PDA

View Full Version : When NOD grabs a big file, time to get coffee 8-{

jeffw_00
September 29th, 2007, 12:56 PM
I really like NOD32, except for one thing.

Once in a while, for work-purposes, I drop a really big data file (100 - 300MB) on my machine. As soon as NOD32 sees the file it grabs it, and really locks up my 3GHZ p-IV (dual-thread) machine until it's done checking it. There doesn't seem to be any to stop it, even by killing the NOD process (it's the "SYSTEM" process that soaks up all the CPU cycles). I hate to exclude extensions because that's a vulnerability. But I wish there was a "that file is ok" button I could press (or NOD could work more in the background).

It's the type of thing where I think the developers tested on much smaller files and never realized the consequences of a really big file

/j
Marcos
September 29th, 2007, 01:42 PM
Have you tried disabling runtime packers, advanced heuristics and self-extracting archives in the AMON setup to see which option causes the slowdown?
jeffw_00
September 29th, 2007, 01:46 PM
{QUOTE-> Have you tried disabling runtime packers, advanced heuristics and self-extracting archives in the AMON setup to see which option causes the slowdown? <-QUOTE}

the files it's attacking aren't compressed, just really big ASCII data files...
i_kenefick
September 29th, 2007, 03:04 PM
what kinda of file extension? Can you just add an exception to the file extensions if the files are typically 'Non infectable'?
jeffw_00
September 29th, 2007, 03:33 PM
I could, but as I said above, I hate to exclude extensions because that's a vulnerability
i_kenefick
September 29th, 2007, 04:54 PM
{QUOTE-> I could, but as I said above, I hate to exclude extensions because that's a vulnerability <-QUOTE}

Well if the file is text only I don't see this as being a vulnerability. Anyone else have opinion on this?
ChicknDip
October 1st, 2007, 11:43 AM
I would exclude the extension if it was text only, but I do understand the topic starter, I can go make coffee and add milk and sugar after only downloading a 30MB exe file.
solcroft
October 1st, 2007, 12:25 PM
{QUOTE-> Well if the file is text only I don't see this as being a vulnerability. Anyone else have opinion on this? <-QUOTE}
If a file is really an executable program, there are ways to execute it even if it has a non-standard extension, such as txt. There's the possibility one could run across a program renamed with the extension usually reserved for ASCII files.

Apparently, according to the moderators, lowering your level of protection is currently the only method to circumvent this problem.
YeOldeStonecat
October 1st, 2007, 01:37 PM
What OS, and how much RAM?
Any non-default settings to NOD32 that you have?