Known clean file deleted by nod32

Discussion in 'ESET NOD32 Antivirus' started by chauhanp, Jan 15, 2009.

Thread Status:
Not open for further replies.
  1. chauhanp

    chauhanp Registered Member

    Joined:
    Jan 15, 2009
    Posts:
    1
    NOD removes a clean file because it thinks there is a virus in it. This causes a serious problems with our SourceSafe database. NOD immediately picks up my addition of the file. Error returned

    Module Real-time file system protection - Threat Alert triggered on computer LTNAWEBDEVFLY: C:\Program Files\Microsoft Visual Studio\VSS\data\c\ccdcaaaa.a contains a variant of Win32/Kryptik.BY trojan.

    Hs anyone encountered this, if so do you have a solution.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
  3. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    My recommendation for any antivirus is to not quarantine, not delete, not move the infected file. Just prohibit access to it. You can configure this in Nod32.

    I don't care which antivirus software you use, there will be false positives. I have had all products I've used false positive on core OS files. Search the forums and you will see Nod32 has done this too. If you have these files move or deleted, this can lead to a failure to boot. If you have hundreds of PC's, this can be the cost of a job. If you have it just deny access, then typically you are ok when the false positive is fixed in the next pattern file. Worst case, safe boot and disable your antivirus, and you are back up.

    Obviously you don't want your source code to delete.
     
  4. Phantoms

    Phantoms Registered Member

    Joined:
    Jan 15, 2009
    Posts:
    22
    I'm a new Nod user and getting an error on a file that's been on my system for sometime. It's part of a payware addon for Flight Simulator. I tried submitting the file to Eset, but it fails (sometimes reports the file is too big). I would rather not delete this file if it's a false positive. Below is what VirusTotal reported:


    File UltimateTerrainUSA-1-21.exe received on 01.17.2009 06:50:36 (CET)

    ~VT results removed per Policy. - Ron~
     
    Last edited by a moderator: Jan 17, 2009
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Please submit it using the steps I provided in the link not in the in-built submit function.
     
Thread Status:
Not open for further replies.