The aim of this thread is to give feedback to ESET as to changes we would like to see in future upgrades of EAV

Please be very specific so that your suggestion can be written in one line. After this go into DETAIL though remember to try and keep it in plain and simple terms. If it is too complex I will simply add: refer to post number XX. Basically, if I can't understand it, how can I write about it.

If your suggestion has already been discussed in previous threads please post links to such, this may help further explain your case to ESET and others reading your suggestion.

You are welcome to discuss the merits of each and every suggestion, just keep on topic, as there are other parts in the forum to discuss issues.

A list will be maintained by Wilders and ESET staff in this first post enabling people to easily see if their suggestion is already included.

Cheers ;D

Blackspear.




1. Provide "Pause" and "Stop" items on the ESET system tray icon pop up to allow users to pause or stop scans (including scheduled scans). It would also be helpful is the system tray icon changed colour or shape when a scan is running. The problem with using "balloons" to display messages it that users do not see the messages if they are away from the PC.

2. Provide a facility to automatically display on the screen (not a balloon) and/or email the results of a scheduled scan when it completes.

3. Provide "Disable" and "Exit" items on the ESET system tray icon pop up to allow users to temporarily disable all ESET functionality or exit ESET completely.

4. Make EAV 3.0 useable via Windows Scheduled Tasks, where other users may frequently group their tasks.

5. Add a HIPs module.

6. Expand the scope of information captured by Ctrl-C in some dialogs - see post number 7.

7. The ability to skip scheduled scans if a laptop is running on battery power at the time. Some defrag programs offer this functionality.

8. Integrate command line inside EAV and ESS like option scan for easy access

9. Bootscan as option (it demands restarting pc similar the Avast)

10. Elapsed and Estimated time scan pc

11. Add option web protection site advisory (http://img.photobucket.com/albums/v426/Peace_of_God/Semttulocopy.jpg) (icon green, yellow, red and "?" )

12. Web browser image Access denied "after (http://img.photobucket.com/albums/v426/Peace_of_God/oll.jpg)" and "before (http://img.photobucket.com/albums/v426/Peace_of_God/_llpcopy.jpg)".

13. Better User-centric settings control for the GUI. Things like splash screen toggle, etc.

14. More granular control of the password protection for different parts of the program (i.e. Quarantine protection having a different password than other sections).

15. Configurable scheduled scan 'snooze' button, with forced scan completion after X snoozes of Y minutes.

16. Add an option of automatic response when a possible threat is submitted you have actually received it ... an automatic reply you have received the ~threat , no matter if you are going to add it.

17. Active Process Scanning

18. As mentioned above, better self protection (right now, I can kill the process with an application I built in vb. This shouldn't be so easy.)

19. Configurable archive scanning depth

20. Better integration with Mozilla Thunderbird (like it was in 2.7)

21. The ability to make the list of blocked addresses configurable per user so that certain URLs are only blocked for certain users.

22. Add a setting to the proxy filter for programs so users can set auto or manual adding setting so advance users don't get a list full of programs that don't belong in there.

23. Add the non GUI option as some don't need a pretty GUI for AV.

24. Downloading Progress Bar http://www.wilderssecurity.com/showthread.php?t=194773

1. Provide "Pause" and "Stop" items on the ESET system tray icon pop up to allow users to pause or stop scans (including scheduled scans). It would also be helpful is the system tray icon changed colour or shape when a scan is running. The problem with using "balloons" to display messages it that users do not see the messages if they are away from the PC.

2. Provide a facility to automatically display on the screen (not a balloon) and/or email the results of a scheduled scan when it completes.

3. Provide "Disable" and "Exit" items on the ESET system tray icon pop up to allow users to temporarily disable all ESET functionality or exit ESET completely.

For those of us who are not super-computer savvy:
(1) Make EAV 3.0 useable via Windows Scheduled Tasks, where other users may frequently group their tasks.
(2) Keep It Simple! As mentioned on a number of computer web sites, although EAV Nod32 has a great reputation for protecting against viruses, the configuration process is challenging...if not mind-boggling.

1) HIPS
2) self protection (http://www.wilderssecurity.com/showthread.php?t=198158)
3) better active rootkit detection and clean

An online rules database similar to Agnitum's ImproveNet (http://www.agnitum.com/support/improvenet/description.php) used by Outpost Firewall and Outpost Security Suite.

See this thread (http://www.wilderssecurity.com/showthread.php?t=197335) for details.

