Excluding malware (or perceived malware)

[BDeep 7]

This has come up before but I am bringing it up again because it is an important topic. Is there a way to exclude detected hashes in endpoint products either directly in the endpoint or via remote administrator? We have some code and programs being popped as malware that does not live in one specific directory. ERA detects all of the hits as the same hash. We would like to exclude the hash as a false positive.

[Marcos 4,704]

This is not possible. Hashes are not calculated real-time. You can submit the file to ESET for analysis and possible whitelisting, however.

[BDeep 7]

This is not possible. Hashes are not calculated real-time. You can submit the file to ESET for analysis and possible whitelisting, however.

Thanks Marcos.

I also found this. Looks like something related (but not exactly as I posted) is in the works: https://forum.eset.com/topic/8813-threat-exclusion/

[Marcos 4,704]

 

This is not possible. Hashes are not calculated real-time. You can submit the file to ESET for analysis and possible whitelisting, however.

Thanks Marcos.

I also found this. Looks like something related (but not exactly as I posted) is in the works: https://forum.eset.com/topic/8813-threat-exclusion/

 

 

That's correct. However, exclusions by names can only work for potentially unsafe or unwanted applications. If an innocuous application is detected as a threat, it should be submitted to ESET for a review. If you are 100% positive that it's clean, you can exclude the file with a full path completely until the detection is fixed on ESET's part.