Jump to content

ESET 5.0.93 (AV) - huge disappointment


AlienForce1

Recommended Posts

Mine picked it up.. I downloaded to an excluded folder and the second my system interacted with the file it went off.. I did have to copy it.. because I excluded the folder... at that point the file activity extended beyond that folder and interacted with one are of my system of the other...

I received an error while trying to clean.. probably because of the internals of the file itself.. and was able to delete.. I believe this has something to do with my settings and the way I have it setup.. could always try my settings file... :P ..Drag and Drop however is weird, set off nothing.. I think since only MFT entries are addressed but when you copy it goes into memory which is scanned/protected..

Link to comment
Share on other sites


  • Replies 66
  • Views 13.7k
  • Created
  • Last Reply
  • Administrator

Staff Note: Many posts merged. Please use "Multi-Quote" + Multi+quote > "Add Reply" (below all the posts on the right side) buttons to quote multiple posts. :)

Link to comment
Share on other sites


Staff Note: Many posts merged. Please use "Multi-Quote" + Multi+quote > "Add Reply" (below all the posts on the right side) buttons to quote multiple posts. :)

:oops: :sorry:

Link to comment
Share on other sites


  • Administrator

Staff Note: Many posts merged. Please use "Multi-Quote" + Multi+quote > "Add Reply" (below all the posts on the right side) buttons to quote multiple posts. :)

:oops: :sorry:

No problem. :) It's important to keep the forums clean. ^_^

Link to comment
Share on other sites


I'm using eav 4.2.71.2 and it does not even detect the file. I'm using box_ktr 3.3.1. Even if I turn on advanced heuristics, potentially unwanted, potentially unsafe realtime scan options it does not detect it as a threat. on demand scan says it's clean. :huh:

Not that I have a problem with this, I'm glad it's not detecting it else it would be a false positive.

It`s strange what you say , look at HX1 post #26 , it confirms what I said about ESET vers.4

B96vbl.jpg

I know that box_ktr 3.3.1 can be trusted , I picked that file only as example - knowing that usually ESET deletes files packed with Autoit .

Link to comment
Share on other sites


Yes it's strange. I'm not doubting you guys or anything, just that mine isn't detecting it and I have no idea why. I'm using AntiVirus though, not Smart Security so that could be the reason but still I would expect it to use the same virus database so I have no explanation.

I know that during installation I disabled detection of potentially unwanted apps but I went in the settings today and manually enabled them but still it did not detect anything. Maybe it's just another bug. :P

Link to comment
Share on other sites


I know that during installation I disabled detection of potentially unwanted apps but I went in the settings today and manually enabled them but still it did not detect anything. Maybe it's just another bug. :P

This right here would be it.. You see nobody reads these little colorful boxes that popup and tell you all of the good little informations inside.. like a motherf#$%%^& pinata.. :D :lmao:

There is no infection.. nor is there a threat.. Detection of potentially unwanted applications meaning for all purposes that in fact you may not want the changes that these applications make to your system or programs.. Given the fact that most users do not nor ever will use a normal application which makes changes to system files or program files or registry entries belonging to other applications that are not shared objects and or files.. of applications that it is not a part of or registered to be.. and part of or used trojans and malware may in fact attempt to make changes which are abnormal upon running which may in fact initiate a vulnerability or point of control over said target system.. shut up and don't ask why I know this.. :P

This is not a detection malware nor a false positive.. it is in fact telling you essentially what this application may do... There is nothing to be cleaned from it as it is not an infection, nor malware nor does any code inside resemble it... The informations are very valuable so many heads-on-a-stick can make smart decisions but some still may in fact..choose incorrectly if they have no idea what they are doing nor what the warning indicates...

SOOOOOOO.. all along if you are not getting this notification in a folder which is not excluded from detection.. when accessing it.. then it may be your settings.. OR that part of your AV is in fact.. not working correctly after making the necessary adjustments and rebooting your system.... So that these changes and startup can initialize fresh with the intended settings..( sometimes a good idea ) though it may still start and run .. depends in EAV.. yes I did use ESS 4.. but this still should not have anything to do with this particular area...

I think we really got taken for a ride on this one to be honest...

