Real time scanning anomaly

Discussion in 'ESET Smart Security' started by stackz, Apr 22, 2009.

Thread Status:
Not open for further replies.
  1. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Real time scanning anomaly: [RESOLVED]

    Virus signature database: 4026 (20090421)
    Update module: 1028 (20090302)
    Antivirus and antispyware scanner module: 1209 (20090421)
    Advanced heuristics module: 1092 (20090309)
    Archive support module: 1093 (20090415)
    Cleaner module: 1040 (20090401)
    Anti-Stealth support module: 1010 (20090302)
    Personal firewall module: 1045 (20090325)
    Antispam module: 1011 (20090114)
    SysInspector module: 1212 (20090406)
    Self-defense support module : 1005 (20081105)

    After losing a 250MB download (UBCD4Win) due to it containing some potentially unwanted apps, I decided to have a look at real time scan settings.

    Changing the threat sense cleaning option to no cleaning should display an alert with a list of possible actions.

    I then tested this by copying one of my excluded files to a different drive location and sure enough I got the alert dialog as expected and chose 'take no action'.

    Repeating this same procedure with other excluded files, I only get an alert that the file could not be cleaned - no option dialog. Shutdown the pc, then restarted and still the exact same behaviour.

    I've no idea if this is by design, but it's certainly not the behaviour that I'd expect. :doubt:
     
    Last edited: Apr 22, 2009
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume the file was intercepted by web protection, hence excluding certain folders on the disk didn't have any effect. What's more, if a potentially unsafe application is detected by other scanners, you're always prompted for an action. Anyways, the file should be stored in quarantine so just restore it and exclude the appropriate file from scanning if you don't want to be alerted about it in the future.
     
  3. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Unfortunately what was quarantined was just a small piece of UBCD4WinV350.exe and could not be restored, leaving me with just a corrupted UBCD4WinV350.exe.part. The only way to obtain it was to disable the AV.

    note: real time scan behaviour problem resolved.
     
    Last edited: Apr 22, 2009
Thread Status:
Not open for further replies.