Logmein Rescue

Discussion in 'ESET NOD32 Antivirus' started by Biscuit, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Nod32 is detecting a FP of NewHeur_PEvirus against my users trying to run the remote access component of Logmein Rescue.

    Please fix this urgently!
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
  3. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Thanks for your reply.

    I don't actually have the file as it is something run by users at the time of remote control. I therefore have nothing to send to Eset & by the time I realised the problem I could not ring them as they go home at 5:30pm on the dot.

    With regular false positives for Prevx & now my being unable to use Logmein rescue, Nod32 is fast becoming a difficult product to use.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Well is there somewhere they can access the file in question?

    Also, it's not ESET's fault Prevx design their product as they do, changing the heuristics would mean leaving users more vulnerable, the only solution is whitelisting the app.
     
  5. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I see the Prevx FP issue as more Nod32 trying not to help. I wonder what users would think if Nod32 ran a FP against every other security app?
     
  6. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Update

    FP fixed as of 3908 defs.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852

    Good to hear.




    But they don't FP against every other security app, just this one because of the way it's designed.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    (I'm jumping into this thread because it popped up on a Google Alert.)

    I don't see what aspect of our designing would be causing these false positives. We digitally sign every component of our software and do not use any obfuscation in the installation so I'm really not sure what would be triggering the heuristics.

    This is a recurring problem which does affect a number of our users and causes quite a hassle in customer support every time we release a new version. Non-technical customers frequently complain that we are sending them viruses, which presents a difficult situation when they don't understand the concept of a false positive.

    If a representative from ESET could give us more details as to what we're doing that causes them to detect every new version heuristically, we would be more than happy to consider changes to make our products work better with their signatures, if it isn't possible for them to modify their heuristics without degrading their protection.

    No other security product has this level of false positives against our software so I don't think there is anything inherently suspicious about the design which is triggering it.

    Feel free to send me a PM if you're interested in resolving this problem and I will give you my email address so we can discuss this directly.
     
Thread Status:
Not open for further replies.