unknown macro virus

hi all,
i have some Word docs that are self installing macros that are part of a software suite that allows mail merges to take place between the software and Word. these macros are detected by Nod32 as unknown macro viruses, which they arent but are obviously codes such that nod32 isnt taking any chances! Thats fine as better safe than sorry.
I have submitted the files to Eset (to the sample address) to see if anything could be done about it. Admittedly I only did this last week and havent heard back yet, but was wondering if I am likely to hear back or whether Eset will be able to do anything about it anway....would they change the software just to stop my little problem?!

If they cant is there anything else I can do to stop these files from being flagged as possible viruses? I have the settings recommended in BlackSpear's thread and have also tried reducing heauristic sensitivty to normal and low.

thanks, Lee

 

You could try excluding the files in AMON:

Control Centre> AMON> Setup> Exclude (Tab)

Hope this helps.

Let us know how you go.

Cheers

 

thanks Blackspead, I'll give that a go and post back.

Just out of interest, and not sure whether you'd know this, when files are submitted to Eset as being genuine files that are flagged as viruses, is it something that they would fix and put out in the usual signature updates?

 

Yep, it's possible to fix a false positive, if confirmed. Also, I'd suggest to make sure the heuristics sensitivity is not set to deep.

 

I wonder hwy not using Deep heuristics and AH for real-time.
Then it's the same as AV without any heuristics.
Also AH is disabled by default. And then everyone is talking how great AH is. Yes it is if you enable it. I wonder how many users except us here actually enable them. Funny thing... I hope it's not too offtopic for this thread...

 

thanks Marcos, yes I've tried reducing the heuristic sensitivity but it still finds it! I'll try Blackspears suggestion and wait to see if my submitted files are picked up at eset, bet you have lots to get through!

 

Advanced heuristics is enabled by default for the IMON POP3 email and HTTP scanner which is part of the real-time protection. That would cover a lot of the sources for infection for users.

However, I would also like to see AH enabled by default in AMON.

 

Same here. Performance wise there is no difference. I also never had any false positive with Max heuristics.

 

Same here but I fear we digress.

 

sorry for the delay, with all the 2.5beta excitement I forgot I posted this problem.
Blackspear I did as you suggested and it worked, the only problem is if you move the files/folder of files to a different part of the hard disk it detects them again and i have to redo the exclusions to take into account where they are now.
To be honest, its not a big deal, and when the new beta found them earlier this week I let the new feature (name escapes me) bundle them off to Eset, so they have them again now.
Thanks to all who took time to reply, back to your beta playing testing!

 

Good to see lee1276, and thanks for getting back to us, as we all learn this way...

Cheers

 

Yes thats in interesting point - with the automatic submission feature ESET automatically get copies even if they are false positives.