Possible Security Issue found in 3.0.657/667 (possibly others too)

I've just tried to manually uninstall EAV 3.0.657 from a workstation as the einstaller service wouldn't start. The installation has a password set - I'm prompted to enter it when I try to go into the ESET Options Menu.

However, EAV doesn't prompt me for a password if I try to uninstall it. I go into Add/Remove Programs and click Remove. There's not even a confirmation to ask "are you sure"... it just starts removing it... and after a few seconds, it's gone. No email to the "Warnings" email address as specified in ERA Config Editor, nothing.

The only thing that tells me something's up is when I log into ERA and it says that PC hasn't updated in a while.

I've never tried to uninstall EAV/ESS 3.0 before, but this was a feature of 2.7.

 

Right, it's against msi standards to prompt the user during uninstallation. However, we've made a sort of patch so that password is required to uninstall the program, this will be incorportaed in the next major release. Unlike msi used in v3, v2 had been employing our own installer so there was no problem with that.

 

Hopefully you'll implement an algorithm to discern whether the software is being uninstalled manually or via GPO, and NOT enforce password entry in case of the latter.

 

My 2 cents worth -- I liked your installer better than the MSI installer. The Nod32 installer was very quick and worked in safe mode. Granted, MSI doesn't require a reboot and I can see how people pushing with GPO's or SMS would enjoy an MSI.