How do you stop ESET from unilaterally deleting good programs?

[conceptualclarity]

I installed ESET Smart Security 9 last night. it immediately began giving me PUA alerts about programs I want to keep. Now this morning it gives me a very fleeting notice that it has gone ahead and deleted a perfectly good program called ALL Browsers Memory Zip.

This stinks! I can't imagine how ESET conjures up a notion that this program is a "threat". It's obscure, but that's no serious criteria for being a "threat." It is available on CNET and nsane forums as well as the developer's home page. See how on Virus Total only Rising Antivirus flags it, and on Jotti only the pathetic false-alarmist Clam AV flags it. On both of those scanners ESET passes this program.

Please tell me how to configure ESET to stop this kind of behavior. I'm not sure that disabling PUA detection is going to be enough.

I disabled detection of PUAs and of potentially unsafe applications but left detection of "suspicious applications." Can I keep ESET from deleting "suspicious applications" without my approval?

I can't open the quarantine window. All I'm getting is the "Rescan files in quarantine after every update" option. (See screenshot.)

Where do you go to whitelist programs in ESET?

I'm utilizing the User Guide PDF at http://download.eset.com/manuals/eset_ess_7_userguide_enu.pdf, but it's not much help.

If I cannot control ESET, if it's going to act like my computer belongs to it instead of to me, then I'm getting rid of it.

 

[conceptualclarity]

I configured ESET to do no spam filtering because I hardly ever get any spam and spam filtering has only brought me grief. Lo and behold I look and see an ESET Spam folder has been set up in my Outlook Express and has trapped its first legitimate email. I am very close to throwing ESET off my computer. I will not tolerate any program that does not obey my configuration.

 

[Stas]

Go to "Setup" then click "Computer Protection" then on "Real-time file system protection" there's gear circle on the left, click and select "Edit exclusions"

 

[Rishi]

To edit your quarantined items :

Open ESS9> tools>more tools> Quarantine


To add exclusions there are multiple ways , 1 has been given above :

Under antivirus in advanced settings to exclude the path or folder itself :


You can also set the cleaning levels to " no cleaning" which will prompt the user to decide the action(severe threats will still be deleted/quarantined) :



When you get an alert like this , click advanced settings> and use the options in red box:

Exclude from detection.
Exclude the signature itself from detection.

 

[Atlas147]

Downloaded and checked out the programme in a sandbox, my ESET doesn't give me any problems, it might be your copy of the programme that is infected with adware or PUPs. Especially if you downloaded it from CNET and not the authors site because CNET bundles adware into all their downloaders.

Might wanna check again before adding it to exclusions. The best way is to uninstall and download a fresh copy of the programme from the author's site and reinstall it!

 

[Deleted member 2913]

Exclude from detection.
Exclude the signature itself from detection.

I guess exclude from detection means the file will not be detected further, right?

Whats exclude the signature....................?
Does this means only that signature detection for the related file will be excluded i.e if the file is detected with other sign name in future then it will be detected?

 

[Rishi]

I guess exclude from detection means the file will not be detected further, right?

Whats exclude the signature....................?
Does this means only that signature detection for the related file will be excluded i.e if the file is detected with other sign name in future then it will be detected?

Exclude from detection is for the particular file only.
Exclude by signature means all the generic threats/warnings detected by same signature will be ignored.( e.g. - all network analyzers, packet senders/editors detected by signature xyz.PUA.32)

 

[conceptualclarity]

Go to "Setup" then click "Computer Protection" then on "Real-time file system protection" there's gear circle on the left, click and select "Edit exclusions"

Thanks, Stas. That helps a lot.

 

[conceptualclarity]

Downloaded and checked out the programme in a sandbox, my ESET doesn't give me any problems, it might be your copy of the programme that is infected with adware or PUPs. Especially if you downloaded it from CNET and not the authors site because CNET bundles adware into all their downloaders.

Might wanna check again before adding it to exclusions. The best way is to uninstall and download a fresh copy of the programme from the author's site and reinstall it!

I would only download from CNET if it were the only site offering a program. It's my standard practice to download from the developer's page, which I did in this case. If that's not possible, I will resort to Softpedia,or, if necessary, Major Geeks. I avoid the other sites known for bundling as well, like Tucows, Softonic.

It's also my practice that with every new setup file, before running it I scan it on Virus Total, Jotti, and Metascan. In the course of doing that I have found ESET to be the most false-positive-prone prestigious program, at least in its manifestation in that multi-scanner environment. I know littelbits says Bitdefender is the one that's false-positive-prone, but it doesn't show up at all in the multi-scanner environment. However I would not want to say he doesn't know what he's talking about regarding the PC protection environment. I hope he will someday again have time for Malware Tips.

This program is not one I run all the time, but it's useful to have it on Quick Launch because it can really help when a browser has gone crazy on memory consumption.

 

[Rishi]

@Hanmin147 Same here ~ Coming to the file concerned, I could not find it on softpedia under the author's channel and on majorgeeks. Downloaded the file from box using the author's website.First thing I noticed the file is unsigned.Then ran it,no conflicts with Eset so far.

Fresh results from virustotal 0/56 : Antivirus scan for aeac0ac0065e3d8328e70dbb982f43b3af458d1f0c2f4c28e6dadbc15fda3efb at 2016-04-05 05:38:14 UTC - VirusTotal

But if you choose the download.com link given above the box one then :


ublock origin and Eset both block it.

