Jump to content

Where can I find a description of the action "Säubern"?


Recommended Posts

After an automatic scan during computer idle time, I got a window informing me about PUAs. For one of them, the most reasonable action seemed "Säubern" (in English GUI maybe called "clean", "des-infect" or the like) but I first wanted to know what this action will result in, hence I searched the knowledge base and the forum but did not find anything enlighting. As the help cannot be called from that dialog (pressing F1 simply does nothing), I called the help from the main eset window and used the search function, but looking at the matches I did not find anything really answering my question, as most matches are about settings of threat sense. So I opened the according folder in Windows Explorer and simply tried out "Säubern"; I observed in Explorer that the file was deleted without any prompt or the like appearing in eset Smart Security. As it was the executable, the whole program is unusable now :-(

 

=> As a feedback to eset: It's one of the good UX practices to let users anticipate the consequences of decisions/actions as well as to inform about "relevant" actions done automatically. In this case, eset Smart Security failed completely: As the finding was only a PUA and not a file I was about to execute so it could not perform any harmful actions, I would have preferred to keep the file and send it to jottis malware scanner or the like, instead of simply deleting it. Maybe it's a translation issue, maybe a user interaction design issue, maybe both. IMHO an absolute no-go is not even to notify the user about a file deletion.

 

=> As the term "Säubern" does not seem to be a suiting title for the action it triggers in this dialog, where can I find a more detailed description of the action in the mentioned context? Yes, in the help I was finding e.g. hxxp://help.eset.com/ess/9/de-DE/idh_scan_clean.htm?zoom_highlightsub=s%C3%A4ubern which is about viruses, not PUAs, so only of limited relevance for my case, and tells

Wenden Sie die Option „Säubern“ an, wenn eine Datei von einem Virus mit Schadcode infiziert wurde. In einem solchen Fall sollten Sie zuerst versuchen, den Schadcode aus der infizierten Datei zu entfernen und ihren Originalzustand wiederherzustellen. Wenn die Datei ausschließlich Schadcode enthält, wird sie gelöscht.

which is in principle describing what I intended to do, but in contrast to that text I would expect (based on experience with outer antivirus software) that eset Software tries to remove the malicious code, not that I need to try to do it manually on my own (how? with a HEX editor? really?). Moreover, I would not expect eset Software to quietly delete the file, but that I am explicitly triggering or at least confirming deletion (e.g. with a prompt in the style "The file cannot be cleaned as it only consists of malicious code. Shall eset delete the file? y/n") as I obviously want to interact with the GUI (I did change the settings from automatic to interactive mode and I just chose "Säubern" from the drop down and pressed the button "Übernehmen"!) and even the CLI offers such a prompt as standard according to hxxp://help.eset.com/ess/9/de-DE/advanced_cmd.htm?zoom_highlightsub=s%C3%A4ubern (/clean-mode=standard), so the GUI that forces itself in front of all windows can be expected to be as interactive as the CLI which is often used for scripting...

 

Honestly speaking, I am frightened eset software might again silently delete stuff - not a good base to deepen my trust into this security solution.

Link to comment
Share on other sites

  • Administrators

Cleaning means:

1, In the case of malware consisting only of a malicious code (most malware like Trojans, backdoors, worms, etc) it means deletion of the file, removing references to it from the registry as well as resetting certain registry values often modified by malware.

2, In the case of file infectors (viruses) or macro (VBA) malware it means sanitizing the file in a way that the malicious code cannot run or by removing it, removing references to it from the registry as well as resetting certain registry values often modified by malware.

In either case, a copy of the original malicious file is created in quarantine so that it can be restored at a later time, if needed.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...