ESET 5.0.93 (AV) - huge disappointment

[AlienForce1]

First of all I must say that I use nod32 antivirus on different computers over time (since vers. 2.70) .

Now , when the latest stable vers. of nod32 (5.0.93) was released I installed on one of my laptops and I was pleasantly impressed how fast it is !

So - you will say why that title of the post ?

Because the latest nod32 5.0.93 antivirus doesn`t do it`s main job : to keep the computer clean and clean the malware found by it`s real-time scanner or by schedulled scans .

I explain you now : on the second partiton I created a back-up folder were I putted all the cracks , patches and keygens that normally I allways have with me on a USB thumb . I have these files from nsane or other reputable sources .

Anyway , you can immagine that a lot of these files are categorized by antivirus programs as malware - and obviously nod32 antivirus did identified some of these files as malware and he proposed me to clean these file (and making a copy to quarantine - that part I like) - I responded yes - clean . Here comes the big and unpleasant surprise : the identified files are still there ! nod32 didn`t clean or delete not even one file !

Here is a part of the full computer scan log :

Edit 8.02.2012 -> finaly the problem was solved by ESET with the release of version 5.0.95

[grapplem1]

First of all I must say that I use nod32 antivirus on different computers over time (since vers. 2.70) .

Now , when the latest stable vers. of nod32 (5.0.93) was released I installed on one of my laptops and I was pleasantly impressed how fast it is !

So - you will say why that title of the post ?

Because the latest nod32 5.0.93 antivirus doesn`t do it`s main job : to keep the computer clean and clean the malware found by it`s real-time scanner or by schedulled scans .

I explain you now : on the second partiton I created a back-up folder were I putted all the cracks , patches and keygens that normally I allways have with me on a USB thumb . I have these files from nsane or other reputable sources .

Anyway , you can immagine that a lot of these files are categorized by antivirus programs as malware - and obviously nod32 antivirus did identified some of these files as malware and he proposed me to clean these file (and making a copy to quarantine - that part I like) - I responded yes - clean . Here comes the big and unpleasant surprise : the identified files are still there ! nod32 didn`t clean or delete not even one file !

Here is a part of the full computer scan log :

Scan Log

maybe eset though u only chose clean option when eset couldn't clean it without deleting and just copy infected files to quarantine , try change Cleaning mode at on demand scanner into Strict Cleaning .

[HX1]

First off.. when you clean a file it stays and the infection or malicious code is ripped out from where it has been tagged on so to speak.. If it cannot be cleaned it will log it usually if it does clean the file it will say so...if possible.. Second of all to pick up all of the keygens/patchers/what not which are not actual threats.. then you must turn on the ' Detect Possible unwanted Applications' options ( not exact too tired to look it all up.. ) But you have to do these things to get it to do what you want.. You also may want to change or alter the Parameters of what happens when a file is detected.. this may enable the files to be wiped from your drive.. version 4 is the same.. Settings should be in place.. you may simply just need to alter the settings to what you want it to do now.

Web Access Protection should also stop actual infections from being downloaded... before it hits your system..

[R0H1T]

Have you actually set the cleaning option to no cleaning(out of the 3 modes available - no/standard/strict cleaning) by chance/mistake ?

[HX1]

How many of these exist? ( Topics )

[AlienForce1]

maybe eset though u only chose clean option when eset couldn't clean it without deleting and just copy infected files to quarantine , try change Cleaning mode at on demand scanner into Strict Cleaning .

Cleaning mode is on default

[kurtcobain]

maybe eset though u only chose clean option when eset couldn't clean it without deleting and just copy infected files to quarantine , try change Cleaning mode at on demand scanner into Strict Cleaning .

i second that.

[grapplem1]

maybe eset though u only chose clean option when eset couldn't clean it without deleting and just copy infected files to quarantine , try change Cleaning mode at on demand scanner into Strict Cleaning .

Cleaning mode is on default

now try like i said .

[AlienForce1]

[grapplem1]

[AlienForce1]

Have you actually set the cleaning option to no cleaning(out of the 3 modes available - no/standard/strict cleaning) by chance/mistake ?

NO , at the moment of that scan the settings were default (standard)

How many of these exist? ( Topics )

I do not know how I did - I did not intentionally double post - I asked a moderator to delete the other post and move the answers here

[R0H1T]

Have you actually set the cleaning option to no cleaning(out of the 3 modes available - no/standard/strict cleaning) by chance/mistake ?

NO , at the moment of that scan the settings were default (standard)

Do you have UAC turned ON because the screenshot is showing UAC prompt shield which means that you'll need administrator level privileges to perform a given operation(read/write) on that particular executable file/script ?

[LeetPirate]

someone else with eset v5 why not download the same box_ktr.exe file and see if it is cleaned? It's not like it is harmful or anything. Then I'll know if to keep using eset v4. :lol:

[unknownasphyxiated]

any autoit based program will do,i guess

[mara-]

I think this problem exists in v4. I was never been able to use context menu. It never offered any options do delete or clean. You have to open main window and scan from there.