Obviously this just applies to ESS and not NOD32. - (Blackspear, maybe there should be a similar thread in the ESS forum).

one post removed and a reminder that this thread is meant to provide new additions users desire. This is not a thread meant for ongoing issues.

I'm hoping some of the kinks get worked out soon. I have had to roll my entire production domain back from 3.0.621.0 to 2.70.39 and am delaying setting up a local mirror and remote admin system because of issues like the Event ID 6004 error, loss of server response, and remote desktop session failures when servers are running 3.x. Known (and unknown) bugs aside -- I have several suggestions for design changes.

1. Expand the scope of information captured by Ctrl-C in some dialogs.

In version 2.70.39 one could use the Information dialog to capture complete details about the antivirus software version as well as versions of all components and information about the host system as well. This was great for copying and pasting in to reports for maintenance records. In version 3.x the nearest substitute for this (that I can find) is in the Help | About dialog. The information available there for copying and pasting does not even include the antivirus software version number!

In version 2.70.39 scan reports could be copied in part by highlightin non-contiguous sections of the log and hitting Ctrl-C. In version 3.x you can only copy contiguous portions of the log. (This is not a really big deal, but it is more convenient to get everything you want in one shot rather than Alt-Tabbing between the log and a maintenance report form.) I realize that I could also just export the log and cut out what I don't want, but prefer this method when using a remote desktop session for gathering data on remote systems.

2. Provide an alternative means of providing exclusion rules for certain types of files or for specific system locations.

On a server which runs SQL Server I want to exclude .ctl, .dat, .ldf, and .mdf file types from scanning of any kind. With the current design I have to go into several dialogs to accomplish this. Often, when you want to exclude something, you want to exclude it from any type of interaction whatsoever with the antivirus software.

3. Either make the new interface more responsive, or go back to the old user interface.

I know everybody is supposed to like "browser-like" interfaces. I really don't care much what an interface looks like (eye candy-wise) as long as it isn't badly cluttered and as long as it makes sense. But waiting several to many seconds for software to cogitate before finally giving any sign whatsoever that it has even received input from the user is maddening!

4. Provide a way for EAV to work properly with proxy software like Tor. The only way I can use Tor on a system running version 3.x of EAV is to set protocol filtering to "HTTP and POP3 ports" only. Any other setting, even with eclusions for Privoxy and Tor, causes Tor to fail and / or total inability to browse the Web through Tor.

Edit:

I should have checked a little more carefully in 3.0.621.0. Apparently you can copy non-contiguous sections of a log now. Nice. But the scope of what's available for copying to the clipboard still needs to be improved.

This applies to RAS but two features I miss since coming from Symantec.

1. The current file that the real-time scanner is looking at.

2. The logged on user name.

For the default install setup, provide a weekly scheduled scan defined for all local drives, or at least the c: drive.

The ability to skip scheduled scans if a laptop is running on battery power at the time. Some defrag programs offer this functionality.

1 - To integrate command line inside EAV and ESS like option scan for easy access

2 - Bootscan as option (it demands restarting pc similar the Avast)

3 - Compilation in European Portuguese (At present it is translated only in the Brazilian Portuguese) please...:(

4 - Elapsed and Estimated time scan pc

5 - To improve sending and reception notice archives analysis. (we can receive for a popup or by electronic mail archive is or not virus, and with which name it was cataloged)

6 - Anti-Spam plugin support all clients email or the clients most used by users as we can see to soon of topics forum.

7 - Add option web protection site advisory (http://img.photobucket.com/albums/v426/Peace_of_God/Semttulocopy.jpg) (icon green, yellow, red and "?" )


8 - Web browser image Access denied "after (http://img.photobucket.com/albums/v426/Peace_of_God/kloipopl.jpg)" and "before (http://img.photobucket.com/albums/v426/Peace_of_God/kloipoplllcopy.jpg) [1 (http://img.photobucket.com/albums/v426/Peace_of_God/kloipjkjkooplcopy.jpg)]"

9 - IMAP email scanning and SSL scanning STunnel encrypted

10 - Tagging email - possible modification for user text tag message [variable options - Standard and Advanced]

11 - Backup and Restore, PC Tuneup and Paternal Control - Center GUI

12 - Update Offline - downloading web site official database virus "pack" compatible EAV an ESS

13 - Update Program - EAV/ESS update program to 3.0.xxx to 4.0.xxx for example without the necessity of a new installation.

-{ Quote: "This applies to RAS but two features I miss since coming from Symantec.

1. The current file that the real-time scanner is looking at.

2. The logged on user name." }-

I agree on both of these 100%.

