ESS detected a change to itself - Deny/Allow?

Ok, i upgraded my v3, and tried to update my newly installed v4 beta...
Update finished, and this came up...




So, should I realy choose deny? Is ess4 malware?

 

Re: Comments, questions, suggestions

Bwahahahhaaa!!!!!!

 

Hello,

No, this is the expected behavior if application modification detection is enabled.

Regards,

Aryeh Goretsky

 

But is it really needed to not trust yourself?

 

We are aware of this problem, it's being investigated.

 

Can you change the warning at the same time to be more user friendly? I've always hated this warning ever since I got phoned at 3AM from someone panicking thinking they had malware.

This program has been changed since you last allowed it internet access, this may be because you have updated the program or it may be because of malware having changed the file. What would you like to do?

Sounds better.

 

In my humble opinion, an important point of application modification detection is to be able to detect when e.g. a new virus (with unknown signature) attempts to modify your antivirus protection. I am sure you all have read stories of trojans that are able to disable poorly designed AV protections, so that you think you are protected while in reality you are wide open.

The fact that ESET does not seem trust even itself, is a good thing (TM). However, the average user may get upset. There are two ways to deal with this:

a) Users could be warned upon upgrading ESS that they will see a warning about ekrn.exe being modified and that they can (and should) safely accept it.

b) Somehow ESS v3 knows in advance the md5 hash of the new v4 executable and silently accepts its modification, bypassing the protection.

Speaking for myself, I'd prefer solution a) to familiarise users with the operation of application modification detection and reassure them that it actually works.