false positive...so sad... so angry... not meant to offend

Discussion in 'ESET NOD32 Antivirus' started by icykorpio, Oct 22, 2008.

Thread Status:
Not open for further replies.
  1. icykorpio

    icykorpio Registered Member

    Joined:
    Oct 22, 2008
    Posts:
    2
    hello, everyone

    we wrote a free software for our users and protected it by Themida.

    the bad thing happens today, many users told us our exe was cut off during downloading by ESET.

    our software is pure good angel.

    what should we do? may i send the app to eset? andt how and where to send to?

    we lost money for buying themida and lost users too.

    really need help!

    regards
    icykorpio
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Themida was developed for antidebugging purposes and is misused much more often by malware to evade detection than by legit applications. For this reason, many antivirus programs flag Themida-packed files as suspicious. ESET does not flag all files packed with Themida, there are additional rules that must be fulfilled for a file to be detected. What's more, these files are NOT detected as malware, but as a potentially unsafe applications (PUA) which means they are detected ONLY if the user intentionally choses to detect this kind of applications. PUA cover legit applications that can be misused, such as commercial tools for remote administration or packers that are mainly misused by malware.
    Anyway, you can send the file in question to samples[at]eset.com in a password protected archive and "False positive" in the subject. Also enclose as much information about the application as possible and include a url to that file as well.
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Has been already debated before

    Lesson learnt, I guess? You got it exactly right. And to put this frankly: Your application will be cracked if it's worth it. It will be cracked even if it's totally useless just a matter of "professional pride" of the crackers if the vendor of that protection scheme is stupid enough to agressively market their protection as "unbreakable". We've seen this with Armadillo which exactly followed the above pattern. We've seen these protections being massively cracked with about every single game out there.

    Don't waste your time. You are not protecting yourself, it's just futile fight to be lost. You are actually annoying your legitimate customers with aggressive protection schemes, and will not prevent piracy anyway.
     
  4. icykorpio

    icykorpio Registered Member

    Joined:
    Oct 22, 2008
    Posts:
    2
    the only thing we do is protecting it by themida.

    how did we fulfill the other conditions? just so curious...

    regards
    yinan
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I don't know the additional conditions plus they are never disclosed as it would then be easy to circumvent detection for malware writers.
     
  6. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
    Given the contagion of Themida "malware" now only by p2p programs, it would be better if Eset not acquire more Themida as potentially unsafe applications, and should concentrate to update these malware signatures you faster......
    Best Regards
     
Thread Status:
Not open for further replies.