EDIT: Please.. :thumbsup: nobody take it personal or harsh.. all in good fun and informative

Link to comment
Share on other sites


I just found out something. ESET does not seem to respect the settings after installation. Enabling detection of potentially unwanted apps during installation is just supposed to configure the program options, but it don't work afterwards if it were disabled during installation. So manually ticking the boxes to enable potentially unwanted apps detection does not seem to do anything in the case where it was disabled during setup. I don't entirely trust this conclusion though, it is probably some other configuration option I missed so don't take this as 100% true without investigating on your own. I'm too lazy to really go through all the settings to find out more.

Second thing is I reinstalled nod32 antivirus v4.2.71.2 with default settings and this time I enabled detection of potentially unwanted apps during installation and voila I was able to reproduce the error that AlienForce1 brought forward. :lol: So sorry to disappoint you further my alien friend but it seems that this problem also exists in eset v4.

I want to believe that they don't consider this a bug because the file itself cannot be cleaned and the only solution is to click delete. But I do think that the way it throws the error is not elegant at all and it needs to be improved. It would look so much better if it brought back up the nice orange box warning with a message saying that the file can't be cleaned and the next course of action is to delete or leave it alone. Something along those lines. Throwing a tiny grey box saying "error while cleaning" is total bullshit especially in this age of elegant and beautiful gui.

Would be great is somebody could contact eset and tell them about this. :rolleyes:

Link to comment
Share on other sites


Does this line exist in your exported settings file? ( Best if opened in Wordpad .. )


<NODE NAME="UnwantedEnable" VALUE="1" TYPE="DWORD" />

Should be in several places where it should be turned on each one at @ areas...

Link to comment
Share on other sites


running ESS5 n its working fine here , terminated my connection while i tried to download the KTR for testing purpose --- :P

1FC6P.png

how ever i noticed one thing .

the web protection portal for HTTP traffic does differ from Eset 4 .

i had certain bad url's bookmarked for testing purposes and when tested with ESS 5 , it blocked most but failed at a few .

and when i had them tested with Eset 4 , it blocked all . !

( eg - this one " indianpcmag.com " , was blocked on Eset 4 but not on Eset 5 ... )

dont know why .....? :dunno:

but still i m a happy man with Eset 5 .

have tried Kaspersky 2012 , Norton 2012 and many more new ones ...

nothing pleased well enough to keep it running on the system ,

except Eset .

fulfills my criteria well.

:)

Link to comment
Share on other sites


NOD32 keygen v1.1

Posting a "keygen" does not add much value to this topic. Besides it seem to be a program giving out some pre contained serials. Not sure if they work.

Link to comment
Share on other sites


  • Administrator

sooooo.....bottom line.... is it good, or bad? :unsure:

It's quite fine. :)

No detecting or removing/quarantining problem from my side.

Link to comment
Share on other sites


50% good 50% bad :lol:

tried it yesterday

ekrn.exe ( eset service) gone mad

use 99% cpu

back to v4

There must be something wrong with your install - you should try a clean install , then you will see that new version (5.0.93) it`s better than previous one (4.2.71) - at least in terms of performance . I didn`t see `ekrn.exe` going more than 30% not even at full scan - and the memory usage didn`t go beyond 100MB . But I don't put much price on memory usage - for me is more important the system load -> and here too version 5 stays better than version 4 .

The only thing what I don`t like at the new vers. is the way it treats the `malware` with default settings - and I am not sure that it`s a good change . Yes , I know that if you change `Cleaning settings` to `Strict cleaning` it ` will attempt to automatically clean or delete all infected files without user intervention` . But with vers.4.2.71 I didn`t have to change that part of settings .

Untill now I putted the `Cleaning settings` to `Strictly cleaning` only when I install nod32 on a computer where the user I knew he will not be able to give the right answer to alerts - so in that case was best to let nod32 to work automatically , without user intervention .

Link to comment
Share on other sites


unknownasphyxiated

finally i found what make the ekrn gone mad

this happen when eset(av) try to update

my college network use Microsoft Forefront Threat Management Gateway

its able to retrieve the update size but unable to download it

use mobile broadband and its update fine...

no more crazy eset service

also eset unable to delete/clean Nod32 Update Viewer

its allow Update Viewer to run and download update :frusty:

Link to comment
Share on other sites


also eset unable to delete/clean Nod32 Update Viewer

its allow Update Viewer to run and download update :frusty:

I would say look at your settings on this one because if I remember correctly this one is the one that list Update Servers.. It used to be blocked from communicating to certain places.. and or would set off Web Access Protection when loading/listing various sites... Some of these were in response to other websites on the same domain name and other problems... BUT This as well could be allowed to run anyway.. I even think PeerGuardian aided in blocking this one from connecting... Technically if the code itself within the file is not a virus or malicious .. then it won't be a file to clean or remove but could present itself as a 'Potentially unwanted application'... Maybe get a warning.. but you have to have the settings to do that..

