Eset database.

 

pls try to understand solve it and remove from your database.

[SweX 871]

 and vb100 told us that we have to remove this from Eset database.

 

pls try to understand solve it and remove from your database.

I really doubt this part, VB can chose if they want to include your software in their testing or not, that has nothing to do if another vendor e.g ESET detects PUA's in your software.

[Arakasi 549]

I am very sorry mayaonline, traditional approach to investigating the false positive is the only method that will work in your situation.

These public forums are for the assistance of public and private users of ESET security system software.

While sometimes assistance out of scope is provided, customer facing service is better handled by phone or by email.

I think were just a bunch of techs in here doing what we can to help with system related issues and or questions about ESET products.

Good luck sir !!

Edited September 19, 2013 by Arakasi

[mayaonline 0]

we already sent so many email at samples@eset.com but no reply.

if they reply then we dont use the forum.

tell us any other way for removal ? other AV company like symantec give reply within 24 hour and Eset is never reply and this is reason for using forum.

we have also contact AV-Test and Vb100 for testing our product but they need removal from eSet from virustotal.com

pls understand and give us the solution.

[SweX 871]

we already sent so many email at samples@eset.com but no reply.

if they reply then we dont use the forum.

tell us any other way for removal ? other AV company like symantec give reply within 24 hour and Eset is never reply and this is reason for using forum.

we have also contact AV-Test and Vb100 for testing our product but they need removal from eSet from virustotal.com

pls understand and give us the solution.

The solution is very simple as I see it, take out the PUA from your software that ESET is detecting.

 

And when you have done that, re-submit the file to ESET for reclassification and they will probably remove the detection if everything is as it should be, if not then the detection will stay in place.

[Arakasi 549]

 

The solution is very simple as I see it, take out the PUA from your software that ESET is detecting.

 

And when you have done that, re-submit the file to ESET for reclassification and they will probably remove the detection if everything is as it should be, if not then the detection will stay in place.

 

 

This ^^

[Arakasi 549]

@mayaonline

 

Virus Total on your exe :

 

Comments This installation was built with Inno Setup.

Signature verification A certificate chain could not be built to a trusted root authority.

 

So it is my belief that if you want to fix your issue. read the following article :

hxxp://technet.microsoft.com/en-us/library/cc751157.aspx

 

and instead use one of the following  CA's:

hxxp://social.technet.microsoft.com/wiki/contents/articles/14215.windows-and-windows-phone-8-ssl-root-certificate-program-member-cas.aspx

 

 

side note: Why are you using Inno Setup to build your package ? Let Visual Studio create your installation ??? This is weird to me . . .

[mayaonline 0]

dear sir,

your wrote :

                      Comments This installation was built with Inno Setup.

                      Signature verification A certificate chain could not be built to a trusted root authority.

 

Our Reply :

                      (1) Why not we used Inno Setup ? we dont want to use other setup.

                      (2) we are using Digicert certification for signing of our .exe and website of Digitcert is : hxxp://www.digicert.com "A certificate chain could not be built to a trusted root authority" ?

 

Pls help and solve, i think this is not issue to list our product as a PUA. if it is reaaly a PUA then why not other vendor list it ?

[SweX 871]

 

 

The solution is very simple as I see it, take out the PUA from your software that ESET is detecting.

 

And when you have done that, re-submit the file to ESET for reclassification and they will probably remove the detection if everything is as it should be, if not then the detection will stay in place.

 

 

This ^^

 

Did you agree with it, or did you think my suggestion was wrong? Sorry for asking 

[mayaonline 0]

we are disagree, because in previous PUA due to inno setup and CA certificate but we are not agree for this.

Pls help and solve, i think this is not issue to list our product as a PUA. if it is reaaly a PUA then why not other vendor list it ?

 

this is purely ESET issue and nothing else.

[mayaonline 0]

you can tell us any practical thing which we can do. we are ready to do anything which is real required to change.

[SweX 871]

Pls help and solve, i think this is not issue to list our product as a PUA. if it is reaaly a PUA then why not other vendor list it ?

 

Only the other vendors can answer the question why they don't or do detect it. 

Though that's like asking why doesn't all vendors detect this malware sample, the best answer to that is, because not all vendors get the sample at the same time.

 

But I guess you could always submit your program to some other vendors and ask them if they would count anything in your software as a PUA and/or PUP. With the risk of getting more detections on VT afterwards if they add detection for it.

[mayaonline 0]

ok. then why not you tell us how to remove PUA from eset. eSet told this is PUA and we tell you that it is not PUA.

you can install it and check or tell us other solution.

we are not ready to change inno setup and digicert digital sign vendor. you told us only two issue which is not valid.

 

if you want digicert details then tell us we are ready to provide you.

Edited September 20, 2013 by mayaonline

[Arakasi 549]

Just to make sure there is zero confusion.

I dont work for Eset. My responses are subjected to beingy faulty.

Im simply speculating on your troubles.

I agreed with you Swex.

[SweX 871]

I agreed with you Swex.

Right, I just wanted to make sure since the smiley you used sometimes means that one were sarcastic. 

 

In any case I actually miss thumbup and thumbdown icons. 

[Arakasi 549]

You mean like this Swex ?

 

LOL , just save my image and upload it until we get a larger repertoire of emoticons

Edited September 22, 2013 by Arakasi

[SweX 871]

Ah what the heck, I just wright "I agree" or "I disagree" until we get some thumbs in here. 

[mayaonline 0]

hi,

we have changed digital sign and it is now show certified but ESET is detecting it :

 

here is the report :

https://www.virustotal.com/en/file/6c0a016a66787396ac6c7479adb103503a179cce37e7026f3eedc8e454caa61d/analysis/1379882162/

 

now tell me what is the next Step ?

ESET detection by name shows that they deliberately detected because our application is also a Antivirus product.