The fact that I can't see what file is being scanned so I can create a custom exclusion is crazy to me.

And the logged in user name was always a hugely useful plus of Symantec's System Center.

I'd also like to see for the Business edition:

1. Better User-centric settings control for the GUI. Things like splash screen toggle, etc.
2. More granular control of the password protection for different parts of the program (i.e. Quarantine protection having a different password than other sections).
3. Configurable scheduled scan 'snooze' button, with forced scan completion after X snoozes of Y minutes.

Change in the behaviour of the Threat/Virus Lab

Please , add an option of automatic response when a possible threat is submitted you have actually received it ... an automatic reply you have received the ~threat , no matter if you are going to add it

I would like to see EAV work better in conjunction with UAC in Vista.

Vista is a nice change in MS operating systems in that it is possible, finally, to do the vast majority of my work as a systems admin from within a standard user account. If accomplishing a specific task requires it I can issue admin credentials upon demand.

With EAV making any change whatsoever to settings requires me to log off of the standard user account and log on as an admin. (Even running the user interface as an admin from within the standard user account doesn't really work properly.)

Truly Vista-compatible software asks for admin credentials as they are needed when one invokes a feature which needs them.

I do realize that incorporating such a sweeping change in functionality may not be feasible for this version of EAV. But it would have been nice.

Features I would like in NOD32:


Active Process Scanning
As mentioned above, better self protection (right now, I can kill the process with an application I built in vb. This shouldn't be so easy.)
Configurable archive scanning depth
Better integration with Mozilla Thunderbird (like it was in 2.7)


Those are just some things that would be nice. Sorry if I repeated anything anyone else said.

Two more posts removed.

As noted in the first post and in Bubba's reminder...

-{ Quote: "one post removed and a reminder that this thread is meant to provide new additions users desire. This is not a thread meant for ongoing issues." }-This thread is for new features and functionality, not for reposting of current issues or bugs that are already being discussed in other threads.

The ability to make the list of blocked addresses configurable per user so that certain URLs are only blocked for certain users.

Add a setting to the proxy filter for programs so users can set auto or manual adding setting so advance users don't get a list full of programs that don't belong in there.

Add the non GUI option as some don't need a pretty GUI for AV.

-{ Quote: "I would like to see EAV work better in conjunction with UAC in Vista.

Vista is a nice change in MS operating systems in that it is possible, finally, to do the vast majority of my work as a systems admin from within a standard user account. If accomplishing a specific task requires it I can issue admin credentials upon demand.

" }-

I will second this. Programs that encourage people to run as administrator all the time are really bad for computer security.

-{ Quote: "1. Better User-centric settings control for the GUI. Things like splash screen toggle, etc." }-

This option magically appeared in my RA's XML editor recently! YAY!

1 down. ;)

Hi,

I would like to see Downloading Progress Bar in future version of EAV.
http://www.wilderssecurity.com/showthread.php?t=194773

-{ Quote: "This option magically appeared in my RA's XML editor recently! YAY!

1 down. ;)" }-

Yes but they don't work...

EAV version 3 uninstallation process is no longer password-protected. I'm sure we need this so to prevent threats from removing the virus protection.

hi.
1.I wish that I can upload the undetected files which are packed as a RAR or ZIP file via threatsense.net , so as to let the analizer can check the virus.
2.eav should become use lower CPU usage in copy large files and unpack files.
3.Optimized the scanning to the P2P software
4.Build a forum to let yourself to collected the issues that respounding to how eav can be bypass , then fix it in time.

An option to turn the blurry text off! ClearType should be renamed BlurType.

-{ Quote: "Yes but they don't work..." }-

And you're right.. LAME!

So that'a Bug, not a feature request -- different thread. :)

OK here's a few I suggested the support guy today via phone:

1. All Threats detected should be reported in the Threat Log (tab) of the RA regardless of which scan found it (it currently only shows threats caught by the Real-time scanning, not scheduled scans).

2. The Scan logs should report action taken if it was handled, currently if it cleans it, it doesn't tell you that it cleaned it, or how it cleaned it (cleaned or deleted).

3. The RA Server should email you any time there is a problem. IE: if there's an entry added to the Threat Log, Errors in the Event log, Protection Status Error levels, Lack of client check-in, etc. Currently it only emails "reports" at the server level. All real-time alerting comes from the Clients, which leads to needing multiple config files with different SMTP server settings for different offices, and is extra annoying for laptops that travel between multiple networks (and therefor usually need to use different SMTP servers on each one, some of which we don't know the configuration of).

