probably stupid NOD32 behaviour

Discussion in 'NOD32 version 2 Forum' started by gue_st, Jan 17, 2006.

Thread Status:
Not open for further replies.
  1. gue_st

    gue_st Guest

    Usual situation that NOD32 heuristics detects useful rograms as probaly virus. What is wrong, that there is no option in AMON setup to avoid "prohibit access" action.
    What is also wrong is the headstrong support position - "submit sample for analysis and we will investigate". Because there is nothing to investigate - there is no detection error, the program, judging from it's behaviour is really "probably virus" (but not a virus) and should be detected as such. But, as it is not a virus, there should be a possibility to ignore this detection.

    "Probably a virus" obviously implies that it could be not a virus. If the action for this obvious case is missing, wouldn't it be natural to assume that there is *probably* some difficulty wih common sense at Eset?
     
  2. AshG

    AshG Registered Member

    Joined:
    May 7, 2005
    Posts:
    206
    Location:
    East TN
    There are File/Folder exclusion lists in the options that should take care of the issue. Add the file or folder in question to the list, and it won't be detected anymore. End of dillema.

    You might wish to reword your post to make it more clear. I had trouble understanding if you were asking a question, or just ESET bashing.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you suspect a file to be falsely detected as a virus, submit it to samples[at]eset.com. If a false positive is confirmed it will be fixed immediately.
     
  4. gue_st

    gue_st Guest

    No, it is not exactly "end of dilemma", it is just a beginning.
    Because NOD32 is "intelligent". If the file is on CD, you could of course exclude it. But, when copied to HD, it will be detected again.
    Copy to excluded folder? That would of course work, but doesn't sound a bit like comedy?
     
  5. gue_st

    gue_st Guest

    Thanks. It makes sense, but not in this particular case. I do not suspect anything, because I know for sure - that is internal software for specific control over local network. Due to internal regulations it is not supposed to be submitted anywhere. More, I am sure that this kind of code SHOULD be detected as probable virus.
    But, I am talking about minimum control over what the AV does. Especially if you are detecting "probable" virus (therefore there is no false detection).
    Call it "unknown virus" instead of "probably unknown virus" and I will then agree that it is a false positive.
     
  6. Owner

    Owner Guest

    sorry i dont have anything against nod32 and it is a good antivirus, But i have never seen a antivirus that shows so many false positives like nod32.
    Everywhere in big forums i read everybody complain about false positives.
    I have been saying this for long time now. They are very good, and they tried to be better when they upgrade the Threat Sense so now they have blowed it up.
    I really hate false positive, because i used my self nod32 and it was a very very important and neccesary program that i want to install and use, and it was cound of hurry because i hade to work with the program fast, and Nod32 warned me probably unknown NewHeur_PE virus, something like this.
    and again i do not have something against it, i also like it but the most antivirus that shows false positive it's nod32, sorry!
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This smells like a trolling so stop bashing NOD32 without a proof. I'm woroking with samples on a daily basis and see dozens of false positives from other AVs. If you have come across a false positive, just submit it to samples[at]eset.com and it will be fixed.

    The thread is closed now.
     
Thread Status:
Not open for further replies.