threat detected by NOD32 but not ESS

hi,

I have a file that is detected as a trojan by NOD32, but not by ESS. Both have up-to-date signatures and all set to highest settings. NOD32 detects the 'threat' on-access and on-demand, ESS doesnt detect it either way.

Its a fairly old file from an old collection of malware, so i dont know if the ESS database - if there is a difference - has been more finely tuned?

I'll submit the file to beta support anyway, but thought i'd post here too to raise awareness that ESS *MAY* not be detecting everything that NOD32 does.

Will let you know how i get on!

Lee

 

strange - i just turned off AMON and IMON on NOD32 on computer A so that i could email the file to myself to test whether ESS picked it up on computer B via email scanning, which it didnt.

I then re-enabled AMON and IMON on NOD32 on the other computer A and now the file is no longer detected...

what's that all about?!

Lee

ps the only other thing that happened was that NOD32 updated to 2239, but it was still detected after this:

04/05/2007 15:44:06 AMON
file:\\Battery\my documents\Trojan.JS.Snow
JS/Snow.A trojan
deleted FREERANGE\Lee
Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

wish i could try again with signatures 2238...

 

With NOD32 this possibly happened because of "Optimize scanning" in NOD32 . After update it was detected again because Optimize scanning means that after update all files will be scanned again . Not sure , of course , just guessing .

But just in case , this is one more reason one should never disable the real-time protection (AMON , NOD32 ....)

 

hi - the file was actually detected before and after the update, and it was after i temporarily disabled IMON and AMON so that i could email the file to myself, then enabled both again that it stopped being detected.

Even an on-demand scan now doesnt detect anything, and that doesnt utilise 'optimise scanning'.

It isnt detected by NOD32 on Virus Total either, just confusing as it was clearly being detected by my NOD32 earlier today UNTIL I disabled and re-enabled AMON...

 

If it is now undetected by your NOD32 and it is undetected in VirusTotal , this means that it was a false positive for NOD32 and ESET fixed it with the update . Updates for NOD32 and ESS contain the same information about what malware to detect but they are different , I think NOD may display a FP for somthing , ESS not and vice-versa.

 

maybe they did remove it in that update, strange cos i hadnt submitted the file and its an old file that was from a big collection of malware. Most AVs detect it at VT so i dont believe it is a false positive.

 

I think that you should send a mail to support (at) eset.com regarding this issue.