4. A way to view a client's Quarantine, and make a task to empty it.

ability to generate a boot CD, and a boot USB disk, to clean infected system files. should be low foot print, run on minimum system resources (128mb system, older cpus), and contain essential tools for repairing the system.

or may be sold as a separate standalone product.

what about giving users the message "please restart the computer and run NOD32 in safemode"

when you cant remove trojans and virues you should run nod32 in safe mode
and meybe a restart to safemode, am sure microsoft made a option in windows to boot into safe mode on next restart

msconfig > boot has it

this will make LIFE eseier for everyone that gets cannot clean/delete the item and so on :o

Because generally both v2 and v3 can clean infiltrations immediately (especially v3 which has cleaning malware improved) . This is when it comes to processes . When the situation is a bit more difficult (e.g. infected dll) , ESS/EAV/NOD32 will tell you that upon next reboot the malware will be gone , so generally no restart to Safe Mode is needed

Request for corrections and new features in EAV 3.0

1) Rights Management
Currently, configuration can be protected by password. Problem is each time you access the Advanced Configuration Tab, you are asked for type your password (even is main ESET windows is still opened). That is annoying.

What I suggest is to log as ESET Admininstrator (once) during a whole session and possibility to log off. This is particularly interesting when you have a multi user PC, with 1 Admin and Serveral Users, and you are currently configuring ESET for a particular User

Another feature, maybe, could be to apply change for current user (or selected user ) or to all users...


2) Mail client Downloading Progress bar (as in NOD32 v2.7)

3) Attachement management inside original mails... I noticed, using gfi.com mail testing, that dangerous threats were removed, but a strange attachement were remaining (still several bytes, impossible to save on the disk). In NOD32 v2.7, attachement were replaced by a text file explaining that attachement were removed...


4) Mail Tags enhancements... Sometimes, on html mails, tags do not appear...

5) Number of infected files, written on main windows, corresponds to the threats detected during current session... That is not clear... May be, adding history as : nb of threats detected since <date of last log cleanup>


6) Some translations are quite approximatives (noticed in french release)

7) hhtp client management and explaination are not sufficient... It is said that all application viewed as browser must be checked, the one that we don't want to be recognized as a browser, must be marked, using the cross... Well, but how to insert the cross (instead of the check mark ?)... That is not very clear in fact... Altough, the http "active" detection is not sufficiently documented...


Regards


Phil

self-defense protection just like a kaspersky :-)

-{ Quote: "self-defense protection just like a kaspersky :-)" }-Definitely agree. I saw a thread a while ago stating that "ekrn.exe" can be terminated by a simple batch file; I'm not sure if the self-defense has improved at all since then, but if it hasn't, I'd love to see it incorporated.

I would like to see a command line option to force EAV to update its virus defs.

We got one XP base image for our 5000+ workstations, after imaging we run a script. It would be nice if we could trigger to update with it.

a option to disable Web access protection and email protection and not get the annoying red icon, useful if you have a program that isnt liking web access protection and if you use webmail, no need for email protection

here is a bootscan picture of eset to make ;P

http://bcheck.scanit.be/bcheck/hj-images/avast-scan.png
i totaly agree it should have a bootscan option, meybe scan everytime pc boots option to, like if you want to scan MBR, system files and stuff

SSL scanning support when using SSL-pop3.

sound signal when threat is detected

How about a option to uninstall the software completly from within Remote Administrator Console

here is another basic future request
what about making md5 hash of the installation files and put the hash on the downloads page?

makes it realy easy to verify!
the version numb3r and if its real :thumb:

please

Ideas:
- Registry checking when On Demand Scan is triggered.
- Cookie scanning / blocking / removal.

We can set to accept program component update but nod32 never inform us of NEW version

I suggest a pop-up when a new version is available.

-{ Quote: "We can set to accept program component update but nod32 never inform us of NEW version

I suggest a pop-up when a new version is available." }-


+1 vote :D


cheers 8)

.xml based language translation?
would be great if NOD32 / Smart Security gets support for it!

-{ Quote: "+1 vote :D


cheers 8)" }-

+2

Do not scan on backup

Symantec had this, it shaved 2 hours off backup times on our file server.

My biggest loss from v2 is the the ability to push the configuration.xml file along with the updates from the mirror... That was one great feature!

Earlier on V2 i freshly installed a new client, pointed it to the mirror and the client got updated and configured itself with the correct config-file. - And the best part - if i changed the config, all clients got the new config next time they did an update.

