Is Eset getting mail?

Discussion in 'NOD32 version 2 Forum' started by Mele20, Sep 15, 2004.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    In the last twelve days, starting on Sept 2, I have submitted probable false positives to sample@nod32.com on four different occasions. I have heard back only on the very first submission and I got that reply the next day. It was submitted on Sept 2. Eset said they would fix it in the next update and I thought they had because NOD32 doesn't alert on right click scan but AMON just alerted on it when I tried to run Streams. (In fact, AMON was alerting to so many false positives that I had to stop Streams and disable AMON).

    But the ones submitted on Sept 3, 7 and 11, I have heard nothing about. Why? Should I resubmit them? I can see there might have been a problem with receiving mail when I sent the one on Sept 11 but on Sept 3 and 7?
     
    Last edited: Sep 15, 2004
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I do know they are still having problems, and are expecting an inundation of email to come through on their support address. When this happens there will obviously be a backlog, but they will get through it all.

    Hope this helps...

    Cheers :D
     
  3. steve_h

    steve_h Registered Member

    Joined:
    May 20, 2004
    Posts:
    24
    Location:
    NJ, USA
    Mele,

    It has been my experince that false positives are only fixed by an update of the advance heuristices module, not by definition updates. The last time that I had a problem with FP's it took about a month to get an update of this module.
     
  4. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    The 2 times I’ve had problems with false positives they were fixed 3-5 days later, but I never got a reply. I suppose there’s not much for them to say apart from yes it’s a false positive, we’ll fix it.
     
    Last edited: Sep 15, 2004
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Still, that would be nice ;)

    Cheers :D
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I think we should get a reply. It could even be automated....

    "This is an automated reply. Your submission has been received and examined. It is a FP and will be remedied ASAP. You will receive another auto reply when the FP is fixed. Thank you for submitting this".

    That couldn't take much time and I would know that my mail was received and I would appreciate knowing for sure that it is a FP. Eset did ask us specifically with this new version to send any apparant FP coming from adv. heurisitics to them. So, I think they should respond in some fashion. Eset should have set up some method for prompt replies and notification of fixing of FP before releasing this version.

    I have had to exclude System Restore and all of these probable FPs that are elsewhere from AMON scanning as AMON is alerting about every 10 minutes and sometimes three or four times very close together. I can't run any application that accesses ADS without excluding these probable FPs from AMON.

    If it takes a month or more for these FP's to get corrected, how will I know when I can take them off the exclusion list if Eset doesn't reply to me? Do I periodically take them off exclusion to see what happens? :( :( Eset should automate this process. One auto reply when the probable FP is received and another when it is fixed.
     
  7. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Part of the problem maybe that deleting the ADS tags of files is considered a malicious action by AH, and therefore is causing a large number of false positives. Either disable AMON or leave it running and disable AH while you are using streams and see if that helps. AH is just doing it's job and trying to determine malicious action without the benefit of a definition.
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I just gave running a utility like NTFS Streams Info or ADSpy, etc. as an example. Streams I run in command line safe mode but these others are intended to be run from Windows and yes I can disable AMON while one is running. But this problem happens frequently now and I am sometimes not even at the computer and not running anything when up pops AMON.
     
Thread Status:
Not open for further replies.