NOD32- Inconsistent scan results

I noticed this behaviour in NOD32 when I happened to scan the program Advanced Process Termination- apt.exe by Diamond Computer Systems (http://tds.diamondcs.com.au/). The file in question is a program which allows for the termination of processes using a variety of methods and hence, it is not unusual for NOD32 to flag it as Win32/APT (according to the result when uploaded to VirusTotal.

The issue is that when a folder/ZIP file containing the executable or even the executable itself is scanned using the right-click context menu>> clean with ESET NOD32 Antivirus/Scan files, NOD32 reports that nothing is infected.

However, when scanning the specific folder using the NOD32 GUI (Custom scan- In-depth scan), NOD32 flags it and logs the executable as:

Code:

Win32/APT potentially unsafe application - was a part of the deleted object

Another case in which the executable is detected would be when it is directly accessed/copied/run and the Detect potentially unsafe applications option is enabled in real-time filesystem protection settings.

My question would be is this behaviour by design- the context menu is not supposed to raise any alerts if a potentially unwanted/unsafe application is scanned? (I don't see any options to customize the context menu scan to detect these items- though I would expect it to follow the real-time filesystem protection settings; such as when I would want to scan files before burning them to a CD for a friend and expect NOD32 to alert me if there is a threat among the files.)

Screenshots/Scan log: Resources.zip (does not contain apt.exe; that can be downloaded from Diamond CS)

 

You can alter the context-menu profile on the on-demand scan configuration. Seems PUA is disabled in that profile so you see these two different scan results.

 

@Brambb

Thanks for the quick and concise reply! Found what I wanted in order to configure it properly:






Just an additional question about this scan profile- when I do a context-menu scan, usually it is on a file/folder. However, in the settings below, there are additional options for operating memory, boot sectors, email files. I would presume operating memory would be the full system RAM, boot sectors to be that of which the file is located on (e.g. C: or F: ) and email files are files with extensions eml, emlx, msg, mbx); unnecessary to be checked if my only goal is to ensure all files which I scan from context menu are scanned/cleaned?

 

Although I never tested this myself I guess if you tick 'Operating memory' and 'Boot sectors' it will scan the memory and boot files prior to the files selected in the context menu (Just like a normal on-demand scan). Which will make the scan time for just files a bit long.

The e-mail files are a different thing, these are unchecked cause they are normally quite large archived files and should be scanned by the incoming and outgoing e-mail protocol engine. If you want to enable this for context-menu scanning if up to the user.