NOD32 V4 and Nero applications

Why would NOD32 identify the following apps/setup programs as a threat
"win32/toolbar.AskBar potentially unwanted application"

Nero_BackItUp-4.0.38.0c_update
nero_photoshow_deluxe_5_setup

I know I can probably exclude them from being checked but I would wonder why NOD32 would identify these legitimate files as a threat

Thanks

 

See:
https://www.wilderssecurity.com/showthread.php?t=231713
https://www.wilderssecurity.com/showthread.php?t=222497

 

Yes I read those threads but they seem inconclusive. So basically if I wanted to spread a virus/Trojan I need to just name my file as one of those two files, knowing that 90% of users that have NOD32 installed have them in the exclude list. I do not know but I would think there must be some type of signature that NOD32 to look for to verify that it is a legitimate application.

Anyway I have put the excludes in and it no longer detects them as unwanted programs, so you virus/Trojan writers sssshh but here is an opening.

 

Isn't Nero bundling ask crap with their products now? I'm not sure, Nero became a bloated piece of crap a long time ago.

EDIT: Turns out it's NOT an FP. If you really do want to install it then you will need to turn off PUA or temporarily disable your AV.

 

It's because you told nod32 to do so. If you enable "potentially unwanted applications" (the setting shouldn't need any further explanation) then nod32 will warn you against "potentially unwanted applications" like toolbars. For a lot of people all those toolbars you find included with almost anything these days is a perfect example of a "unwanted application". The setting says "potentially" which means it's not necessarily "unwanted" for everyone.

 

Fair enough, so I am just a little concerned then why I would not just get a warning, instead NOD32 puts the files in quarantine.
But I wonder what is the best setting then, I wonder how everyone else has this setup, do you uncheck the option "Potentially unwanted applications" and check the "potentially unsafe applications" or is it better the other way around. I suppose the answer is it depends, but I wonder what most advanced users set it as?

 

No I have it on, but I have all cleaning slider methods on default, and I also use v4 which treats PUA's differently, that way I get an orange popup asking me what to do, and I can ignore it.
But in your case you might need to exclude the nero directory, as it may keep warning you if it installs a detected PUA.

But seriously, why not use different apps? ImgBurn, FormatFactory, etc. are great lightweight apps, and free.

 

Nero has a toolbar of some kind (I guess), so just exclude the setup file.

D'know guys... Using Ashampoo Burning Studio

 

Yes, Nero has the Ask Toolbar setup (for Internet Explorer) built in to its own setup file. When installing Nero, you are asked whether you want it or not.

Personally, I'm happy NOD flags this up. I'm sick of seeing some toolbar or other lurking in the setup files for these apps. If it isn't Ask, it's Google or MSN.