ESET Smart Security blocks ALL file downloads of particular files when it detects a threat (falsely). When ESET detects a downloaded file (legitimate) as a threat, it blocks the download and there is NO WAY to turn the protection off and allow the file to download. I have tried NUMEROUS different things from the ESET knowledgebase including: 1. Turn protection off temporarily by right clicking on the tray icon and disabling real-time protection AND firewall protection until next reboot. (IT DOES NOT TURN OFF - it still blocks the download) 2. Open ESET control panel and change Web protection AND ALL OTHER protection modes to THREATSENSE -NO CLEANING (which should prompt the user to decide whether to accept/reject the file).
(IT DOES NOT - it still blocks the download automatically) 3. Turn OFF detection of potentially unwanted or suspicious applications (uncheck the boxes in the control panel).
Applies to: ESET Internet Security, ESET NOD32 Antivirus, ESET Smart Security, ESET Strict cleaning: In this mode, your ESET product will automatically clean or delete infected files without If the scanner detects an infected system file that cannot be cleaned, an alert window will prompt you.
(IT STILL DETECTS THE FILE AND BLOCKS THE DOWNLOAD) 4. Open ESET control panel -open Web Protection-Policies/Exclusions-check Firefox (browser in which I am downloading the file), so as to exclude Firefox from protection/scanning (IT DOES NOT - it still detects the file as a threat and blocks it from downloading.) and so on. The ONLY way I can retrieve the file is to go to Tools-quarantine and restore it. THIS IS NOT ACCEPTABLE. HOW DO I TURN OFF PROTECTION TO ALLOW FILES TO DOWNLOAD WHEN THEY ARE FALSELY TAGGED AS MALWARE???!!! In this case, I was downloading FIleMenuTools by LopeSoft - freeware that uses an InstallMonetizer.
I'm aware of this and simply uncheck the unwanted applications during install. I do NOT want to have ESET blocking all such files. I am aggravated enough to stop buying ESET though I've been a loyal ESET customer for more than 8 years now. I'm ready to change to Kaspersky JUST BECAUSE OF THIS. Please notify me of a solution - if there is one.
You mentioned that you were downloading freeware that uses InstallMonetizer and you wrote that it was tagged as malware. However, InstallMonetizer is not classified by ESET as malware but as a potentially unwanted application (PUA) which is an optional detection. When a PUA is detected and the user thinks that benefits of using such application outweigh possible risks, he or she can exclude it from detected directly from the yellow alert window by unfolding Advanced options and ticking the 'Exclude from detection' box. Also when a PUA website is blocked, the user is presented with a button 'Proceed to website'.
More about s you can read here: There you will also see some screenshots of the messages explained. Keep in mind that you can freely. If you disable the detection ESET will not block any PUA at any time. Also the ESET products have (especially when downloading) multiple protection layers.
That could be a reason why some of the things you tried may not worked. If you want disable the detection of PUAs (again) respectively check your settings. Then download the file again. If this still doesn't work please reply in this topic and send the exact link to the file you tried to download. Also a screenshot or the text of the message you're seeing would be very helpful.
As noted on the Majorgeeks download page for this particular software (Wich is why it is detected as a PUA.). Limitations: This program is advertising supported and may offer to install third party programs that are not required for the program to run. These may include a toolbar, changing your homepage, default search engine or other third party programs.
Please watch the installation carefully to opt out. The Potentially Unsafe, Potentially Unwanted, and Suspicious Applications detection categories are user optional so every user can enable or disable them. Sorry for the protracted delay. I have been ill.
I downloaded FileMenuTools by LopeSoft from the ORIGINAL SITE and from Softpedia, and as I recall, numerous other sources. I am NOW HAVING THE SAME PROBLEM AND I CANNOT RESTORE THE DOWNLOAD FROM QUARANTINE as the download was blocked partway through. In this case, I was downloading an epub file which was NOT a threat from a good friend at uploaded.net. I am frustrated and am prepared to uninstall ESET forever. In this case, the file did not even show up in ESET quarantine - it was detected and download was blocked after approx 90% of the download was completed. Please advise. Re FileMenuTools - it detected it as a PUA.
