Using Blackspear's settings -- got a false positive

Discussion in 'NOD32 version 2 Forum' started by SamSpade, Dec 31, 2006.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    When using Blackspear's settings my automated scan recently picked up a false positive (nod32 saw "wextract.exe" as a trojan dropper agent) and automatically deleted (as per the settings) it when it could not be cleaned.

    Since wextract.exe is a legitimate and needed file its deletion caused me to have to go and find a replacement, which I did, by copying the file from my other computer (I'm still not sure it's exactly the same file, but it has the same version nomenclature, so I'm guessing it is.)

    I'd like to avoid such unattended automatic deletions from now on, so I've changed all my other scan and monitoring options to "prompt for action" instead of "automatic deletion". I want to have full manual final review control on all deletions, no more automatic deletions.

    On Blackspear's settings I went down the list of command-line commands and removed the command to "delete", but I am not sure this will produce the result of giving me a chance to review the discovery of malware.

    Should I insert "prompt" in the command-line list??

    Sam


    //
     
    SamSpade, Dec 31, 2006
    #1
  2. ASpace

    ASpace Guest


    Unnecessary . Get back Blackspear's settings , they are perfect for most users . They include everywhere "Copy to Quarantine" which means NOD's Quarantine now have an exact back-up of what was cleaned/deleted . NOD32 generates little false-positives but you can always restore from Control Center -> NOD32 System Tools -> Quarantine

    Update your NOD32 to the latest definitions (1949) where the false alarm has been corrected
     
    ASpace, Dec 31, 2006
    #2
  3. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Would that it were true! After the deletion, there was nothing in quarantine. (??) Don't know where the file went. But there's nothing there in quarantine. My nod32 scanner logs show that the file was detected and flagged, and cleaned, but there is nothing in the quarantine folder. Nothing, nada, zilch.


    //
     
    SamSpade, Dec 31, 2006
    #3
  4. ASpace

    ASpace Guest

    ASpace, Dec 31, 2006
    #4
  5. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Yep, double-checked and "quarantine" is listed on my settings (copied and pasted from B'spear's original), so it must have been that I ran the sweep under different settings. Anyway, I'll adjust all my scans to follow these defaults from now so everything flagged gets quarantined.

    Happy 2007 and Glory to Heaven!!
     
    SamSpade, Dec 31, 2006
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...