Strange NOD32 alert

Discussion in 'ESET NOD32 Antivirus' started by gaslad, May 11, 2010.

Thread Status:
Not open for further replies.
  1. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Just wanted to chime in here and say, we have 60+ machines in our offices, all running 4.2.35.0, and *none* of them have ever seen this issue.

    Soon after this thread started I specifically asked everyone to let me know immediately if they see one of these, and have not had one report - and just sent an email on Monday asking if anyone had seen one, and again, not one person has.

    So, while this is obviously a real problem for the people experiencing it, it is not happening to everyone on 4.2.x, which obviously makes it much harder for ESET to find and fix (for those complaining about how long it takes, do you *really* think ESET doesn't want to fix things like this??)...

    So, logic dictates that it must be something else that is similar between all of your systems.

    I would suggest comparing what *other* software you run in conjunction with ESET, and see if you can find a commonality...
     
  2. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    115 machines here, from XP to Win7, and none exhibits it either....
     
  3. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Hmmm...one other possibility... I just realized that most everyone else I've seen mentioning versions has mentioned 4.2.40+...

    We are all still on 4.2.35.0...

    Maybe some of you could try downgrading to 4.2.35.0 and see if the problem goes away? It should be much easier for ESET to find/fix it if they could narrow it down to exactly when it was introduced.
     
  4. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    I should make clear that I have never seen a "ghost flag" since I started with NOD 32 version 2.5 and am now at 4.0.474. I was telling my wife that we weren't going to install version 4.2.64.12 --- Aryeh Goretsky, in another thread, has pointed out to me that the full file number is on the download page; I'm feeling very stupid about not having seen that because it is in plain sight just left of the download click-spot --- and she asked me to describe what a ghost flag was, and I realized that I needed to look back at the earlier messages in this thread and find out! All I could tell her was that it was a problem with unknown implications.

    Thanks for the news that there is a "basically confirmed rumor that a new build is imminent."

    I was surprised to read your statement that "4.0.474 . . . lacks the Real-time file system protection module." In my NOD32 4.0.474 Advanced Settings entry I do have "Real time file system protection" with a "Documents" subcategory. Maybe the explanation is that I don't have a "Real-time file system protection module"? If so, I'll have to find out what that module does, since I will upgrade at some point to a 4.2 build that does have a "Real-time file system protection module" and I hope doesn't have ghost flags.

    Roger Folsom
     
    Last edited: Oct 22, 2010
  5. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Please excuse my ignorance, but what do you mean by "the 4.2.x branch"? Do you mean that you think the problem arose with the very first 4.2 release (whose .x number I don't know)?

    The accuracy of my guess about your meaning does seem to be contradicted by tanstaafl's no ghost flags experience with version 4.2.35.0 (post #77), and maybe contradicted also by jimwillsher's experience (post seventy-eight) depending on whether he is running something earlier than 4.2.40.

    Roger Folsom
     
  6. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    jim does not say what version they are running. also the cause has not been established yet
    it for sure did not happen prior to the 4.2.x branch.

    could not trace a time line or version history of NOD releases to compare to the dates when the first reports popped up in the forum
     
  7. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    All ours are 4.2.64.12, except for one on 4.2.58 and our servers with are on 3.0.695. Almost all are 32-bit but we do have half a dozen 64-bit. All are EAVBE, pushed out by ERAS/ERAC.

    Apologies, I should have put that in my post.



    Jim
     
  8. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Same here - all 32bit...

    Oh, and Roger - apparently this is *not* a problem in that NOD32's ability to protect is *not* impaired, it is a *visual artifact* only, meaning, it is not considered a 'critical' bug, only a cosmetic one - albeit an admittedly irritating one for those experiencing it.
     
  9. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Thanks for clarifying that. It inspired me to re-read the entire thread (albeit hurriedly), and Gaslad's initial post did contain an image of a "ghost flag" so now I have a much clearer understanding of what everyone is talking about.

    Nevertheless, some other posts, by siljaline and others, contained "ghost flags" that looked --- at least to me --- different from Gaslad's. Admittedly, appearance to some extent is determined by the operating system (and maybe the computer's graphics card?).

    But unless the ghost flag always is identical on any given computer and operating system, a user may dismiss a valid warning as being "just another ghost flag" and not take needed action --- as someone earlier in this thread pointed out.

    As a temporary fix, it might be useful as a temporary workaround if someone experienced with ghost flags provided a checklist of what to do when a warning pops up, to determine whether it is a ghost flag that can be ignored or a genuine threat warning.

    On the other hand, that suggestion may be worthless or pointless; I don't know enough to know.

    Roger Folsom
     
  10. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Jim: In an earlier post (# seventy-eight), you mentioned that you had 115 machines. That, together with your mention here of "EAVBE, pushed out by ERAS/ERAC," makes me wonder whether your 4.2.64.12 machines have avoided displaying ghost flags --- while many others have had ghost flags on 4.2.x computers with x>39 --- because you installed them remotely from a central location, and/or your installing servers were using 3.0.695 rather than 4.x.

    Just a wild-card guess.

    Roger Folsom

    P.S. If anyone reading this knows how I can disable smilies so that I wouldn't have to spell-out seventy-eight followed by a paren, please let me know.
     