Cheers ;)

[unknownasphyxiated]

for me,i use advanced option > clean files

(eset v4)

[HX1]

Have you excluded the download folder/file in which the file exists? I honestly think this is simply a matter of settings and properly understanding how and or why ESET works the way it does.. Simple oversight I think...Having control over all of these areas is much different... and if you don't comb through from top to bottom in ESET.. and realize how they relate to one another there can be some overlapping or even misconfiguration.. I love ESET and its options for the very reason of the detail in control.. but you have to think and remember at the same time.. Not an exercise most programs ever have you do... :P I think its great..

You also have to remember how a 'CLEAN' works.. and how a deletion works... and what gets deleted... MSRT even has issues 'cleaning files'.. It is usually good to have say 'ONE' area .. for example... do the dirty works of unpacking compressed files, and tearing apart executables for detections with Advanced Heuristics enabled.. Each major tier has settings as well and most of the individual module tiers.. Your issues will probably be in the first module.. and relative to each involved module under... as well as other settings... including On-Demand Computer Scans.. which should be relative to what your doing..

IMO I would think to be safe to say if you do not enable this action for the main module or tier.. then you will not be able to have that in other areas.. below that module.. You have to enable it on the main module and then only turn on what you want for each module under..

[R0H1T]

I think this problem exists in v4. I was never been able to use context menu. It never offered any options do delete or clean. You have to open main window and scan from there.

Cheers ;)

I've tried the clean option for KTR & it doesn't work cause ESET 5 tries to clean the autoit script instead of deleting the file, there is an option for the latter after the scan has finished, the delete option is available only once(after the scan is finished) but if you select clean NOD32 will continue to try'n'clean subsequently afterwards rather than deleting the file !

[AlienForce1]

Have you actually set the cleaning option to no cleaning(out of the 3 modes available - no/standard/strict cleaning) by chance/mistake ?

NO , at the moment of that scan the settings were default (standard)

Do you have UAC turned ON because the screenshot is showing UAC prompt shield which means that you'll need administrator level privileges to perform a given operation(read/write) on that particular executable file/script ?

I have only one user on my comp. and it has admin. rights

someone else with eset v5 why not download the same box_ktr.exe file and see if it is cleaned? It's not like it is harmful or anything. Then I'll know if to keep using eset v4. :lol:

As I said in the first time I used many years nod32 antivirus and now it`s the first time that I see nod32 is not capable to quarantine or delete a file that it considers malware (with settings default)

With vers. 4.2.71 (which is the last one I used previously) I never had any problem -> so , LeetPirate , I think that best decision would be to stay for the moment with 4.2.71 -> maybe the next version will be better , or maybe the the cleaner module will be updated (hopefully soon)

For the moment , even if I don`t like it , I had to modify the settings :

- real time -> cleaning - default

- on demand -> cleaning - Strictly cleaning

With these modified settings nod32 manges to do it`s job - clean or delete the malware it finds with the scanner on demand (and copy to quarantine the file removed) - and the real time scanner only blocks malware , it doesn`t clean or delete any file . <_<

(probably if I modify all settings to `Strictly cleaning` nod32 will remove what it identifies as malware - but I don`t believe it`s safe to let it delete everything he wants to...) B)

First off.. when you clean a file it stays and the infection or malicious code is ripped out from where it has been tagged on so to speak.. If it cannot be cleaned it will log it usually if it does clean the file it will say so...if possible.. Second of all to pick up all of the keygens/patchers/what not which are not actual threats.. then you must turn on the ' Detect Possible unwanted Applications' options ( not exact too tired to look it all up.. ) But you have to do these things to get it to do what you want.. You also may want to change or alter the Parameters of what happens when a file is detected.. this may enable the files to be wiped from your drive.. version 4 is the same.. Settings should be in place.. you may simply just need to alter the settings to what you want it to do now.

Web Access Protection should also stop actual infections from being downloaded... before it hits your system..

As I said previously , with vers.4.2.71 I didn`t ever had any problem (Cleaning settings on default) - my disapointment is that this NEW version (5.0.93) doesn`t clean or delete the files with real time scanner (with default settings)

I have to say also that only Kaspersky disinfects malware from files or archives - Norton and nod32 delete these files (the whole file , or the whole archive)

I think this problem exists in v4. I was never been able to use context menu. It never offered any options do delete or clean. You have to open main window and scan from there.

Cheers ;)

- I can not agree with you - in context menu you have a second option to clean , right below scan with eset nod32

(and there is possible also to modify in `Context Menu` settings )

[R0H1T]

[AlienForce1]

I think this problem exists in v4. I was never been able to use context menu. It never offered any options do delete or clean. You have to open main window and scan from there.