Link to comment
Share on other sites


50% good 50% bad :lol:

tried it yesterday

ekrn.exe ( eset service) gone mad

use 99% cpu

back to v4

There must be something wrong with your install - you should try a clean install , then you will see that new version (5.0.93) it`s better than previous one (4.2.71) - at least in terms of performance . I didn`t see `ekrn.exe` going more than 30% not even at full scan - and the memory usage didn`t go beyond 100MB . But I don't put much price on memory usage - for me is more important the system load -> and here too version 5 stays better than version 4 .

The only thing what I don`t like at the new vers. is the way it treats the `malware` with default settings - and I am not sure that it`s a good change . Yes , I know that if you change `Cleaning settings` to `Strict cleaning` it ` will attempt to automatically clean or delete all infected files without user intervention` . But with vers.4.2.71 I didn`t have to change that part of settings .

Untill now I putted the `Cleaning settings` to `Strictly cleaning` only when I install nod32 on a computer where the user I knew he will not be able to give the right answer to alerts - so in that case was best to let nod32 to work automatically , without user intervention .

I had this same problem wherein NOD32 constantly went insane on CPU graph for apparently no reason, the only file it seemed to scan(shown under stats page) over & over was some Perfect Disk(version 12) sys file when optiwrite was turned ON, the ESS service wasn't hogging 100% of processor cycles but every second or two it spiked out of control, probably due to PDagent/PDengine running in the background, but something that didn't happen at the beginning when I installed ESET 5 nor was it the case with any other AV(tried AVAST/AVG) so had to uninstall it afterwards !

Link to comment
Share on other sites


I had this same problem wherein NOD32 constantly went insane on CPU graph for apparently no reason, the only file it seemed to scan(shown under stats page) over & over was some Perfect Disk(version 12) sys file when optiwrite was turned ON, the ESS service wasn't hogging 100% of processor cycles but every second or two it spiked out of control, probably due to PDagent/PDengine running in the background, but something that didn't happen at the beginning when I installed ESET 5 nor was it the case with any other AV(tried AVAST/AVG) so had to uninstall it afterwards !

It`s hard to understand why `ekern.exe` is going up to 100% . I have also in my laptop PerfectDisk12 (OptiWrite -> on) and nod32 5.0.93 and I don`t have that problem . So , only thing I can think is that maybe you didn`t clean your comp. before install nod32 v.5 . Do you have another security program installed that could enter in conflict with nod32 ?

I made for you two screenshots when nod32 was scanning the whole computer :

WUwcEl.jpgU6OyLl.jpg

Link to comment
Share on other sites


^^^

I have the same problems..

Hmm, I had f secure installed a long while back, and when i tried to install eset 5, it detected remnants of the program on install, maybe thats what causing the erratic CPU usage

I might have to reinstall f secure just to uninstall it again :frusty:

unless someone has better ideas??

edit

Went through reg manually, deleted legacy keys, re-installed, eset did not detect any previous AV's but had the same issue regarding cpu usage...

Its like the eset startup scan has gone absolutely batshit crazy, eating up to 77% (!) of my cpu...

Link to comment
Share on other sites


IF you know for a fact these programs and or extra services are clean .. You can try to exclude them from detection and scanning.. Then reboot after saving the settings and see if it helps.. On mine I used Microsoft's recommended AV Exclusions and have excluded a few other program folders on my system.. Seems to help as well as watching files and/or logs that are constantly being scanned and accessed all of the time.. Seems to help when you have issues like this sometimes.. Configurations can be different.. so access to these files can be different as well..

On the F-Secure thing, I would look to their website to see about a removal tool or uninstaller.. to properly clean the Program(s) in question.. It's always good to uninstall/remove, then remove all related folders while in safe mode.. Then clean the registry.. Before doing a reinstall.. or installing a new Suite or program.

Link to comment
Share on other sites


unknownasphyxiated

well,i found what causing eset service to reach 100% all the time

my college network is behind proxy(Microsoft Forefront) and whenever eset try to update,it can retrieve the file size but cannot download the update file

fyi,i've done the uninstallation using the default first(from start menu) and then the manual uninstaller

but still the same even after 2nd try

got no problem when update using mobile broadband

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...