Antivirus and OpenCandy

[TheMalwareMaster]

Good evening, I know there are some antivirus like ESET, Windows defender (with PUA) or sophos which, when you try to install a program bundled with OpenCandy, only delete open candy and let you install your program. Instead, others like Norton or Avira block the whole download. Is there a way to set these software to only delete opencandy and let you continue the download or you only can disable them, install your program and then cleanup OC with malwarebytes?

 

[Soulbound]

The reason why the opencandy is deleted is part of the Cleaning/Fixing/Disinfecting process of the solution.

Some opt for full removal/block/deletion, while others opt for cleaning/disinfect first before going to next stage (remove/delete)

If you truly know what you are doing, exclude a temporary folder where you want to place the download, execute (and be extra careful there) and then just remove or simply keep the installer as "stationary"

 

[TheMalwareMaster]

Thank you. So, for the ones who block the whole download, the only was is disabling the AV and then install, and at the end remove open candy with malwarebytes?

 

[jamescv7]

In extraction process from zip files, usually an available option to check the overall deletion of zip file.

But already different side of story when a file is bundled by PUP, because its matter of AV analysis if will block the payload only or whole executable.