Now in v3 i have to first intall the client, then push the config, then update the client.....and if I do changes I have to push out a new config, but this only hits the computers online - which is about 65% of my total users, and I have to redo this every once in a while hoping to catch them all while connected with VPN and give them new configs.....which takes very long time, and makes this a lot more difficult to manage.

So my biggest wish for V3 is the ability to distribute the config from the mirror.

- Progress bar v3.0 - attachment image

- Suggestion send sample user - add sigla database


example:


Threat Normal- detecting AV heuristics:

Win32/Poision


Threat User - Send sample user from Eset - sigla USS = user send sample


Win32/USS.Poision


I do not know if that is possible, but it was a way to prove that we are not sending samples of virus in vain.




That is my suggestion



Cheers 8)

-{ Quote: "SSL scanning support when using SSL-pop3." }-

I also have a ssl-pop3 and I would greatly appreciate if, finally, ESS/NOD32 be able to scan ssl-pop3...

-{ Quote: "We can set to accept program component update but nod32 never inform us of NEW version

I suggest a pop-up when a new version is available." }-


I add my vote for this suggestion too!

-{ Quote: "I add my vote for this suggestion too!" }-
mee two;)

-{ Quote: "OK here's a few I suggested the support guy today via phone:

1. All Threats detected should be reported in the Threat Log (tab) of the RA regardless of which scan found it (it currently only shows threats caught by the Real-time scanning, not scheduled scans).

2. The Scan logs should report action taken if it was handled, currently if it cleans it, it doesn't tell you that it cleaned it, or how it cleaned it (cleaned or deleted).

3. The RA Server should email you any time there is a problem. IE: if there's an entry added to the Threat Log, Errors in the Event log, Protection Status Error levels, Lack of client check-in, etc. Currently it only emails "reports" at the server level. All real-time alerting comes from the Clients, which leads to needing multiple config files with different SMTP server settings for different offices, and is extra annoying for laptops that travel between multiple networks (and therefor usually need to use different SMTP servers on each one, some of which we don't know the configuration of).

4. A way to view a client's Quarantine, and make a task to empty it." }-

You are right on it techie007 these are exactly the same points I would like to make.

I will add

5. When showing the current signature version for the network on the RA console (clients tab) give the cients a chance to update to the current version before considering it a warning situation. Currently as soon as the server has a new version everthng is red until all clients have updated. I think this is a bit over the top as you will always need to allow 15 mins for all cients to update to server version.

Cheers

Mike

A simpler and more effective icon for the splash screen. I googled and found this:

198620

-{ Quote: "A simpler and more effective icon for the splash screen. " }-

yeurrkkkkkk :gack: :thumbd:

-{ Quote: "yeurrkkkkkk :gack: :thumbd:" }-


+1:thumbd:


picture no static

not attractive user

I don't like this eye , too :thumbd:

Very nasty and scary for any user . The android conception is excellent , IMO , just the tray icon (but it seems they wouldn't change it)

Looking forward to a fix on ekrn.exe when everything is off from real-time, web protection, and etc... And ekrn.exe still running at 32k to 42k. I'm only running nod32 on demand scanner and ekrn.exe is still running high. I use outpost and i check it regularly and it's connecting to local port 30606. I don't get how this could be happening when everything is turn off...Hope they will fix this soon.

-{ Quote: "Looking forward to a fix on ekrn.exe when everything is off from real-time, web protection, and etc... And ekrn.exe still running at 32k to 42k. I'm only running nod32 on demand scanner and ekrn.exe is still running high. I use outpost and i check it regularly and it's connecting to local port 30606. I don't get how this could be happening when everything is turn off...Hope they will fix this soon." }-


There is nothing to be fixed . You can make sure that "Protocol filtering" is set to "Applications marked as web browsers and mail clients" and that no application is checked as browser / pop3 client.

Then you should make sure that you DO NOT stop the protections from the Setup section but from the Advanced Setup tree . There is big differences between these.

Moreover , if you want to keep ESET NOD32 as on-demand scanner only with not active scanning - the solution is very simple . When you don't need it , simply set ESET's Service to "Disabled" and disable the UI from auto-running on start-up . When you think you need NOD32 to make scans , you simply Set its Service to "Automatic" and Start the service . Start egui.exe from Start - Programs -> ESET - ESET NOD32 Antivirus

-{ Quote: "There is nothing to be fixed . You can make sure that "Protocol filtering" is set to "Applications marked as web browsers and mail clients" and that no application is checked as browser / pop3 client.

