ESS detected a change to itself - Deny/Allow?

Discussion in 'ESET Smart Security v4 Beta Forum' started by MadafankinZ, Nov 19, 2008.

Thread Status:
Not open for further replies.
  1. MadafankinZ

    MadafankinZ Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    1
    Ok, i upgraded my v3, and tried to update my newly installed v4 beta...
    Update finished, and this came up...

    ess4ss8.jpg

    :)
    So, should I realy choose deny? Is ess4 malware?
     
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,045
    Location:
    USA
    Re: Comments, questions, suggestions

    Bwahahahhaaa!!!!!!
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,031
    Location:
    California
    Hello,

    No, this is the expected behavior if application modification detection is enabled.

    Regards,

    Aryeh Goretsky

     
  4. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    But is it really needed to not trust yourself?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We are aware of this problem, it's being investigated.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Can you change the warning at the same time to be more user friendly? I've always hated this warning ever since I got phoned at 3AM from someone panicking thinking they had malware.

    This program has been changed since you last allowed it internet access, this may be because you have updated the program or it may be because of malware having changed the file. What would you like to do?

    Sounds better.
     
  7. Mits

    Mits Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    22
    In my humble opinion, an important point of application modification detection is to be able to detect when e.g. a new virus (with unknown signature) attempts to modify your antivirus protection. I am sure you all have read stories of trojans that are able to disable poorly designed AV protections, so that you think you are protected while in reality you are wide open.

    The fact that ESET does not seem trust even itself, is a good thing (TM). However, the average user may get upset. There are two ways to deal with this:

    a) Users could be warned upon upgrading ESS that they will see a warning about ekrn.exe being modified and that they can (and should) safely accept it.

    b) Somehow ESS v3 knows in advance the md5 hash of the new v4 executable and silently accepts its modification, bypassing the protection.

    Speaking for myself, I'd prefer solution a) to familiarise users with the operation of application modification detection and reassure them that it actually works.
     
Thread Status:
Not open for further replies.