Defender finds Virus ESS 4 & 5 Missed

Discussion in 'ESET Smart Security' started by tjg79, Apr 10, 2012.

Thread Status:
Not open for further replies.
  1. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    I did a full scan with Windows Defender on my Win7 Pro x64 system with ESET SS 5 installed and Defender detected a Trojan virus in old Outlook pst files. The virus was attached to an old email that was ten years old. The files had been on my system when I was running Win XP Pro x64 with ESET SS 4.

    Why didn't either ESET Smart Security 4 or 5 detect the virus before now?

    I've set ESET to the most stringent settings for the most complete in-depth scan. ESET should have detected the virus with the default settings in my opinion.

    I think someone should look into this.

    Regards
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Pst files are not scanned. However, if you have mounted it in Outlook, have scanning of read messages enabled and the message with an infected attachment is accessed, the message should be moved to the Infected items folder and the attachment removed.
     
  3. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    It makes me wonder what other file types are not scanned. I don't see any indications in the ESET SS 5 setup that indicates pst files wouldn't be scanned.

    I moved the files to my notebook and imported them into Outlook where ESET detected the virus attachment and moved the email to the Infected Items folder. So, I know the virus Defender detected was legit.

    Is there a setting in ESET SS 5 that would enable scanning of pst files that aren't loaded into Outlook?

    Regards
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That would be theoretically possible via MAPI if MS Outlook is installed but this option is not supported (not sure if due to technical difficulties or why exactly).
     
  5. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    I have some concern about the effectiveness of ESET SS 5 now.

    The pst files were just stored in a folder in My Documents. They were not loaded into Outlook. Pst files are really just database files. I would think that a full in-depth system scan would check these files for viruses and other malware.

    There is no indication that the files weren't scanned. In fact, there is an indication that the files would be scanned. In setup under Antivirus and antispyware/computer scan/objects there is a check box for email files. I had the box checked. So, why did ESET not scan the files?

    Is there any documentation to indicate these types of files wouldn't be scanned?

    If Windows Defender can detect the virus, I would think ESET should also.

    Regards
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,046
    Location:
    USA
    Seems reasonable to me. It is not necessary to scan an inactive .pst file as it is not executable and will harm nothing until Outlook accesses it, then the attachment will be handled as Marcos explained. There is no good reason to worry about malicious files that can't and won't do anything by themselves.
     
  7. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    It doesn't seem reasonable to me. If I buy an antivirus software program to remove viruses from my computer, then that's what I expect it to do. If the program is going to not scan certain types of files and leave viruses intact, then it should make that very clear. If the program is incapable of scanning certain types of files on a computer, they they should make that known also. I shouldn't be surprised to find viruses when scanning with a free windows utility program.

    Check out the ESET website and let me know if you see anything that indicates they don't scan certain types of files and that they leave viruses on your computer that they don't think can do any harm.

    If I was an ESET programmer or salesman, I'd be embarrassed that Windows Defender did a better job of cleaning a computer than ESET SS 5.


     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,046
    Location:
    USA
    Well, again keep in mind the fact that a .pst file just sitting on a drive is incapable of doing anything until it is accessed by something that can open it. Once it is opened by Outlook when there is the potential for it to be released ESS should detect the attachment and delete it. Assuming that ESS detects it at that point (no way for me to verify that) then you were never in any danger. There are many AV's that do not detect a file that is infected until it is accessed and then it is taken care of, when it is needed. I have seen other products do this as well. As long as you don't get infected then the product is doing its job. Not trying to be argumentative or biased, just pointing out that this is likely more common than you are aware of and not a legitimate cause for worry unless it fails to catch it on access.

    On another note I prefer a product that does not scan .pst files. I remember when Microsoft One Care was still sold and there was an issue where if it detected an infected attachment it deleted the entire .pst file. Many people lost all of their downloaded emails when that happened. If all things considered you are still worried about it, be happy that Defender did catch it and be pleased that ESS is one of few products that are compatible enough with Defender to be able to run both. I also run them both with Malwarebyte's Anti-Malware and SUPERAntiSpyware on demand as a second, third and fourth opinion as no one product will catch everything in every situation. There are freeware on-demand versions of each of them if you do not already have them and are interested. I hate to see someone worry about a threat that probably would have been caught before it mattered.
     