Then you should make sure that you DO NOT stop the protections from the Setup section but from the Advanced Setup tree . There is big differences between these.

Moreover , if you want to keep ESET NOD32 as on-demand scanner only with not active scanning - the solution is very simple . When you don't need it , simply set ESET's Service to "Disabled" and disable the UI from auto-running on start-up . When you think you need NOD32 to make scans , you simply Set its Service to "Automatic" and Start the service . Start egui.exe from Start - Programs -> ESET - ESET NOD32 Antivirus" }-

I assure you all that is turn off. And ekrn.exe is still running in the background.

Let's try again:

If you use the disable option , this will NOT stop the NOD32 processes and modules - they will remain active . They will not perform scanning/removing of malware (but will remain loaded in memory!) .
If web-access protection is disabled , protocol filtering remains ACTIVE , the traffic is still proxied but the traffic is not scanned for threats (or if scanned no actions is taken)

However , if you don't want ESET modules running in background , you need to unload them from memory . Unlikely other vendors , ESET products have one proccess only - everything done by ONE KERNEL . So you need to stop the kernel .

The kernel can be stopped if you *first* disable the ESET service from Control Panel -> Administrative options -> Services and *second* stop the service

In addition you will also need to make the user interface not load on Windows start-up unless you want it hung.

There we are - everything is stopped . You want on-demand scans only . So , when you want to perform scans :
1) You set the ESET service to Automatic
2) Right click the service and Start it
3) Start ESET's UI from Start->Programs->ESET->ESET NOD32 Antivirus
4) Update the program
5) Perform scan

After scan is finished , close the EGUI . Then disable+stop the ESET service.

You got it now ? :thumb:

Alright thanks.

IMAP-scanning and full support for Mozilla Thunderbird.

-{ Quote: "IMAP-scanning" }-

Currently supported only in Outlook Express , Windows Mail and Microsoft Office Outlook thanks to the plug-in EAV/ESS offer. The more email clients are supported , the higher chance you'll have to get IMAP supported.

I don't know of an antivirus which supports IMAP scanning on traffic level.

-{ Quote: "full support for Mozilla Thunderbird." }-

ESET are working on this.

Since I can't find it via a cursory inspection of this thread: Game Mode

Stop EAV from popping up alerts when fullscreen programs are running. I lost two games in a row last night because EAV first popped up a message prompting me to submit suspicious files, and then a notification that it'd updated itself.

@solcroft

As a temporary solution until ESET implement such an option you can set the program not to display alerts and notifications while you are playing games . After the game is finished , you can again check the options .

198847

Another temporary solutions -> while you play games , just end the egui.exe process . After the game is over , you simply start the egui.exe again

When a detection warning pops up, the ability to "Add item to Exclusions" with one click - like Kaspersky.

It's annoying to manually add items to Exclusions.

@MarcR

Such an option is existing in Kaspersky products because of their HIPS which can easily produce false positive . When ESET product displays detection warning , in 99% of the cases it is really something to worry about ( I mean real threat) . Additing such a thing in the Exclusions is BAD idea.

wish that download page shows the date of last updated files. it helps, and sometimes, one may not need to check the version number then.

Ability to add to exclusions from Alert dialog.

It isn't a problem for me personally but some may not like something in the current version

1.
An option to let the the on-demand scan finish and then ask for actions or just let the scan continue while the popup(s) requiring userintervention remains on screen for the user to take action the moment he returns to the computer:
When running an on-demand scan and a popup requiring user intervention appears the scan stops. If the user is away from the computer this would leave it doing nothing until he returns. This would leave the user with fewer system resources compared to if the scan had continued (shorter "slow down period") or finished.

2.
Excluxion rules:
The possibility to exclude files from certain scan methods like unwanted/ unsafe applications or Advanced heuristics. Because these might cause false positives, it would be nice to exclude a "false positive" but still get protection against malware.

3.
An option in the scheduler to rerun a scheduled scan if the scan has not completed within XX hours:
This would be useful for admins scheduling scans on computers where users might log in/out turn on/off the system thus preventing a scheduled scan to complete.

