Using Blackspear's settings -- got a false positive

Discussion in 'NOD32 version 2 Forum' started by SamSpade, Dec 31, 2006.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    When using Blackspear's settings my automated scan recently picked up a false positive (nod32 saw "wextract.exe" as a trojan dropper agent) and automatically deleted (as per the settings) it when it could not be cleaned.

    Since wextract.exe is a legitimate and needed file its deletion caused me to have to go and find a replacement, which I did, by copying the file from my other computer (I'm still not sure it's exactly the same file, but it has the same version nomenclature, so I'm guessing it is.)

    I'd like to avoid such unattended automatic deletions from now on, so I've changed all my other scan and monitoring options to "prompt for action" instead of "automatic deletion". I want to have full manual final review control on all deletions, no more automatic deletions.

    On Blackspear's settings I went down the list of command-line commands and removed the command to "delete", but I am not sure this will produce the result of giving me a chance to review the discovery of malware.

    Should I insert "prompt" in the command-line list??

    Sam


    //
     
  2. ASpace

    ASpace Guest


    Unnecessary . Get back Blackspear's settings , they are perfect for most users . They include everywhere "Copy to Quarantine" which means NOD's Quarantine now have an exact back-up of what was cleaned/deleted . NOD32 generates little false-positives but you can always restore from Control Center -> NOD32 System Tools -> Quarantine

    Update your NOD32 to the latest definitions (1949) where the false alarm has been corrected
     
  3. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Would that it were true! After the deletion, there was nothing in quarantine. (??) Don't know where the file went. But there's nothing there in quarantine. My nod32 scanner logs show that the file was detected and flagged, and cleaned, but there is nothing in the quarantine folder. Nothing, nada, zilch.


    //
     
  4. ASpace

    ASpace Guest

  5. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Yep, double-checked and "quarantine" is listed on my settings (copied and pasted from B'spear's original), so it must have been that I ran the sweep under different settings. Anyway, I'll adjust all my scans to follow these defaults from now so everything flagged gets quarantined.

    Happy 2007 and Glory to Heaven!!
     
Thread Status:
Not open for further replies.