  9. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    Well, after checking the ESET website and reviewing all the sales propaganda, I checked the av-comparatives.org website to verify ESET claims and found that ESET is rated very low. Of 18 antivirus software programs, ESET was in the bottom 4 as of 13 December 2011. Read the report for yourself.

    http://www.av-comparatives.org/images/stories/test/removal/avc_removal_2011.pdf

    Seems ESET programmers need to get to work and fix their antivirus software.

    Why would anyone buy an antivirus program rated on the bottom of the heap?

    Regards
     
    Last edited: Apr 10, 2012
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,046
    Location:
    USA
    Posted on this site earlier today:
    http://www.dennistechnologylabs.com/reports/security/anti-malware/symantec/ ESET scores in the top 3. People can argue these tests until they are blue in the face.

    From my earlier point:
    http://www.datanumen.com/articles/prevent-pst-corruption.htm
    Especially:
    If you wish to test other products you are free to do so. Just trying to make the point that there are several products that do not scan offline .pst files and those that do may corrupt them. I hope you find a resolution that is acceptable to you. :thumb:
     
  11. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    ESET earned a score of 58 out of 100. That's an "F" in any grading scheme of which I'm familiar. That score of 58 puts ESET solidly in the bottom third of the 18 Antivirus programs tested. The range of scores was 52 to 90. Those results indicate a good test if you're trying to separate the spread.

    Do you think ESET needs to update their website to reflect their poor test grades?

    Anybody trying to defend/rationalize/justify that level of performance shouldn't be considered competent.

    ESET needs to fix their product to be competitive.

    Regards
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I own alot of licences to alot of AV products and can assure you I will only use one that works, and works well. In all my usage and testing of ESS V5 it clearly has improved and stays near or at the top in all my testing. There are plenty of others that fail. On my sons laptop, it is hit by real zero day threats just based on his web site surfing habits and Eset has not failed me yet. Thus the ongoing Avatar for it.

    I agree with Joe that testing sites are hit and miss sometimes just as the malware they use. I know for a fact that WSA works very well and it is a young product that will continue to get better. Some AVs have maxed out on new ideas and are stalemating. Esets new HIPS module is another example of new technology in their product that will also continue to improve.

    My proof as always, is real web surfing in my families every day usage of their computers and how well they are protected. For me, it is either Eset or WSA at this point.
     
  13. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    ESET's website prominently references the av-comparatives.org website. Of all the organizations cited on this thread, av-comparatives is the only non-profit independent testing organization solely devoted to testing antivirus software.

    ESET failed to detect a virus on my computer that should have been detected.

    Anyone can subjectively rationalize for something they're emotionally attached to. The purpose of objective testing is to determine results and effectiveness, and overcome bias and sales propaganda. ESET didn't perform very well in the objective testing performed by av-comparatives.org an organization ESET cites as a reference.

    Depending on the type and level of one's education and ability, some individual's opinions are more objective, knowledgeable and informed than others.

    Unless you are employed by the ESET sales department, I don't understand why anyone would defend poor performance. If your are employed by ESET, then you should get to work and fix your product to make it more competitive. ESET is not performing as advertised. I think that is a statement of fact.
     
  14. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,046
    Location:
    USA
    Since you think so highly of av-comparatives how about some detection results as detection is your complaint:
    http://www.av-comparatives.org/en/comparativesreviews/detection-test Here you will see ESET take some of the top scores rather than the single test you referenced which was a removal test that most of the vendors scored poorly on. Detection is more important than removal, as with good enough detection you don't need removal.

    It was already established that the file was never scanned, therefore it did not fail to detect it and since Defender removed it there is likely no way to verify if it would have detected it or not.

    Again, see detection results link above.

    Anyone that posted in this thread offered to help explain the situation. Insulting their intelligence for their offer of help is nothing more than trolling.

    Neither I nor trjam (to my knowledge) are employed by ESET, and I would just as quickly try to provide answers for any product I have experience with. Since you are obviously not interested in anyone's effort to clarify the situation, I consider this discussion moving forward a waste of my time. I believe all products have a free trial. Find one you like and happy computing.
     
  15. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    Is this a technical support website or a fan club?

    I generally don't discuss technical issues with cheerleaders.

    I didn't post this thread looking for excuses. I posted it as a warning that ESET doesn't perform as advertised.

