PDFFORGE page blocked by ESET antivirus

Hi! I can not download PDF Architect because ESET's NOD 32 antivirus blocks. It says the page contains threats. Please, see below: Can you tell what is happening? Thank you!

I use ESET NOD32 as well and can confirm the blocking of the URL below.


I did submit the URL to ESET as a safe URL but not sure why it got blocked unless others are reporting it as unsafe for some reason.


thanks for the heads up, but according to Virustotal the issue seems to have resolved itself (or rather, thanks to your help).
I don’t have Eset for testing this directly, can you confirm the URL is no longer blocked?

Best regards,


Hello! I just tried the download and the page is still blocked by ESET NOD 32.
I hope PDFFORGE can explain what it is, and resolve it as quickly as possible.
Best regards,

Hi Regina,

thank you very much for letting us know.
In all cases so far, it have been false alerts and since ESET isn’t showing any threats according to virustotal.com , it might be related to your specific ESET settings.Does ESET give any details on what it claims to have found, or is this a general heuristic detection?

Best regards,


Hello! Yes, I saw in VirusTotal that ESET says that PDFFORGE is clean. But when I try to download, the NOD 32 message says the page is on a list of dubiously reputable sites with unwanted content, and the page has been blocked. I was trying the free download of PDF Architect.
I changed my NOD32 to the original settings, restarted the notebook, and tried again. The answer came as Google's "404 Error (Not Found)", see below ...
I really do not understand what it can be.
Thanks for your help.

Hi Robin. I am also having trouble with downloading a product too. We purchased PDF Architect and when trying to download the paid installer, we get:

Potentially unwanted application removed

A potentially unwanted application (Win32/LuLuSoftware.A) was found in a file that Microdoft Windows Search Protocol Host tried to access

The file has been deleted.

I tested the download URL that we were given after purchase on Virus Total, and it reported it as safe, so I concur that a normal updated installation of NOD32 will not allow us to use your products.

Also: The message I just posted was INSIDE of an ESET Endpoint Antivirus window (yellow outline).



we are trying to resolve this with ESET, our software and websites are totally safe.
Unfortunately, PUA is completely undefined and even displaying a single offer screen during the setup can trigger a PUA detection. While there aren't any offer screens during the PDF Architect setup, it is located on the same download server as the PDFCreator freeware, which does contain an offer screen with a 100% optional offer during the setup.

Best regards


The blocking with ESET is still an issue as of today (6/22/2018) when I tried to download 3.2.2.

1 Like

Such a shame you guys prefer the opencandy adware instead of letting costumers experience your product...

OpenCandy and InstallMonetizer haven't been part of the setup for multiple years...
Anybody can define PUA as they like. I can understand viewing even a single offer screen with a 100% optional offer can be potentially unwanted, but there is still the option of either purchasing the software (this can also be potentially unwanted , I guess) or not blocking PUA but only actual threats in security software.
We can't do more than ask ESET to double check their decision; if they want to list it as PUA, there is nothing we can do to stop them. They could even list it as PUA if we remove any form of advertising, since somebody might not like the red icon on his desktop...

While I don't mind an advertisement on install, PDF Architect has started showing upgrade ads on my desktop that repeated every few hours, require two dismissals to go away temporarily and offer no mechanism to stop them from displaying. This would certainly qualify as unwanted.


sorry for the trouble. You can usually disable the ads by disabling the notification system in the PDF Architect general settings. If you need any help with this or it doesn't work as expected, please let me know.

Best regards


I wanted to re post that this issue is still happening. I suppose we can whitelist the LuLuSoft software, however I am concerned that it could also be used by malicious actors (not pdfforge) to spread malware and popups in my organization. This would have the effect of widening the threat vector for my company, as a untrained user might click on a malicious popup from said malicious actor.

In addition, I still am unable to install PDF Architect that we bought back in June.

Is there any way you can re-write your application to not use LuLu software, at least in your PAID products?

Hi @DTJack,

We're working with ESET and the issue should be fixed soon.

As far as I'm informed most of the issues are already resolved. Try downloading PDF Architect here: https://download.pdfforge.org/download/pdfarchitect6

The virustotal result looks very promising: https://www.virustotal.com/de/file/784e3fff1b09d3f58656a0727ae39d6ed3086026e5b0e556f94f69d357fd0e34/analysis/1537880194/

We're sorry for the inconveniences.

This problem is still relevant, have you been able to advance on the resolution?


it had been fixed, which file or page is currently causing the false detection?

Best regards


it's the setup (PDFCreator-2_3_2-Setup.exe), Eset find Win32/LuluSoftware.A

I didn't try with the latest version

Virustotal shows no issues for the latest setup regarding ESET:
Version 2.3.2 is no longer supported and might contain different advertising technology in the setup.
However, all offers included in PDFCreator setups have always been 100% optional and if the setup was originally downloaded from our server it is safe to use.