False Positive: ithsgt.sys

Discussion in 'ESET NOD32 Antivirus' started by Nige, Jan 9, 2010.

Thread Status:
Not open for further replies.
  1. Nige

    Nige Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    14
    I've been using NOD32 for a few years with no problems (Just renewed my licence for another year, but wondering now whether it's now time to move on!).

    The file ithsgt.sys has been on my system for a few years. For some reason on the 6th December 2009, NOD32 deleted it. I discovered this when I tried to run the game "Fahrenheit". The game wouldn't run at all. I reinstalled the game, and the same problem. When I looked at the NOD32 log, the entry from the 6th December was there, and also a new entry:

    C:\WINDOWS\system32\DRIVERS\ithsgt.sys Win32/Agent.QLJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: F:\Fahrenheit\Fahrenheit.exe.

    If I exclude this file, then the game works fine - if not, then NOD32 deletes it, and the game won't run. AFAIK, this file is part of the disc copy protection for the game.

    I've submitted the file for analysis, submitted it as a false positive and contacted Customer Support.

    Disappointingly, Customer Support didn't answer my question by email, but referred me to an 0845 number. When I tried to call this number, I discovered that Eset is closed at weekends and open during office hours Monday to Friday. Not much good to home users, because strangely enough I have to work office hours too! I'm also not happy about my only route to solve problems being through an 0845 number - for which I pay 10p per minute.

    So, what do I do? permanently exclude the file? Occasionally "un" exclude it to see if NOD32 still deletes it? (I just tried this - it does), or just stop using applications that NOD32 decides are dodgy, even when I know they're not?

    I've also recently had problems with downloads not completing due to something that NOD32 was blocking (again, legitimate downloads). What was once an invisible, trouble-freee and efficient AV application seems to becoming (like so many others) more of a hassle day by day. The subscription isn't particularly cheap, and add to that the 0845 "only office hours" support - and I'm thinking that this may be my last year!
     
  2. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
  3. Nige

    Nige Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    14
    Thanks for youreply Fixer!
    I already submittted a false positive report - twice.
    I'll do another one though, just in case!

    I've just relaised that I posted in the wrong forum! I'm using 3.0.684.0

    Sorry!
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Thread is now in the correct forum.
     
  5. Nige

    Nige Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    14
    Thanks!

    Situation now resolved - The false positive was corrected in the latest update and Eset Tech support (Neil) was extremely helpful.

    My faith in Eset and NOD32 is restored!

    :D
     
Thread Status:
Not open for further replies.