-{ Quote: "Since I can't find it via a cursory inspection of this thread: Game Mode

Stop EAV from popping up alerts when fullscreen programs are running. I lost two games in a row last night because EAV first popped up a message prompting me to submit suspicious files, and then a notification that it'd updated itself." }-

I second that

Further explanation:
-{ Quote: "
(...)
Desktop notifications like “the virus signature database has been updated" pops over full screen programs If I play a game (games usually runs in an exclusive full screen mode), and the virus sigs. is updated, the notification popup causes the game to run very slow and the notification popup is partly shown in the game (blinking). This continues until I minimize the game, so that the popup disappears, and then start the game again. This might cause problems with some older games, because they crash when minimized. When I am watching a movie the popup does not interfere with the movie, but it pops over it, which is annoying. Could you implement an option that prevents popups when running programs in full screen (like the option in windows live messenger) in a future version? Because I like the popups, but not when playing or watching a movie " }-

This is also discussed in this thread: http://www.wilderssecurity.com/showthread.php?t=196797

By the way, if you want that feature, you might drop a comment in the above thread:
-{ Quote: "If more people have a problem with this, we could consider adding an option enabling/disabling displaying bubbles on top." }-

1. I would like to suggest that NOD32 have a small new addition:

NOD32 V.3 should have a new option to use Advanced Heuristics on all files in removable media (Floppy / CD / DVD / USB Flash Drive and Mobile phone memory sticks etc.)

Actually what happened was that once I double-clicked on a file in a CD-ROM which was malware (detectable only by NOD32’s AH)
Since AH is used only on newly created and modified files, NOD32 failed to alert me of the threat in the CD and my system got attacked unknowingly.

I do not use AH in real-time protection (Advanced Setup > Real time file system protection > Setup > Options > Advanced Heuristics) because it reduced my system’s performance.

So I think it would be better to add a new option that the Real time protection uses AH on files in all removable media even if they have not been newly created or modified. This would be safer.

Please tell me if this feature can be implemented in a future build of NOD32 3.0 ?

Second Question:
2. If AH is enabled in the real time protection, is it safe to disable AH in the Additional threatsense parameters for newly created and modified files ?

1. Add a check box in all ThreatSense screens in Setup to "Apply these settings universally" so I don't have to manually set the settings five times.

2. Add an optional check box in Setup (off by default) asking whether to enable automatic notification of all new product component updates (not just major ones). This way, Average Joe will not be bothered, and advanced users will know enough to find the option and check it on.

3. Mozilla Thunderbird support.

4. Automatic full scans by default for (let's say) 3 or 4am daily, or at least weekly.

5. A (free?) download allowing one to burn a bootable CD containing an on-demand only scanner, perhaps a command line scanner even... something to use for really badly infested machines that won't even boot into Safe Mode.

1. this would be really appreciated. if u can provide with offline update.

2. Better response from the virus lab and faster response too. The major requirement is a reciept of delivery of virus samples. from labs.
even today i upload new virus samples. from 3 email ids.
and i am not sure which one reached the eset labs

i am not sure bout this one. but some times i have observed that the avs boots up quickly on the same pc it takes ages to loads up. i mean the splash screen on the desktop just stays there. and goes to system tray after so much time... kindly have a look on that.
..

3. and the installation package . its not a smooth installions.... it hangs and moves to next steps...
kindly use a other installer if possible.
this happens espcially when installing from a network path....and its not related with the network bottleneck.its a perfect 1Giga network


thankz

As I cannot think of any functional changes I thought I'd offer some highly-subjective style requests instead... :)

It'd be nice if you could click on the Number of blocked attacks in the Protection Status pane and it show a log of the blocked attacks - maybe just get it to open the Log Files in the Tools pane (or Detected Threats pane directly)?

A casual user is more likely to click a link here than look in the Tools pane for the logs (are 'logs' tools?)

From the Detected Threats pane I'd like to see the ability to find more information about the nature of the threat. Maybe have a button or contextual menu item that opens the default client browser and submits the threat description the Nod32 Virus Encyclopedia?

While a user can copy the threat information into a browser a more seamless experience would be nice.

A (very!) minor aesthetic change - if Show can with log in new window is selected during a scanan active scan it would, to my mind, look a little tidier if the Move to background link was on the next line rather than word-wrapped. (told you it was a petty change!)

Also if you choose to Show scan with log in new window and then close the new window, either by closing the window or clicking on Move to background, the text in the Running Scans section in the On-demand computer scan is updated to say Bring to foreground but clicking on this resets the interface to defaults rather than opening the new window in the foreground. (I appreciate I may have misunderstood the working here and it may actually be working as intended)


It'd be nice to be able to filter the results of an On-demand computer scan - I know I have dozens of pages of '- error opening [4]' and 'MIME - is OK (internal scanning not performed)' entries that I'd like to be able to filter out of the result with just a click. Maybe a checkbox on the On-demand computer scan dialog for this purpose?

