Tagging GoBack files as trojans

Discussion in 'ESET Smart Security v3 Beta Forum' started by vapor, Jun 1, 2007.

Thread Status:
Not open for further replies.
  1. vapor

    vapor Registered Member

    Joined:
    May 27, 2007
    Posts:
    24
    FYI, just did a scan today and ESS tagged my GoBack restore points as trojans.
     
  2. ASpace

    ASpace Guest

    M o r e - d e t a i l s - please . . .
     
  3. vapor

    vapor Registered Member

    Joined:
    May 27, 2007
    Posts:
    24
    During and in depth scan it tagged about 6 GoBack files as below...

    In fact I was only given a choice of removing or ignoring the files - not quarantining them. I had ESS remove them, and after that there were no back-up points remaining in GoBack. Not a huge deal for me, as I rarely use it. I guess I should have told it to ignore the files.

    Also, the scan was running while I was out and when I came back the "warning" window was showing. I had to manually tell it what to do with each file. It appears the scan was suspended until I input "delete the file". After the 6 "warning" messages and me telling it to remove the suspicious files the scan continued.

    When I first installed ESS it found 3 malware items and I had to tell it to manually delete those as well. I find this behavior a bit odd. My past experience with various AV solutions is that it quarantines an item, then lists it after the scan is complete allowing you to permanently delete or restore, etc. ESS seems to suspend the scan until you input a solution. Plus, you are only offered a choice of deleting or ignoring a file. Am I missing something here?
     
    Last edited: Jun 3, 2007
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Are the files of a resonable size to transmit via email? If so, please send them in password-protected .ZIP or .RAR file (using "infected" as the password) to samples@eset.sk with a link to this message thread.

    Regards,

    Aryeh Goretsky
     
  5. vapor

    vapor Registered Member

    Joined:
    May 27, 2007
    Posts:
    24
    Well, they're they're gone unfortunately. Again, I've written another post (see https://www.wilderssecurity.com/showthread.php?t=176578) regarding my issues with only being able to "delete" or "ignore" a suspect file in the warning dialogs I've seen. I've never seen any "quarantine" option.... The only thing residing in my quarantine file is 2 Thunderbird profiles....that's another story.

    But as an update to this post, I ran another full scan last Thursday and the scan said that nothing was found. However, all my GoBack restore points were missing from prior to the scan. And at the time of the scan I see this in the GoBack app:
    I saw this after the fist scan too, which prompted this post. In that first scan I thought ESS removed the Norton GoBack restore points, but after this week and some additional research I think what happened was it removed some XP System Restore points in the original scan.

    I find that odd since I can't find the path to the area where the files were removed. Again, after some digging online this is a protected area of the file system and I'm surprised ESS was able to delete anything there.

    So, I'd be happy to help here, but I think GoBack is just resetting itself from all the file activity from ESS. Still, no other AV I've ever used has done this, so it's an issue. I also repeat my concern that ESS isn't showing me an option to quarantine or repair suspect files - only delete or ignore. That's on my other thread, which hasn't seen much in the way of replies, so maybe others haven't had this issue. But it would have been nice if these files were in quarantine as noted from the log file above - but they aren't. They were deleted.
     
    Last edited: Jun 10, 2007
  6. vapor

    vapor Registered Member

    Joined:
    May 27, 2007
    Posts:
    24
    This as a further update regarding GoBack and ESS:

    I'll be looking at options to remedy this. HOWEVER - this has not been an issue with any other AV - SO - I think this is a bug with ESS and needs addressed.
     
  7. vapor

    vapor Registered Member

    Joined:
    May 27, 2007
    Posts:
    24
    Just upgraded to 1b and this behavior continues - that is, every scan deletes all GoBack safe points. I did notice today that this actually is taking place toward the end of the scan. The scan took about 2.5 hours - began at 1025hrs ended at 1259hrs. GoBack had this message:

    The suspension of logging deletes all previous safe points.
     
  8. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    Did you enabled the Advanced mode and had a look into Tools>Quarantine to see if the deleted files are there?
     
  9. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    I, and many others also, agree that suspending a scan to await user input is a horrible way to do things.

    We can only hope this is because it's still in Beta and will NOT be the way that the RC's or Final behaves. Any word on this Aryeh or Mayth?
     
  10. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    I agree to that, but only with OnDemand scanning. In my opinion there should be a (optional) way to popup a warning/question window with OnAccess scanning.
     
  11. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    Hi Alf
    Why is that? I don't understand why you would only want it that way for an On Demand scan there bud, is there something I'm missing here?
    The way I do my full system scans, over 800G's of drive space and well over 500,000 files, is overnight of course as it takes far too long otherwise. To get up and find a half completed scan would really be annoying, so I would think for AutoCleaning it would be the way to do things also.

    What are your thoughts on why you would want it only for On Demand?

    Thx Alf
    Dave
     
  12. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    Maybe I wasn't very clear. This is what I want ESS to do:
    OnDemand Scanning: Make a complete scan of all the selected drives without asking the user for actions. All found malware should be put in quarantine automatically. After the scan is done, a list should be presented with the quarantined files.
    OnAccess Scanning: After detecting malware, a popup should appear with the possibility to choose to Clean, Delete of Quarantine the file(s).
     
  13. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    Hello,

    you can still perform on-demand scan without cleaning, ie. when running overnight. You check the threats detected in the morning and then act accordingly.
     
Thread Status:
Not open for further replies.