Announcement

Collapse
No announcement yet.

Notice: NOD32 disables nsprocess plugin

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Notice: NOD32 disables nsprocess plugin

    As a matter of fact the known antivirus-software NOD32
    from ESET www.eset.com will treat "nsprocess"
    as "potential malware" from now on. (def 1.1858)

    http://nsis.sourceforge.net/NsProcess_plugin

    http://nsis.sourceforge.net/mediawiki/images/1/18/NsProcess.zip


    .... it's intended for killing processes so it must
    be detected as a Potentially unsafe app:

    Description

    Features:
    Find a process by name
    Kill a process by name
    Kill all processes with specified name (not only one)
    The process name is case-insensitive
    Win95/98/ME/NT/2000/XP support
    Small plugin size (4 Kb)
    To disable this warning disable the option for "Adware/Spyware/Riskware"

    From my point of view - no advantage in disabling this option.
    Examples can be downloaded here: http://www.themexp.org/
    themesxp.org distributes their content in a package with
    lots of adware/spyware. NOD32 prevents the download.

    Cheers
    Greets, Brummelchen
    Tags: None
  • #2
    If you have experienced this problem and it interrupts your installer, please let NOD32 know that it's unacceptable by you. I'll also have a little chat with them about the consequences of such a false detection, "not a virus" or not.
    NSIS FAQ | NSIS Home Page | Donate $
    "I hear and I forget. I see and I remember. I do and I understand." -- Confucius

    Comment

    • #3
      I did - and above you got the answer!
      Greets, Brummelchen

      Comment

      • #4
        I was actually talking to everyone who has this problem. In your case, you should continue and explain how unreasonable it is. You have a very valid installer which is absurdly disturbed because it uses a valid Windows API. If they wish to warn of process termination, they should hook TerminateProcess, warn about its usage only when it's used, and not just block any application that mentions it.
        NSIS FAQ | NSIS Home Page | Donate $
        "I hear and I forget. I see and I remember. I do and I understand." -- Confucius

        Comment

        • #5
          omg kichik - it is no longer my problem (i never used nsprocess).

          it belongs to those who use it - i just got messages while updating nsis.
          the rest is between you and eset - and they dont change their mind.

          so i asked you to put a notice on the wiki page.

          but instead you like to discuss what can not be discussed - got it?
          Greets, Brummelchen

          Comment

          • #6
            Update - nsprocess.dll is no longer a bad file.
            Greets, Brummelchen

            Comment

            • #7
              Hi Brummelchen,

              hmm I currently a nod32 user and got attracted by this.... I wish to know more about your last post which says:

              Update - nsprocess.dll is no longer a bad file.
              Hmm let's see I can identify what you mean

              1. Nod32 updated their virus signatures so that nsprocess.dll no longer detected by it as bad ? And it safe to use. It will not affect other nod32 users anymore from now on right ?

              2. Or is it I have to redownload nsprocess plugins from nsis wiki development center and patch over the current one I am using, which works before this error cause by nod32 ?

              Comment

              • #8
                till november i had nsprocess laid in my nsis directory which
                is regularly scanned from nod. after that i removed it.
                But i have a folder to collect new or updates files from nsis
                in which the plugin is stored. the latest (full) scan has
                nothing found. so i assume that eset has refreshed or refined
                the signatures.

                nevertheless the potential damage of this file within nsis
                is existant. The best way is FindWindow and to inform user
                to close the applikation
                Greets, Brummelchen

                Comment

                • #9
                  IMHO the best way is to recompile the Process Plugin yourself and add some extra code and verion data, so checksum will not be the same. Maybe even use UPX or something else.

                  BTW always tell Symantec that they are cripling great open source software where they can check themselfs if the code is malicious.
                  "Just do it"

                  Comment

                  • #10
                    afterward packed files (eg with upx) are scanned and detected.
                    Greets, Brummelchen

                    Comment

                    • #11
                      As of now, nsProcess.dll is still listed by more than 10 of the major anti-virus/spyware applications.

                      Bottom line is, if you want to avoid problems with users due to the false positives, your best bet is to implement the plugin's functionality directly into your installer with the System plugin.

                      Naturally, a DLL consisting of only functions used to kill processes is going to look suspicious.

                      Comment

                      • #12
                        Originally posted by Backland
                        As of now, nsProcess.dll is still listed by more than 10 of the major anti-virus/spyware applications.

                        Bottom line is, if you want to avoid problems with users due to the false positives, your best bet is to implement the plugin's functionality directly into your installer with the System plugin.

                        Naturally, a DLL consisting of only functions used to kill processes is going to look suspicious.
                        I used to use nsProcess plugin and I was desperate with all these annoying AV politics against the plugin instead of hook on TerminateProcess as kichik mentioned above.
                        So, Backland please, post an example here or better at wiki on how to accomplish the bottom line you mentioned above!
                        Quick AVI Creator - Quick and easy convert from DVD/MPEG/AVI/MKV to AVI/MP4/MKV
                        Quick AVI Creator entirely edited with NSIS and entirely upgraded to Unicode NSIS

                        Comment

                        • #13
                          I have so far settled to use the TerminateProcess macro posted in the wiki by Takhir.

                          I have looked over the code required to correctly terminate a process given its module name (on Win 9x-XP), and the code is fairly large... implementing it using the System plugin is certainly going to be a big job.

                          Another option is to call the tskill utility, although I'm not sure if it ships/works with Windows 9x.

                          HTH

                          Comment

                          • #14
                            Just an example please... I'm not so advanced user to understand without an example!
                            Quick AVI Creator - Quick and easy convert from DVD/MPEG/AVI/MKV to AVI/MP4/MKV
                            Quick AVI Creator entirely edited with NSIS and entirely upgraded to Unicode NSIS

                            Comment

                            • #15
                              http://nsis.sourceforge.net/Find_and_Close_or_Terminate

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X
                              😀
                              🥰
                              🤢
                              😎
                              😡
                              👍
                              👎