I have no other software with real-time protection, so ESET is the only thing that is blocking my downloads. NOW, I cannot even restore the file from quarantine. After 8 years of using ESET, I am about to leave, a very dissatisfied customer.thanks, str8arrow. I have tried to download it myself from LopeSoft website and I have no problem with downloading it and even executing it. ESET doesn't block me at all because I have disabled PUA detection and maybe because you didn't disable PUA scanning and that's why you were blocked from downloading it. I have discovered one thing about this program is once you execute it, the OCSetupHlp.dll will be executed at the very beginning of the installation without user's knowledge.
Fortunately, Comodo did give me alert and I chose to block and terminate the connection. (shown in pic). However, it seems that I need to get my temp folder cleaned. In this case, I was downloading an epub file which was NOT a threat from a good friend at uploaded.net.
I am frustrated and am prepared to uninstall ESET forever. In this case, the file did not even show up in ESET quarantine - it was detected and download was blocked after approx 90% of the download was completed. What did the notifications say at the moment the download was terminated, what was it detected like?
No, it can't show up in the quarantine as the download of the file was terminated before the download was finished. Is ESET the only vendor detecting the file? Have you or your friend uploaded the file to Virustotal.com to see if any other engine detects something?
But if you know it is clean then just send in the file to ESET and say that you believe it is a FP, if it really is clean then they will take care of it, if it is not, then the Lab may respond and explain why it is detected and that the detection will stay in place. How do I submit a virus, website or potential false positive sample to the ESET lab? Is there a PUA in that one as well?
I have no idea what file that is. This may also be a PUA. As uploaded.net is free to use they can make it similar like file-upload.net, which I used for some files recently. They added a download manager for these files which ESET blocked.
This was the reason why I changed my links and use another file hoster now for the 'alternative download links' I used somewhere. So, @str8arrow, does this happen with every file from uploaded.net? And can you provide us with an example link to a download please? (Or at least a screenshot of the message you get from ESS.). OCSetupHlp.dll: Look at all those test winning AV's picking up this unwanted file.
There are also many AVs which doesn't 'pick it up'. Also 'test winning' is very much expansible and doesn't say many things. Additionally you don't know how virustotal tests the files. It's also interesting that OpenCandy is detected with ESET on virustotal, because the default settings for ESETs products is not to detect potentially unsafe applications. The same way it is of course also possible that a AV vendor listed there which isn't listed as detecting OpenCandy can - in a real usage - detect OpenCandy. That's one reason why VirusTotal shouldn't be for things like AV comparison,. @SweX It's not 'clean' and it's no FP.
It's just a PUA. So all explanation why it is detected are already in this thread.Yeah but I was talking about the file he tried to download from uploaded.net 'I was downloading an epub file which was NOT a threat from a good friend at uploaded.net.' Is there a PUA in that one as well? I have no idea what file that is. Well, when I tried to download myself, I did read that the Open Candy will be removed once a donation of at least 5€ is made to LopeSoft and LopeSoft will provide a standalone installer of this software without the Open Candy. His friend might have the standalone installer that might come from Lopsesoft or other sources.
@SweX It's not 'clean' and it's no FP. It's just a PUA. So all explanation why it is detected are already in this thread.Yeah but I was talking about the file he tried to download from uploaded.net 'I was downloading an epub file which was NOT a threat from a good friend at uploaded.net.'
Is there a PUA in that one as well? I have no idea what file that is. Well, when I tried to download myself, I did read that the Open Candy will be removed once a donation of at least 5€ is made to LopeSoft and LopeSoft will provide a standalone installer of this software without the Open Candy. His friend might have the standalone installer that might come from Lopsesoft or other sources. Hehe I see, well if it as as rugk say, that uploaded.net use a download manager of some type then it could be that piece that is detected, or it can be the loopsoft PUA itself. Impossible for me to say.
The bottom line is that the solution is very simple for people that has problems with 'too many' PUA detections, they don't have to be detected unless you set up the product to detect PUPs and PUAs. They are optional detection categories after all.
A tip for LoopSoft.skip Open Candy altogether, provide a 15 or 30 day free trial without PUAs, and if the user likes it they can still buy it for €5. And not pay €5 to get rid of Open Candy! Bundling stuff does nothing good for the reputation of a developer or company. And I don't think it is impossible to find the stand-alone installer without Open Candy elsewhere if one really wants to find it. I would have no problem donating to loop soft if I like and want to use their software, but I would never donate to anyone that does business through PUAs. Donations is something nice and good, PUPs & PUAs are the opposite to that.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |