ESEA client false positive

[Anth-Unit]

NOD32 is detecting my ESEA client as: a variant of Win32/Packed.Themida application. I'm pretty sure that this is a false positive. The ESEA client is a counter-strike matchmaking service that finds different pugs for players to join. I've already submitted the file to eset via NOD32 and I'm wondering if I should also report the false positive to support[at]eset.com. The website for this service is: http://www.esportsea.com/

Edit:
@ replaced with [at] to prevent robots from harvesting our address

Win32/Packed.Themida application

Application - this sounds like not false positive but real potentially unwanted/unsafe software . In case you want to take the risk of using such applications , you must uncheck these cathegories in the AMON/IMON setup.

http://www.wilderssecurity.com/showp...80&postcount=2

[Anth-Unit]

Quote:

Originally Posted by HiTech_boy

Win32/Packed.Themida application

Application - this sounds like not false positive but real potentially unwanted/unsafe software . In case you want to take the risk of using such applications , you must uncheck these cathegories in the AMON/IMON setup.

http://www.wilderssecurity.com/showp...80&postcount=2

I don't think thats the case. When I turn off potentially unwanted/unsafe applications it still detects the file.

-edit-

Actually, you're probably right. I'm using the ESS beta right now and I cant seem to get the setting to stick. It seems to turn itself back on after I uncheck the option to detect unwanted/unsafe applications. I still don't understand why this is classified as an unwanted/unsafe application. It's a very popular service amongst online CS gamers and as far as I know it does not fall under any of the characteristics explained in that link you gave me (remote access tools, password-cracking applications, and keylogger). I assume if it was a keylogger, password-cracker etc. someone would have discovered it by now as its been around forever.

Is it ok for me to post a virus total result in this case? A few other scanners detect this file, most of them look like a heuristic detection.

[Marcos]

Disabling potentially unsafe applications makes the alert disappear, I have tested it and it actually works. We will analyse the file and remove detection if it's actually a legit application.

[Anth-Unit]

Quote:

Originally Posted by Marcos

Disabling potentially unsafe applications makes the alert disappear, I have tested it and it actually works. We will analyse the file and remove detection if it's actually a legit application.

Thanks for the fast response! It looks like it was fixed as NOD32 no longer detects the file.