False Positives with NOD32 and Online Armor

Hi Guys,

A couple of our users are reporting that NOD32 is marking newly released versions of Online Armor as a virus.

Obviously, this isn't good for us - can we co-ordinate in some way so that Online Armor does not get flagged as a virus.

I'd be also very happy to work with you to make sure that newly-released versions of NOD32 are included in Online Armor's whitelist as well.

If this is something we can get together on, please PM me so we can exchange email addresses.


Cheers


Mike

 

Hello,

are you 100% positive that you scanned it with the latest version of NOD32 1.1554 ?

 

Hi Marcos,

I'm not 100% positive, I will have to ask the users about it. I'll get back to you as soon as I know.

Thanks very much for the fast response


Mike

 

I'm 100% positive the latest Nod32 detects the latest online armor AV+ as a virus. (running sig ver 1.1555, trial edition)

\Online Armor\oasrv.exe - probably unknown NewHeur_PE virus

 

Thanks for that ......

Marcos -

Is there some way/place I can send signatures, hashes or copies of files to make sure that we don't get reported as a virus?

At the same time, does an authorised person at ESET want to send us the same so we can keep you up to date in our whitelist?


Mike

 

Hi Mike,

I've installed the trial version of OA and you're right, it's flagged by heuristics as suspicius for its behavior. We'll do our best to remedy the fp in the upcoming update issued tonight.

 

Thank you Marcos, much appreciated.

 

Has anything been done yet about OA showing up as a false positive?

 

Shuold be fixed as we had a number of updates since ti was reported.

 

I'm still getting this infiltration popup from NOD32

C:\Program Files\Tall Emu\Online Armor\oasrv.exe - probably unknown NewHeur_PE virus.

Same thing happens when I run a scan, it shows OA in red.

I thought something was supposed to be done through the updates of NOD32?

 

Re: I'm still getting this infiltration popup from NOD32

This false positive is going to be fixed soon as Eset's moderator said.

 

Re: I'm still getting this infiltration popup from NOD32

I can confirm that it was actually fixed a couple of days ago.