Cheers ;)

I've tried the clean option for KTR & it doesn't work cause ESET 5 tries to clean the autoit script instead of deleting the file, there is an option for the latter after the scan has finished, the delete option is available only once(after the scan is finished) but if you select clean NOD32 will continue to try'n'clean subsequently afterwards rather than deleting the file !

That didn't happen with nod32 antivirus 4.2.71 - it deletes KTR on sight , it is enough to open the folder with KTR !

(settings - default)

Have you excluded the download folder/file in which the file exists? I honestly think this is simply a matter of settings and properly understanding how and or why ESET works the way it does.. Simple oversight I think...Having control over all of these areas is much different... and if you don't comb through from top to bottom in ESET.. and realize how they relate to one another there can be some overlapping or even misconfiguration.. I love ESET and its options for the very reason of the detail in control.. but you have to think and remember at the same time.. Not an exercise most programs ever have you do... I think its great..

That`s one of the parts I like too at nod32 - it let`s you tune the settings and how it deals with the `malware` it finds - bad part is that it (and Norton) usually deletes the whole file , it doesn`t disinfect inside the file or the archive ( like Kaspersky does )

At that moment of scan I didn`t make any exclusions - and maybe it`s not a bad ideea to exclude the whole folder with USB_back-up for cracs, patches and keygens (in this way scan will also be faster) . B)

Thank you ! :cheers:

[R0H1T]

I think this problem exists in v4. I was never been able to use context menu. It never offered any options do delete or clean. You have to open main window and scan from there.

Cheers ;)

I've tried the clean option for KTR & it doesn't work cause ESET 5 tries to clean the autoit script instead of deleting the file, there is an option for the latter after the scan has finished, the delete option is available only once(after the scan is finished) but if you select clean NOD32 will continue to try'n'clean subsequently afterwards rather than deleting the file !

That didn't happen with nod32 antivirus 4.2.71 - it deletes KTR on sight , it is enough to open the folder with KTR !

(settings - default)

You see when KTR is detected by ESET's realtime protection it immediately deletes the file(see post above) this is the case when winrar.exe is extracting the file to a folder, now if you've turned advanced heuristics ON then even if explorer.exe accesses the file KTR is deleted i.e. the default behaviour of NOD32 is to remove an infected file when a running application accesses it or the PUP/PUA is executed except incase of advanced heuristics when the explorer shell triggers file deletion. Incase of a user scan the default action is cleaning(disinfection) the file if possible otherwise deleting it(the user is given an option after the scan is over) as you can see from the deep blackish red in one of the screenshots above. I hope that allays yours doubts regarding ESET's potency !

[AlienForce1]

R0H1T

You see when KTR is detected by ESET's realtime protection it immediately deletes the file(see post above) this is the case when winrar.exe is extracting the file to a folder, now if you've turned advanced heuristics ON then even if explorer.exe accesses the file KTR is deleted i.e. the default behaviour of NOD32 is to remove an infected file when a running application accesses it or the PUP/PUA is executed except incase of advanced heuristics when explorer triggers the file deletion. Incase of a user scan the default action is cleaning(disinfection) the file if possible otherwise deleting it(the user is given an option after the scan is over) as you can see from the deep blackish red in one of the screenshots above. I hope that allays yours doubts regarding ESET's potency !

No , with vers.4.2.71 was enough to open a folder (in explorer) were is present also KTR (unarchived) - and I don`t think it`s a wise ideea to activate `advanced heuristics` on Real time scanner .

[R0H1T]

R0H1T

You see when KTR is detected by ESET's realtime protection it immediately deletes the file(see post above) this is the case when winrar.exe is extracting the file to a folder, now if you've turned advanced heuristics ON then even if explorer.exe accesses the file KTR is deleted i.e. the default behaviour of NOD32 is to remove an infected file when a running application accesses it or the PUP/PUA is executed except incase of advanced heuristics when explorer triggers the file deletion. Incase of a user scan the default action is cleaning(disinfection) the file if possible otherwise deleting it(the user is given an option after the scan is over) as you can see from the deep blackish red in one of the screenshots above. I hope that allays yours doubts regarding ESET's potency !

No , with vers.4.2.71 was enough to open a folder (in explorer) were is present also KTR (unarchived) - and I don`t think it`s a wise ideea to activate `advanced heuristics` on Real time scanner .

Well if it was(not sure about zat) then that behaviour has been altered in ESET 5 & doesn't seem like a bad thing to me anyways as you can see from the screenshots above the file will be cleaned first else there'll be an option for deleting it !

[LeetPirate]

I'm using eav 4.2.71.2 and it does not even detect the file. I'm using box_ktr 3.3.1. Even if I turn on advanced heuristics, potentially unwanted, potentially unsafe realtime scan options it does not detect it as a threat. on demand scan says it's clean. :huh:

Not that I have a problem with this, I'm glad it's not detecting it else it would be a false positive.