YMatrix Posted January 27, 2012 Share Posted January 27, 2012 Hello!Hoping somebody has seen this symptom and found a fix.I am using the latest Eset Nod32 Anti virus (5.x) and have found that the program still blocks files that are suspected to contain virus (trainers, patches etc.), even when I disable the real time protection! :wtf: I thought it was some configuration I that I changed, but even on a new install on another computer this occurs.I also thought it might have to do something with the HIPS protection, so I disabled it, restarted the computer but the same symptom occurs.The only way I have found to bypass this was by creating an exception rule (which also works while the AV is active, so why create a temporary disable?!).So my question is - is there a way to temporarily disable the AV without having to create an exception rule everytime?Thanks! Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted January 27, 2012 Administrator Share Posted January 27, 2012 Very much the case here. Have seen this happening several times till now. Probably a bug. Link to comment Share on other sites More sharing options...
henz Posted January 27, 2012 Share Posted January 27, 2012 disable real time protection permanently, then restart ?are you sure the file is not damaged ? Link to comment Share on other sites More sharing options...
Sonar Posted January 27, 2012 Share Posted January 27, 2012 Tnod is affected. ESET is removing needed files.Not sure how long its been like it for me, but i just tried to update and found it out. Link to comment Share on other sites More sharing options...
eurobyn Posted January 27, 2012 Share Posted January 27, 2012 you have to disable anti stealth technology alsoit is not a bug Link to comment Share on other sites More sharing options...
YMatrix Posted January 27, 2012 Author Share Posted January 27, 2012 How does the anti-stealth interfere?According to Eset the Anti-stealth technology is to prevent rootkits.Rootkits use special techniques to prevent unauthorized files and processes from being detected using conventional means. Anti-Stealth technology is integrated into ESET NOD32 Antivirus and allows the On-demand Scanner to detect and delete these objects, even when their presence has been hidden from the operating system. By default, Anti-Stealth is enabled in ESET NOD32 Antivirus and is used automatically by the modules which require it.SourceAccording to this the Anti-Stealth is only relevant when performing an on-demand scan, hence not my case.disable real time protection permanently, then restart ?Haven't tried it, but seems too complicated for a temporary disable. If this were the case, creating an exclusion rule for every FP file would be easier and less time consumingare you sure the file is not damaged ?Yes, I am sure. When creating an exclusion rule I can run the files (in plural) with no problems. Link to comment Share on other sites More sharing options...
henz Posted January 28, 2012 Share Posted January 28, 2012 if the file already threated by av, maybe u can't access it even you have disable your av.if not, and you can try it... -_-even disable real time protection, the service ekrn.exe still running, don't forget that. Link to comment Share on other sites More sharing options...
YMatrix Posted January 28, 2012 Author Share Posted January 28, 2012 henz, I just tried your suggestion but no luck.I tried first disabling the AV, then extracting the file to a folder.The extraction was performed with no AV intervention.When trying to run the file, even though the AV is in a disabled state, the AV catches the file and stops execution.I know the ekrn.exe service is still running but IMO when selecting a disabled state, you are aware that the AV stops protecting you, hence if your choices what to do in this state are wrong you can infect the computer.Why create a disabled state if its not really disabled?! Link to comment Share on other sites More sharing options...
R0H1T Posted January 28, 2012 Share Posted January 28, 2012 Disable web access protection alongwith realtime FS protection, the ESET GUI will still probably report the blocked file(like in my case) but then you should be able to download the file :mellow:P>S> Tried this with IDA/IDM but can't say the same about the browsers' default download manager :o Link to comment Share on other sites More sharing options...
YMatrix Posted January 28, 2012 Author Share Posted January 28, 2012 The problem isn't with downloading, the problem is with running the file.For instance when I try to run uTorrent updater from here, the file is blocked because of Autoit script usage in the application.Assuming that when you disable the real time protection you will be able to run the file, but this is not the case.Even when the real time protection is disabled the file is blocked.Like I said the only way to be able to run the file is by adding an exclusion. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted January 28, 2012 Administrator Share Posted January 28, 2012 Have you disabled Potentially Unwanted Protection? Cause that one blocks IP Filter Downloader. PUP is useless IMO, blocks good medicines. I know, disabling PUP wont solve your problem fully as the problem is in ESET on whole, not PUP. Link to comment Share on other sites More sharing options...
henz Posted January 28, 2012 Share Posted January 28, 2012 can you post the virus catched screenshot ? Link to comment Share on other sites More sharing options...
YMatrix Posted January 28, 2012 Author Share Posted January 28, 2012 When PUP is disabled eset doesn't bother me, even when active.But thats not the case, what I would like to know is why eset continues to block even when protection is disabled.From all your answers I see that everyone has this kind of behavior, and each find a way to bypass it (disabling PUP, exclusion etc.), meaning this is an eset bug.Here is a screen shot when trying to run uTorrent updater (with PUP enabled, and all of Eset disabled). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.