Decompression Problems

Discussion in 'ESET NOD32 Antivirus' started by Kielty, Jan 2, 2009.

Thread Status:
Not open for further replies.
  1. Kielty

    Kielty Registered Member

    Joined:
    May 3, 2005
    Posts:
    139
    Location:
    The Emerald Isle
    I posted a while back re decompression problems with EAV/ESS

    https://www.wilderssecurity.com/showthread.php?t=202358

    and i thought i would take a look to see if there was a solution.

    I was reading this post and it seemed to do the trick..

    https://www.wilderssecurity.com/showthread.php?t=199540&highlight=decompression

    A simple thing like changing the permission of the USERS in the c:\windows\temp directory to allow modification works.

    I have done a brand new vista home premium installation with only EAV 3 installed UAC enabled - SP1 and all patches applied.

    A few questions...

    1. This problem does not occur with EAV 3 64 bit version or v2.7 of eset av on systems with UAC enabled. Why only the 32 bit version of EAV3 on vista?

    2. This is easily recreated on a vista 32 bit system, why has it not been fixed by eset?

    3. What are the security consequences of allowing users modification of the c:\windows\temp directory?

    4. Why does EAV 3 need to modify the c:\windows\temp directory anyway?

    Any thoughtso_O
     
  2. Kielty

    Kielty Registered Member

    Joined:
    May 3, 2005
    Posts:
    139
    Location:
    The Emerald Isle
    anyone?
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    1. No idea, sounds more like a fluke than anything else.

    2. Can't help here, I don't have limited user machines with vista, only XP.

    3. None, you have UAC protecting you.

    4. Advanced heuristics use the temp directory for it's work ground. Whether it's extracting files from a packer or emulating another file.

    Have you tried the EAV 4 beta? It boasts better limited account support.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Only files from archives are unpacked to the temp folder.
     
Thread Status:
Not open for further replies.