False Positive needing correction

Discussion in 'ESET Smart Security v4 Beta Forum' started by PatG, Jan 27, 2009.

Thread Status:
Not open for further replies.
  1. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    The site to download the skin program for AdvancedSystem Care is coming up as

    "1/27/09 11:31:28 AM HTTP filter file http://www.autoitscript.com/forum/i...ads&req=download&code=confirm_download&id=138 Win32/Packed.Autoit.Gen potentially unwanted application connection terminated - quarantined"

    This is a legitimate program, posted as sticky on a forum after approval, etc. Have submitted twice to support. How long does it normally take to over-ride a FP?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    If you use the subject "False Positive" usually 1-2 working days or less.
     
  3. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    Thanks for the speedy reply! Will be watching my email for something from ESET about this.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's not a false positive in the real sense of the word. It's an Autoit script that uses obfuscation exploited by malware to prevent antivirus programs from seeing the real content of the script. What's more, it's not detected as malware but as a potentially unwanted application. That means you have agreed with detection of such suspicious files by intentionally enabling this option. As of version 4, these are reported by a yellow alert window to emphasize that the file may not be necessarily malicious and the user can decide to keep it. In advanced settings of the yellow alert window, there's an option to add it to the exclusion list immediately.
     
  5. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    Thank you Marcos! Love learning things in my old age! Now, is there a way to "exclude" files such as these in ver 3? There wasn't an option to exclude when RED warning popped up. Reason I'm asking is because I am running v4 on desktop and 3 on laptop but running ASC 3 on both machines. Thanks for the tip!:D

    EDIT: Sorry, but there is no "Advanced" button on the yellow alert window! Not on my ver4. Am I looking in the wrong place? This is when the window pops up, can only set the time it displays and transparency factor. Still cannot dl the file.
     
    Last edited: Jan 27, 2009
Thread Status:
Not open for further replies.