ESS sucks in cleaning!

Discussion in 'ESET Smart Security' started by berryracer, Apr 28, 2012.

Thread Status:
Not open for further replies.
  1. berryracer
    Offline

    berryracer Suspended Member

    Is this like a threat detection program or what? :rolleyes:


    I just inserted my small sister's BlackBerry, then ESS automatically found an autorun.ini virus, so it quarantined it, but it didn't give me the option to clean or delete it, it just quarantined in!

    Then it found many files in the RECYCLER folder of that BlackBerry but it also quarantined them and didn't offer me to delete them or clean them!

    I am starting to lose faith in Eset
  2. trjam
    Offline

    trjam Registered Member

    once it is quarantined, right click on it and you have the options you are talking about.
  3. 3x0gR13N
    Offline

    3x0gR13N Registered Member

    I don't use ESET, but I'm fairly certain that Quarantine = delete from original location and save backup copy of detected file in quarantine in case of FP.:rolleyes:
    You could also provide ESET threat log, so we can actually have some valuable info to go on.
  4. Marcos
    Online

    Marcos Eset Staff Account

    Indeed. Don't know what problem the OP has but it appears to me that ESET did its job perfectly - detected and neutralized the threat.
  5. agoretsky
    Offline

    agoretsky Eset Staff Account

    Hello,

    Hmm... a bit of a misunderstanding between how malware is removed from an infected medium along with some of the more esoteric jargon used by antimalware software such as ESET's, I think. Let me see if I can clarify:

    Cleaning is a kind of high-level term used in anti-malware to cover all of the processes by which a threat might be remediated.

    Probably the most well-known cleaning technique to the public is disinfection, which is the process by which parasitic malicious code, such as a classic computer virus, is removed from the object it has infected (such as a boot record, program file, document and so forth) and the object rewritten so that it is still usable. At least, that's the goal, sometimes a computer virus has overwritten a file to the point that it no longer works as intended. An anti-malware program can remove the malicious code, but it would not know exactly what the original code was doing to replace that.

    Parasitic file-infecting computer viruses, though, account for only a small fraction of we see on a daily basis. Most malware is, in fact, not recursively self-replicating, attach itself to a host program file, et cetera. They are bots, worms, trojans and other bits of badness that may spread, be dropped and so forth, but are completely self-contained in that they do not need to parasitize a file or a boot record in order to maintain persistent on a system.

    In the case of these more common types of threat, there's nothing really to disinfect. No files or boot code were parasitized, a new file was inserted into the system. In this case, ESET's job is to clean the infectious file by removing it from the system so it can no longer run, either by deletion or by moving to the quarantine folder.

    In the particular case of this BlackBerry, it sounds like some of its storage space is configured to show up as a USB Mass Storage device when connected to a computer running Microsoft Windows. When this occurred, and, and it was attached to the computer running ESET Smart Security, ESET's anti-malware software responded by moving the threat into the quarantine folder, as it had been configured.

    So, in this case, it seems to be a matter of the software behaving as it should when encountering this type of threat.

    Regards,

    Aryeh Goretsky
  6. CloneRanger
    Offline

    CloneRanger Registered Member

    Sounds like Blackberrys are a magnet for nasties :D
Thread Status:
Not open for further replies.