So it looks like the file is being detected as just "Hack Tool", nothing specific. I unzipped an archive of some password recovery tools from NirSoft, such as for ZIP files, wireless keys, IE / protected storage, etc.
Most of them that were "detected" were "Hacktool.PassReminder", "Hacktool.SniffPass", etc, but the PST Password Recovery tool was just detected as "Hack Tool". All of the others it let me use the "Exclude" option, and they no longer get detected. But the PST one has that grayed out option.
So is something that just shows up as "HackTool" some kind of generic/heuristic detection? I went to centralized exceptions to exclude the "HackTool" detection, but it only has HackTool.xxxxxx, i.e, specific entries for each individual "HackTool".
So is there any way to tell it not to detect any "HackTool" threat?
I don't recall what file it was before where I wasn't able to exclude, but I bet it was a generic detection as opposed to a specific one, and that is why "Exclude" is grayed out sometimes.