  11. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    69,132
    Location:
    U.S.A.
    Roger, no need to disable the smilies, just add a space after the eight: (#78 ).
     
  12. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    Not all were installed via ERAC/ERAS. Most are, but whenever I get a new PC to roll out I tend to install the usual stuff - Acrobat, Winzip, ESET - from a USB stick. I then import the ESET config and send the PC to wherever it's going. So from then on the PCs get managed by ERAC/ERAS, but some will have had ESET installed via push and some via USB stick.

    Also, that 115 is split across five different managing servers, some of whch have no AV installed at all (just ERAC/ERAS).




    Jim
     
  13. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Thanks! Roger Folsom
     
  14. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Jim Willsher

    Well, at least your post #88 doesn't completely demolish my guess about how you have avoided ghost flags --- I think!

    Thanks for the reply. Here's hoping that someone at Eset can put together the clues that will eliminate ghost flags.

    Roger Folsom
     
  15. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    You're missing the point...

    If the user sees one of these 'ghost flags', then checks the status of NOD32 and everything is ok - ie, make sure it is actually on the current version of the signatures, etc, that it is updating properly without error, etc - then that confirms the ghost flag was a ghost flag.

    No one said to *ignore* them - and I'm certainly not saying they shouldn't be fixed - I'm merely pointing out that they are harmless, which means they are probably a lower priority than maybe they should be considering the level of user concern (regardless of whether or not the level of concern is warranted)...
     
    Last edited: Oct 26, 2010
  16. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    tanstaafl: Before I get to your latest post (#91), I have a question. Gaslad's initial post's ghost flag image says "ESET NOD32 Antivirus requires your attention. For more information, click on this notification."

    In the few other posts (if any) that contain a not-obscured ghost flag image, have you happened to notice whether the ghost flag uses exactly the same wording as in Gaslad's initial post?

    If not, then I will go back and re-read the thread and try to find any evidence as to whether ghost flags always use exactly the same wording. Here's hoping they do, and that ESET's genuine flags use at least slightly different wording.

    (I'm handicapped here, because from ESET NOD32 Av 2.5 to 4.0.474.0, I've never received a flag similar to Gaslad's ghost flag, although I have received substantially larger announcements of malware when downloading email, and entirely different-looking demand-scan reports of malware.)
    Unfortunately, this is not the first time in my life that I've missed the point....
    Understood. And probably most of the contributors to this thread know how to follow your recommendations. But some of the less technically knowledgeable (e.g. me), especially if they weren't aware of this thread's existence, wouldn't know how to do what you recommend.

    For example, a year or more ago I happened to discover by accident that the current signature version list is at http://www.eset.eu/support/update-xy1. But note the eu, which I assume stands for Europe. There may be a link to that site somewhere on ESET's regional or national sites, e.g. for the U.S., but I'd hate to look for it while worried about the warning I had recently received.

    And I have no idea how to determine whether updates have been installed properly, other than open the ESET window's Update field and see what it says. Did you have something more in mind?

    And your "etc." recommendations could use more specificity! <grin>

    Such mysteries are why my message #85 suggests "a checklist of what to do when a warning pops up, to determine whether it is a ghost flag that can be ignored or a genuine threat warning." Of course, that should be ESET's job, not yours.

    I still find this thread's message #72, especially after "Not to mention....," to be persuasive:
    And in the meantime, I hope someone from ESET is reading this and provides a checklist and distributes it, perhaps as a Sticky.
    Understood. And thanks for your response.

    Roger Folsom
     
  17. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    just noticed that if invoking first - right click on NOD icon in the task bar notification area - click on log files (which then open the log files) - closing the log files window and later left double clicking the NOD symbol in the task bar notification area does not produce the ghost flag - on my W7 64bit system. seem that once the gui opened that way the ghost flags are not showing
     
  18. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    It's called using your eyeballs and your head... ;)

    Check the date of the last update (make sure it is today/very recent)
    Check the Logs - see if they shed any light
    etc... (sorry, couldn't resist)

    Anyway, like I said, I'm not saying it shouldn't be fixed, but it obviously isn't happening to everyone... and I still haven't seen any of the guys complaining about this doing serious comparisons of the *other* programs they are running. It wouldn't surprise me if it was a minor compatability issue with another product - like maybe a firewall...
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    The developers already have that on the to-do list and we'll be looking into it as soon as time allows.
     
  20. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Yet another Ghost Flag non user induced :ouch:
     

    Attached Files:

  21. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,641
    Location:
    Sneffels volcano
    I wonder if this issue could be fixed by doing a full uninstall of the product followed by a registry clean up (recommend powertools -its regcleaner & software uninst. features) and a reboot, then reinstalling Nod32. Just a shot in the dark, who knows.
     
  22. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Thanks for the recomendation and suggestion, although the manual uninstaller does remove the Registry enties as well, based on the uninstall logs I have seen.

     
  23. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,641
    Location:
    Sneffels volcano
    No problem.
    Still, you could try it as a second opinion. You have nothing to lose, it wouldn't be the first time that I see this app doing magic things.
     
  24. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    I have tried all uninstall methods including manual one with eset uninstaller through safe mode. It still shows the same ghost flag. Moreover, this happens on cleanly installed PCs too.
     
  25. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Nobody from ESET confirmed that this is a visual bug only. So one doesn't really know if it is so.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.