 

[conceptualclarity]

To edit your quarantined items :

Open ESS9> tools>more tools> Quarantine
View attachment 92954

To add exclusions there are multiple ways , 1 has been given above :

Under antivirus in advanced settings to exclude the path or folder itself :
View attachment 92952

You can also set the cleaning levels to " no cleaning" which will prompt the user to decide the action(severe threats will still be deleted/quarantined) :

View attachment 92953

When you get an alert like this , click advanced settings> and use the options in red box:

Exclude from detection.
Exclude the signature itself from detection.

Thank you, rishi, very helpful. I was about to give up on ESET. Tonight when I turned on the computer it "cleaned by deletion" a reputable program called Driver Grabber. (Use Driver Grabber to copy drivers in Windows - gHacks Tech News ; DriverGrabber – Portable Driver Backup Utility | Portable USB Applications) It's great to be able to find the Quarantine window.

I have reset it to "no cleaning".

I had allowed "Add text to email subject" to remain checked, and that allowed ESET to be spam filtering my email. I unchecked that, and ESET seems to be relenting on the spam filtering. I don't really need spam filtering. A couple of times a month I get an email saying I've won a lottery I didn't enter or somebody who's a total stranger wants to share an inheritance with me. I know better than to click on those emails. There have been a few junctures in the past where I was getting Viagra spam from Russia, but those episodes passed.

Exclude by signature means all the generic threats/warnings detected by same signature will be ignored.( e.g. - all network analyzers, packet senders/editors detected by signature xyz.PUA.32)

Rishi, could you elaborate on this for me? I'm not a techie, and it's over my head now, but I'd like to understand it.

 

[conceptualclarity]

If there's a good thread on configuring ESET Smart Security, I'd love a link to it. I've had a lot of AVs, including Webroot and Avast, but I've never seen one with nearly as many details on the GUI. I'm not saying that's a bad thing. Certainly, making options available to the user is good, and having many facets to the protection is good.

 

[Rishi]

May I ask which version of Eset are you using? I've tried Drive Grabber just now and Eset does not give any reaction at all :



Antivirus scan for 51940ccf6dcb10daab52045a0f656a54ffcba3c646c1564405a01347a5369892 at 2016-04-05 06:23:38 UTC - VirusTotal

VT : 2/56, but says it is safe, Eset shows no detection there.
Again it's an unsigned file and project is abandoned written at majorgeeks.

Exclude by detection simply means all programs detected by that signature will not be detected in future.Rather than one program it's an entire range to be excluded.

 

[conceptualclarity]

May I ask which version of Eset are you using? .

I know I saw 9, but I can't see where to go on the GUI to reconfirm that, which is easy to find on most programs.

Could you explain "all network analyzers, packet senders/editors detected"?

 

[Rishi]

It is right there in the update tab :

I know I saw 9, but I can't see where to go on the GUI to reconfirm that, which is easy to find on most programs.

Could you explain "all network analyzers, packet senders/editors detected"?

It is just an example,let's say a specific signature of Eset database is used to detect hacktools.I think you are not getting what a signature is - A known malware footprint in the Eset database. If a file matches that the footprint it is detected.Once you exclude the signature itself, you will exclude the entire range of files the footprint can detect.

 

[conceptualclarity]

It is right there in the update tab :
View attachment 93261

I can't find that "Installed version:" line under the Update tab.

 

[Rishi]

I can't find that "Installed version:" line under the Update tab.

Can you supply a screenshot please?
Alternatively, you can look under Help and Support> right at the bottom

Below that click About Eset Smart Security, you can again find it >

 

[Atlas147]

@conceptualclarity your copy of ESET seems to be having a lot of issues with the software that you download, it might be the source you are grabbing it from or your copy of ESET is configured incorrectly and has an insanely sensitive heuristic setting (I don't even know if it's possible) that a lot of clean software are coming in as threats.

As you can see mine and @Rishi 's copy of ESET seems to find that everything you said ESET falsely cleaned as non-malicious. It would be good to do a second opinion scan using Zemana Anitmalware on your computer to check if there are any other PUP downloaders on your system or alternatively you can install a fresh copy of ESET Smart Security and make sure to delete any settings you had before.

 

[conceptualclarity]

Alternatively, you can look under Help and Support> right at the bottom View attachment 93277

Thanks. 9.0.375.0 Valid until 4/4/2017

@conceptualclarity your copy of ESET seems to be having a lot of issues with the software that you download, it might be the source you are grabbing it from

I would only download from CNET if it were the only site offering a program. It's my standard practice to download from the developer's page, which I did in this case. If that's not possible, I will resort to Softpedia,or, if necessary, Major Geeks. I avoid the other sites known for bundling as well, like Tucows, Softonic. It's also my practice that with every new setup file, before running it I scan it on Virus Total, Jotti, and Metascan.

@conceptualclarity your copy of ESET seems to be having a lot of issues with the software that you download, it might be...your copy of ESET is configured incorrectly and has an insanely sensitive heuristic setting (I don't even know if it's possible) that a lot of clean software are coming in as threats.

Except for "No cleaning", everything above is a default setting.

I haven't enabled Idle-state scanning yet, but it sure seems like I'm getting that.

 

[illumination]

Thanks. 9.0.375.0 Valid until 4/4/2017

I would only download from CNET if it were the only site offering a program. It's my standard practice to download from the developer's page, which I did in this case. If that's not possible, I will resort to Softpedia,or, if necessary, Major Geeks. I avoid the other sites known for bundling as well, like Tucows, Softonic. It's also my practice that with every new setup file, before running it I scan it on Virus Total, Jotti, and Metascan.

Except for "No cleaning", everything above is a default setting.

I haven't enabled Idle-state scanning yet, but it sure seems like I'm getting that.

Were you running a trial two nights ago when you installed this and then bought and activated a license yesterday?