False positive?

Discussion in 'ESET Smart Security' started by LesCozannet, Dec 16, 2012.

Thread Status:
Not open for further replies.
  1. LesCozannet

    LesCozannet Registered Member

    Joined:
    Dec 16, 2012
    Posts:
    3
    Location:
    USA
    Hi, I'm new to the product (Smart Security) and I just scanned my external drive (the LIFELINE of everything I own!) as a matter of habit, and suddenly ESET is detecting this:

    K:\S\Setup files\Camstudio.exe - a variant of Win32/SoftonicDownloader.A potentially unwanted application

    After unsuccessfully googling whether or not Win32/SoftonicDownloader.A is a virus or not, I decided to come here. The little I've found could indicate that it's a PUP but not necessarily a virus. This is software I've had for years, meaning the particular install file that ESET detected, and no antivirus before that ever classified it as a PUP. It's been 'clean' for years. However, since I recently lost a computer to a backdoor virus, I want to be extra careful, even to a paranoid extreme. This is a new computer, and I would like to bring CamStudio back in, but the above message is worrying me. Can someone please help?

    Thanks,
    Les.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This is not FP, it's detection of a potentially unwanted application which is an optional detection and users enable or disable it deliberately.
     
  3. LesCozannet

    LesCozannet Registered Member

    Joined:
    Dec 16, 2012
    Posts:
    3
    Location:
    USA
    Thanks, so ESET has no plans to take Softonic off their black list then, I assume? This is quite misleading because most of us are not savvy enough to assume/know what you just explained...
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I reckon it's a download wrapper so the detection as PUA is ok. There should be a link "Why ESET has detected this file" in the yellow notification window which gives more details about the detection.
     
  5. LesCozannet

    LesCozannet Registered Member

    Joined:
    Dec 16, 2012
    Posts:
    3
    Location:
    USA
    Thanks, Marcos, but I can't find anything yellow notification area anywhere...can you direct me perhaps to what area I'm supposed to look for it in?

    Oh, and while it might be fine for *you* guys to classify it as PUA, it is not for your customers; I am certain that I am not the only one who freaks out like I did when I saw the notice, having just lost a computer to a backdoor virus! Perhaps if you included more/different detail in the detection notice you could avoid possible heart attacks? :)
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Detection of Potentially Unwanted Applications (PUA) or its cousin, the Potentially Unsafe Application category, is already handled differently than the detection of malicious software, such as computer viruses, worms, trojans, rootkits and other threats because these programs are not categorized as being malicious, per se, but because they perform actions which cannot be classified as malicious but instead fall into a categorization where their activity is potentially problematic in some fashion for the operator of the computer.

    A PUA is not a malicious program in and of itself. It is a program which is potentially unwanted. If it were a threat, it would be categorized differently, and the computer operator would have a difference experience when a detection occurred,

    When a PUA is detected, an orange-colored dialog is presented, with the word "potential" prominently displayed, and selectable actions include both ignoring the warning and/or excluding the downloaded file from further detection. That is quite different from the red-colored dialogs identify malicious software and offer to clean it, delete it, and so forth.

    The PUA classification is, by definition, has to somewhat flexible: It could mean that the program changes the behavior of the computer in some fashion, such as changing the default home page and search engine choice in the web browser, or perhaps installing a toolbar in the web browser that tracks what sites are visited in order to help provide more relevant advertisements to the user's interests. I think ESET realizes that there are some customers who want such functionality from their computer, and choose to use software which enables this behavior.

    On the other hand, there are also some ESET customers who feel (rightly or wrongly) that they should not be tracked, should not have every moment they are on the Internet monitored by marketing and analytics companies, not have every search result and clicked-on link aggregated, nor turned into a behavioral profile and monetized.

    I guess you could say that these two approaches are, well, if not diametrically-opposed, at least at opposite ends of the privacy spectrum (for lack of a better term).

    What ESET has done is take a middle-of-the-road approach: When ESET's software is first installed, the customer makes the choice of whether or not to enable detection for Potentially Unwanted Applications, not ESET, and that choice is not permanent, either: The customer can toggle it at any time after installation.

    For more information, please see the following ESET Knowledgebase Articles

    ESET Knowledgebase #2198, "How do I configure my Windows ESET security product to detect or ignore unwanted or unsafe applications? (4.x) "
    ESET Knowledgebase #2912, "How do I configure my Windows ESET security product to detect or ignore unwanted or unsafe applications? (5.x) "
    ESET Knowledgebase #2929, "What is a potentially unwanted application?"
    ESET Knowledgebase #3102, "Enable/disable detection of potentially unwanted applications (PUAs) in ESET Smart Security or ESET NOD32 Antivirus (6.x)"

    For additional information about what Potentially Unwanted Applications, please see the following white paper: Problematic, Unloved and Argumentative: What is a potentially unwanted application (PUA)? [PDF file, 504KB]. It goes into much further detail about PUAs and technologies they use like the download wrappers my colleague Marcos mentioned.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.