TrackerSoftware PDF-XChange Viewer Upgrade False Alarm?

Discussion in 'ESET NOD32 Antivirus' started by rnfolsom, Aug 20, 2012.

Thread Status:
Not open for further replies.
  1. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    I use Tracker Software's PDF-XChange Viewer, and today I chose to do a routine "Live Update" (part of the software) to see if there was a more recent version. There was, and I then chose to download and install the update.

    When the download was essentially complete (judging by the blue progress band), ESET intervened with the following message (without the quote marks):

    "Potential Threat Found
    "Object:
    "http://c1236872.r72.cf0.rackcdn.com/PDFXVwer_2205.exe
    "Threat:
    "a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
    "Comment:
    "Threat was detected upon access to web by the application: C:\ProgramFiles\Accessories\PDF-XChange_Viewer(TrackerSoftware)\LiveUpdate\LiveUpdate.exe. Please submit this object to ESET for analysis."

    I have run this Tracker Software PDF-XChange Viewer "Live Update" feature before, with no problem, and I am fairly sure that this is a false positive. It was an update from my current Viewer version 2.5.204 to 2.5.205.

    Nevertheless (I'm very risk averse about malware), I clicked the ESET message's Disconnect button, and the update was not installed. But I'm fairly sure (the Disconnect was very quick) that there was no acknowledgement of anything being sent to ESET.

    Questions:

    1) Will the "object" be set to ESET automatically, or am I supposed to do that myself? If the latter, where and how do I do that?

    2) Will ESET send me a reply about whether ESET thinks the PDF-XChange viewer update was in fact carrying a "potentially unsafe application"?

    Next, a Suggestion: My laptop's 15" screen is UXGA (1600x1200 pixels). ESET's message, quoted above, was in such small print that I needed a magnifying glass to read it. And when I tried to select it and copy it into Thornsoft's ClipMate, I found that the message could not be selected and copied.it So I had to type it (while my wife held the magnifying glass and read ESET's message).

    My suggestion is: In ESET's announcements, the text should be selectable and copyable.

    Roger Folsom

    ----------------------------------------------------------------

    P.S. BACKGROUND: I am using NOD32 v 4.2.71.2. (I will upgrade to 5.x when I have time to discover what its advantages would be for me and my wife, compared to 4.x.)
    In my Settings Tree, at Web Access Protection > Setup > ThreatSense Engine Parameter Setup > Options, everything has been checked, including Potentially Unsafe Applications and Potentially Unwanted Applications, ever since I first started using the first NOD32 4.x version.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The detection of the toolbar is ok. Note that it's not detected as malware but as a potentially unsafe application which is an optional detection disabled by default.
     
  3. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Thank you very much.

    But my two questions remain (with upgraded wording):

    1) Was the "object" -- that is, ESET's notice --- sent to ESET automatically, or does ESET expect me to do that myself? If the latter, where and how do I do that?

    2) Assuming that Eset's notice was sent to Eset, will ESET (in addition to you!) send me a reply about whether ESET thinks the PDF-XChange viewer update was in fact carrying a "potentially unsafe application"?

    Thanks again.

    I will post my suggestion that "In ESET's announcements, the text should be selectable and copyable" onto the Future Changes to EAV thread. But if you can find the time, I hope you can invite the idea to the attention of ESET's management.

    R.N. (Roger) Folsom
     
Thread Status:
Not open for further replies.