Online Armor False Positive ?

Discussion in 'NOD32 version 2 Forum' started by De Hollander, Oct 20, 2007.

Thread Status:
Not open for further replies.
  1. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Getting this alert when installing Online Armor Free. Sample send to "samples at eset.com"
     

    Attached Files:

    Last edited: Oct 20, 2007
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    IMO, on these layered security tools, users need to put their exe's into the exception lists.

    Must do this for Nod32, TF and Online Armor.

    It is work, but once done will save conflict, false positives like this one, and may best of all scan time won't be wasted.

    Bottom line, review you exception lists.
     
  3. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi De Hollander,

    NOD' s heuristic flagged many times OA installers or process as a threat. So of course, it's a FP

    Regards,

    MaB
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    That is exactly the point I was making as well:D

    With Nod 32 and OA , make sure each exe is in each others exempt/allow lists.

    In OA, Nod32 is automatically a trusted program. (review your own list) See attached jpg.

    In Nod32 that is where you need to add OA's exe's as exempt from review!

    Doing this ( a one time task) I have never yet had one OA / Nod 32 false positive.

    We really need to do this work, or our layered tools keep scanning and ratting on each other and giving the user redundant pop up messages which invite us to make an error in replying.

    So, pour a cup of coffee, and list all your security tools, find their exempt/allow lists and enter them all in all lists (exclude the parent exe in their own list)

    Hope, this helps members.
     

    Attached Files:

  5. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Hi, I notice from your screen shot that you appear to be using OA free? I have been using OA paid alongside NOD 32 and ESET AV v3 RC1 and ESS for several months and never had this happen. Both OA and NOD have been installed and uninstalled several times during this period with only pop up's from OA. I wonder if this is simply a problem with OA free?
    Ian
     
  6. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Hi Ian:

    You are right, I just put OA free in a week ago, I like the product!

    You may be correct, that NOD 32 accepts the paid OA and challenges the free one! But I don't have the problem myself, and I am assuming ( always an error) that placing it OA free in the exempt/accept list avoids it.

    What is needed is for the OP guy to do the list entry and see if the false positive reoccurs.

    That's all I can suggest
     
  7. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    The problem was OAFREEREG.EXE, created in the temp folder at install. Excluding this Temp folder was a option, but to avoid any problems with installing I just temporaly disabled Amon. After rebooting, OAUI.EXE , OASRV.EXE and OAEVENT.DLL where manual excluded from AMON by me. With Online Armor every related item from NOD32 is allowed. At this moment no problems.

    Cheers.
    :D
     
    Last edited: Oct 22, 2007
Thread Status:
Not open for further replies.