Need Help Submiting a possible False Positive

Discussion in 'ESET NOD32 Antivirus' started by zomg47, Apr 12, 2009.

Thread Status:
Not open for further replies.
  1. zomg47

    zomg47 Registered Member

    Joined:
    Apr 12, 2009
    Posts:
    2
    ok i have a game that like. But Nod32 finds it as a threat, and deletes and quarantines critical file in the game. There are many other players in this game and i have talked with them, and it seems as though only Nod32 detects the file as a threat, whereas All other AntiVirus promgrams that the other players use
    This "false posotive" has only just started happening recently and well... i am gamer who likes to play his games.

    But my main problem is that i cant send the file using Outlook express any my Mail provider only allows files to be sent up to 20mb, and the file i am trying to send is approximately 50mb

    Any tips on?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Re: Need Help Submiting a possible False Posotive

    Do you have an ftp client/know what ftp is and how to use it?
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Need Help Submiting a possible False Posotive

    Couldn't it be that it's an unofficial patch or crack detected?
     
  4. zomg47

    zomg47 Registered Member

    Joined:
    Apr 12, 2009
    Posts:
    2
    Re: Need Help Submiting a possible False Posotive

    its not an unoficial patch because that particular file has been in the game for a verry long time, it is basicly what makes the game run, without that file you cannot start up, play or even run the game.
    and i am verry confident that only Nod32 finds it as a threat

    and i dont know what an ftp client is and how to use it
     
    Last edited: Apr 13, 2009
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Is the file small enough to send by email? If so, mail it to samples@eset.sk in a .ZIP or .RAR file protected with a password of "infected" (even though it isn't--that is just a standard password to use) and a Subject: of "False Positive".

    In the body of the message, explain how you determined the file is a false positive, the version of ESET NOD32 Antivirus you are running--including the virus signature database version--and include a link to this message thread.

    Regards,

    Aryeh Goretsky
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Such large files should be uploaded to an ftp or a file sharing service, such as RapidShare. When done, PM me the link to it.
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I did not see the part of the message mentioning the file size. Please use ftp, instead, to send the file to ESET.

    Regards,

    Aryeh Goretsky
     
  8. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    Indeed a large file like that should be handled by FTP.

    if you don't know what FTP is and how to use it then do you know how to split files via RAR?

    When you use WinRar www.rarsoft.com you have a choice to split the files into Floppy, CD, DVD or CUSTOM. Choose custom and type in 19 MB, then just RAR it.

    This will split the one large file into 3 files.
    Then just send them to eset with titles.

    FALSE POSITIVE 1/3
    False Positive 2/3 and then finally 3/3.
    Provide them instructions to save all the files in one folder and UNRAR them.

    I know it's painful, but that is the only other alternative that I can see besides rapidshare or ftp.

    The only problem with RapidShare is if this is a copyrighted file then you really don't want to open it to everyone, I know that chances of you getting into trouble for sharing one file out of file set is 1.0e-10 but still why risk it.
     
Thread Status:
Not open for further replies.