View Full Version : IMON and eicar
n8chavez
July 20th, 2006, 02:17 AM
I was just wondering why IMON considers an attempt to download malware to be five instances. Take for example the eicar file; IMON sees downloadin that file once as multiple attempts. If IMON is configured to do so, the user is prompted with multiple on-access warnings. Why is that? Is there any way to change it so that I get only one per "attempt?"
fosius
July 20th, 2006, 02:30 AM
Hm, I have not experienced this problem.
pykko
July 20th, 2006, 04:54 AM
n8chavez where did you try downloading the Eicar test file?
What browser did you use?
Brian N
July 20th, 2006, 06:49 AM
That's because it's set to higher compatibility.
Change it back to higher efficiency for your browser and you only have to click once.
Marcos
July 20th, 2006, 06:52 AM
It's your browser which attempts to download it multiple times if IMON terminates the connection.
n8chavez
July 20th, 2006, 12:43 PM
I'm using Opera 9.1. I was just trying to use the eicar file as an example; I though tthat maybe all files detected by IMON were treated that way. I will try changing the configuration settings first because I don't thik it is my browser. Dr Web and BD only show one screen and I'm using the same browser.
alglove
July 20th, 2006, 12:54 PM
Hey, n8. I have noticed the same thing (with files besides eicar). Sometimes I will get multiple IMON detections, and sometimes an AMON will get in there, too. I am pretty sure it is as Brian and Marcos say. It is a combination of the "higher compatability" setting and the browser trying to reestablish the terminated connections.
Of course, a browser trying to reestablish a broken connection is usually a good thing, so I do not consider that a fault of Opera. Changing the IMON modes to higher efficiency will probably stop this from happening.
ASpace
July 20th, 2006, 01:30 PM
{QUOTE-> It's your browser which attempts to download it multiple times if IMON terminates the connection. <-QUOTE}
Yes , I confirm and second this . This happens with Internet Explorer which attempts to try eicar.com at least 3 times and everytime there is an alert.
n8chavez,if you use NOD32 and wish to make it easier , you can check it this way
n8chavez
July 20th, 2006, 01:52 PM
Thanks for the suggestion but I would like the alert window to popup that way I know what is going on. I'll try the compatability settings.
ASpace
July 20th, 2006, 01:54 PM
{QUOTE-> Thanks for the suggestion but I would like the alert window to popup that way I know what is going on. I'll try the compatability settings. <-QUOTE}
:thumb: :thumb: :thumb:
vBulletin® Copyright ©2000-2009, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2009, Wilders Security Forums