How Do I "Do Nothing" for False Positives in Amon?

Discussion in 'NOD32 version 2 Forum' started by dfrailey, Oct 20, 2007.

Thread Status:
Not open for further replies.
  1. dfrailey

    dfrailey Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    5
    Why is there no setting to enable a "Do Nothing" (allow access) option on the alert dialog when false positives are detected by Amon? o_O

    Surely you don't want us to disable Amon entirely so we can get past whatever we're trying to do when a false positive pops up!?

    David Frailey, MCSE
    Williamstown, WV
     
  2. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Add whatever it is to AMON's exclusion list.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Compress the file, protect it with the password "infected" and submit it to "samples[at]eset.com" with "false positive" in the subject.
     
  4. dfrailey

    dfrailey Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    5
    Guys, I appreciate your response, but most of the time I don't have the time to do those things.

    I've been pretty happy with Nod32, but I'm surprised (and disapointed) on this one. I don't think I should have to disable Amon, or add to an exception list, if I need to access a file on "my" system that Amon happens to have a problem with (the rest of my family is another story :) ).

    IMHO there needs to be a configurable setting (which can default to disabled) that enables an "Ignore" option on the Amon threat detected dialog (i.e. "It's OK, I understand what you're saying, but I still need to access my file").

    In this particular case it's Nirsoft's Produkey utility that's all of the sudden tripping a warning during a replication operation.

    Regards,

    David G. Frailey, MCSE
    Williamstown, WV
     
  5. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Fair point although if you do what Marcos asks it will be added to NOD's false positive list and released in an upcoming update then you'll have no more false positives!
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Suggest you add your suggestion concerning Ignore here. https://www.wilderssecurity.com/showthread.php?p=1099483#post1099483
     
  7. dfrailey

    dfrailey Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    5
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Adding to the exception list seems the most logical, and easiest/guaranteed way to do with..regardless of what brand antivirus product you're dealing with.

    It's sort of what the exceptions list is designed for...so the AV product keeps its nose out of there.
     
Thread Status:
Not open for further replies.