False Positives with NOD32 and Online Armor

Discussion in 'NOD32 version 2 Forum' started by MikeNash, May 24, 2006.

Thread Status:
Not open for further replies.
  1. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Guys,

    A couple of our users are reporting that NOD32 is marking newly released versions of Online Armor as a virus.

    Obviously, this isn't good for us - can we co-ordinate in some way so that Online Armor does not get flagged as a virus.

    I'd be also very happy to work with you to make sure that newly-released versions of NOD32 are included in Online Armor's whitelist as well.

    If this is something we can get together on, please PM me so we can exchange email addresses.


    Cheers


    Mike
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,

    are you 100% positive that you scanned it with the latest version of NOD32 1.1554 ?
     
  3. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Marcos,

    I'm not 100% positive, I will have to ask the users about it. I'll get back to you as soon as I know.

    Thanks very much for the fast response :)


    Mike
     
  4. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    I'm 100% positive the latest Nod32 detects the latest online armor AV+ as a virus. (running sig ver 1.1555, trial edition)

    \Online Armor\oasrv.exe - probably unknown NewHeur_PE virus
     
  5. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Thanks for that ......

    Marcos -

    Is there some way/place I can send signatures, hashes or copies of files to make sure that we don't get reported as a virus?

    At the same time, does an authorised person at ESET want to send us the same so we can keep you up to date in our whitelist?


    Mike
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Mike,

    I've installed the trial version of OA and you're right, it's flagged by heuristics as suspicius for its behavior. We'll do our best to remedy the fp in the upcoming update issued tonight.
     
  7. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Thank you Marcos, much appreciated.
     
  8. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Has anything been done yet about OA showing up as a false positive?
     
  9. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    Shuold be fixed as we had a number of updates since ti was reported.
     
  10. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    I'm still getting this infiltration popup from NOD32

    C:\Program Files\Tall Emu\Online Armor\oasrv.exe - probably unknown NewHeur_PE virus.

    Same thing happens when I run a scan, it shows OA in red.

    I thought something was supposed to be done through the updates of NOD32?
     
  11. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Re: I'm still getting this infiltration popup from NOD32

    This false positive is going to be fixed soon as Eset's moderator said.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: I'm still getting this infiltration popup from NOD32

    I can confirm that it was actually fixed a couple of days ago.
     
Thread Status:
Not open for further replies.