    Regards
     
  16. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Wilders Security Fourms is not an Technical Support Website or an Fan Club.
    The Official ESET Support Forum is an Subfourm of Wilders Security Fourms.
    Wilders Security Fourms is primarily an computer security discussion board.
    Perhaps you should at this time familiarize yourself with the Terms of Service before you do any more ranting.
    If you are unhappy with the product, uninstall it.

    Terms of Service
    https://www.wilderssecurity.com/tos.php


    HKEY1952
     
  17. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    I think the thread memorializes the fact that some consumers of antivirus security products aren't as objective and performance oriented as others.

    I don't see any terms of service violations. And, ESET links this forum as their support forum and some members use it as an ESET fan club.

    I think you're getting off topic. The topic is that ESET doesn't perform as advertised, was bested by Defender, and needs to be fixed or limitations disclosed. Where is the documentation that indicates ESET ignores certain file types? If consumers don't demand products perform as advertised, then manufacturers won't deliver products that perform as advertised.

    If you're not an ESET tech support guy, don't respond to this thread; This communication is intended for ESET representatives.

    Regards
     
    Last edited: Apr 10, 2012
  18. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    first off please do read my whole post since i tried to hit a lot of points and sorry for the reply as well as im not sure what your technical backround is and how well you know this type of thing so i dont mean to offend if your knowledge if higher than normal just wanted to make that clear. BUT in reading the av tests you did you also then should know there is no av that will remove and or repair and detect 100% NONE you show me one and everyone in the world would use it. i use eset AS WELL as avast, webroot, norton, kaspersky ikarus, avg, and others. eset and avast remain my first choices though I AGREE with you that eset needs to improve their removal rates. eset has imo poor removal rates but the detection is as good as anyone else and better in most cases. windows defender cant detect A LOT of things many av's do. also note eset has i believe only had 3 fails since 1998 in vb100 tests which is one of if not the best record out there.

    again not wanting to start a war or anything but when working with av's people need to realize no av anywhere will detect and or remove 100% of things out there. as well as MANY av's exclude a lot of system based files by default this includes norton, avast, avg etc...its really pretty normal. as well as ive actually had a few av's BREAK outlook pretty bad from their poor plug in or false positives etc..

    im a repair tech and i do it work for many different companies and support for certain software programs im not a eset tech but i do work with almost every av on the market on a weekly basis from my clients systems and trust me this is pretty normal i end up removing virus' from various av's on a daily basis when they get brought in to me. i do laptop repair support for some oem companies (dell, hp, acer etc) as well as deal with many dentist, doctors, lawyers offices etc this is just from a support point of view so please dont take any of it the wrong way.

    as i said earlier one thing i agree on is eset needs to improve on removal which i find pretty poor. but i have to say with eset i have personally (this includes mine, wife's and kids computers) have yet to actually get infected in the last few years and i cant say this for a LOT of other av's. it took some time but ive learned to trust nod32 i have used it at various times since version 2.5 and always find myself going back to it (currently i use ess v5)

    just also to prove im not a total fanboy (though i love eset) if you give webroot a try they will actually connect to your system and do the repair or clean up for you directly for free if the program cant which is the one thing they have that NO ONE else offers currently. it might be worth a look if you want that type of support. imo no other company offers their level of support though i wish all did. eset has pretty good support normally and i would call them directly if you want beter / faster support they have offices around the world depending on where you are located this will normally get you much faster and to the point answers with support issues.

    if i can possibly help further shoot me a pm and ill do what i can i deal with this stuff on a daily basis and do removal even if manually all the time. and know i def did not want to annoy you with this post just trying to add some hopefully non biased info.

    edit: forgot to add eset does have a money back guarantee if you bought it and really are not happy see here: http://www.eset.com/me/eset-money-back-guarantee/
     
    Last edited: Apr 11, 2012
  19. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    ESET links both the Home Users and Business Users to Wilders Security Fourms for COMMUNITY SUPPORT

    If you want official support from ESET you must file your issue at the link below:

    Contact Customer Care:
    http://go.eset.com/us/support/contact/s2?seg=home#

    When you Posted here tjg79, you made it public.


    HKEY1952
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    This thread is closed for posting as ESET has responded in this thread.
     
Thread Status:
Not open for further replies.