ESEA client false positive

Discussion in 'NOD32 version 2 Forum' started by Anth-Unit, Sep 5, 2007.

Thread Status:
Not open for further replies.
  1. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    NOD32 is detecting my ESEA client as: a variant of Win32/Packed.Themida application. I'm pretty sure that this is a false positive. The ESEA client is a counter-strike matchmaking service that finds different pugs for players to join. I've already submitted the file to eset via NOD32 and I'm wondering if I should also report the false positive to support[at]eset.com. The website for this service is: http://www.esportsea.com/

    Edit:
    @ replaced with [at] to prevent robots from harvesting our address
     
    Last edited by a moderator: Sep 5, 2007
    Anth-Unit, Sep 5, 2007
    #1
  2. ASpace

    ASpace Guest

    ASpace, Sep 5, 2007
    #2
  3. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    I don't think thats the case. When I turn off potentially unwanted/unsafe applications it still detects the file.

    -edit-

    Actually, you're probably right. I'm using the ESS beta right now and I cant seem to get the setting to stick. It seems to turn itself back on after I uncheck the option to detect unwanted/unsafe applications. I still don't understand why this is classified as an unwanted/unsafe application. It's a very popular service amongst online CS gamers and as far as I know it does not fall under any of the characteristics explained in that link you gave me (remote access tools, password-cracking applications, and keylogger). I assume if it was a keylogger, password-cracker etc. someone would have discovered it by now as its been around forever.

    Is it ok for me to post a virus total result in this case? A few other scanners detect this file, most of them look like a heuristic detection.
     
    Last edited: Sep 5, 2007
    Anth-Unit, Sep 5, 2007
    #3
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Disabling potentially unsafe applications makes the alert disappear, I have tested it and it actually works. We will analyse the file and remove detection if it's actually a legit application.
     
    Marcos, Sep 6, 2007
    #4
  5. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    Thanks for the fast response! It looks like it was fixed as NOD32 no longer detects the file.
     
    Anth-Unit, Sep 6, 2007
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...