It's not about hash. Eset blocks any file that comes out of our MSI configurator despite the files are signed. As you understand, each file with different settings will have a unique hash. Yet, Eset blocks them all just because someone somewhere used one of those file to 'social engineer' into someone's computer.
When we asked them what was the logic behind this they asked that we (!) should "convince malware actors to not use our software". :) Yes, this is what they say today in an email reply.
Even more so - the file that they claimed was "malicious' was actually a legit customized Host file (signed with our signature) only used for malicious purpose. I.e. someone was distributing this file within a malware package. And Eset decided that if our legit file is used by a malware actor then the file was malicious. And by extension they decided that all other configured installers should also be malicuous.
When an email message is sent a 'flag' is set in Agent settings in the Windows registry. Re-sending a message each time you run Agent on that machine doesn't make sense because the Internet-ID code and authentication settings do not change.
If you wipe the Agent registry entry and run Agent anew - the settings will change and email message will be sent again because no 'sent' flag is set yet.
Eset finally provided the file. It was a legit one-click installer file of the previous version which was blocked because someone extensively used (dropped, planted) that file onto victims computers. Antivirus engines block that file by hash (which is expected). Unfortunately, for some reason Eset decided to block it by signature which is incorrect. We have already explained that to Eset .
Besides, the file was not even signed with our current signature, but with a previous one. Still, what Eset is doing is blocking our current signature. That is weird. There will always be someone who builds an RU installer and uses it for malicious purposes but that doesn't mean a signature is compromised and should be blocked.
We are currently talking with them to resolve this situation. Blocking signatures and/or entire software manufacturers based on assumptions is no way to go.