PS: The GUI has massively improved since I first started using Nod32. Keep up the good work! ;)

Another PS: Just wanted to add my support for Solcroft's suggestion of a 'Game Mode' (or equivalent) that could be used to temporaily suppress popup dialogs, either manually or by specifying a time window, via a dropdown list of common blocks of time or exact time schedules. Ideally there should also be a granularity - disable the informational dialogs but not the critical warnings for example.

Simpler license update.

The user receives a text file, license.nod32. The nod32 file extension is registered, so when the user double-clicks the license file, NOD32 is invoked, or a license entry part, which then asks for confirmation from the user, after verifying that the information is correct, which it should be most of the time, because the file should come from ESET's web site to begin with.

See this thread for issues already discussed:
http://www.wilderssecurity.com/showthread.php?p=1202278#post1202278

Test button for notifications

If I have a client send me notification of problems, entering the client's smtp server, username, password, and whether they require authentication. Then I'd like to be able to send a test email and have nod32 report whether the test seemed to send properly.

Module updates should be recorded in the event log along with virus signature database updates.

I work in a business. I have desktop and laptop users. I have created a Dual Update profile that I give them all. By default, the clients are scheduled to update from my local server. If my local server is unavailable, the clients have a secondary profile for updating from Eset's servers.

What if I'm a laptop user (or even desktop user for that matter) and I want to manually update the virus signatures (just because) and the local server is unavailable? Currently, because the default profile directs my clients to the local server, the program will fail the update.

My request is (when clicking the "Update Virus Signature Database" option) to allow the option for the client to failover to the secondary profile if the first one does not respond. I know I can set my laptop users up to have the secondary profile first, but in my case, it does not suit us.

-{ Quote: "I work in a business. I have desktop and laptop users. I have created a Dual Update profile that I give them all. By default, the clients are scheduled to update from my local server. If my local server is unavailable, the clients have a secondary profile for updating from Eset's servers.

What if I'm a laptop user (or even desktop user for that matter) and I want to manually update the virus signatures (just because) and the local server is unavailable? Currently, because the default profile directs my clients to the local server, the program will fail the update.

My request is (when clicking the "Update Virus Signature Database" option) to allow the option for the client to failover to the secondary profile if the first one does not respond. I know I can set my laptop users up to have the secondary profile first, but in my case, it does not suit us." }-
I'll second this - and, in addition, request that the 'use global proxy settings' option actually reads the proxy info and exceptions from IE/the registry. I have - like hillrb - setup fail-over profiles for the automatic update, so if my internal update server(s) go offline, the software fails over to the external link, but when the users are in work, they are behind a proxy, when they are at home, the proxy is unavailable to them, this means three profiles for a guaranteed update - when connected to the i/net. If the proxy settings were read from IE/the registry, the 3rd profile wouldn't be required, and the users would be able to manually update the definitions themselves.

Nod32 3.0.657 just installed. Now it's doing a scan per the GUI. ekrn.exe is running "normal" prioity, and kicks into 100% CPU resulting in a non responsive computer. It takes so much CPU that my autostart tasks are getting ACCESS DENIED from the realtime scanner.

Fork out the schedule scans to a separate process. Don't run them under ekrn.exe My scans all have the check box to run background scans with low priority. Make this actually work, please. If you have to, use sleep() events between files to give up some resources when "low priority" is set. You could even query the CPU utilization and if > X% back off for Y seconds.

ability to clean the registry of problems leftover by malware, such as disabled folder options, restrictions etc. why do i have to edit registry, or use some other (free) tools to do such simple things ?

lock USB ports, just like lock web browsing. organisations may be able to use this to implement policy not to allow USB pen drives.

option to disable autorun on all removable media and hard drives. this is a simple registry setting, but if implemented, will save so many Pcs going down due to malware.

option should be offered to delete suspicious autorun ini entries in writable removable media such as pen drives.

i thought these are very ordinary, but essential requirements for AV software.

Also look at my last post here: (posted on May 15th, 2008, 09:19 AM)

http://www.wilderssecurity.com/showthread.php?t=207474


For you, Sangam...

lock USB ports, just like lock web browsing. organisations may be able to use this to implement policy not to allow USB pen drives.

Answer : Log in as admin, then go to Hardware manager/wizard and disable all USB drives at the bottom or uninstall them...
Or use a software like Drive Blocker or CD/DVD lock

option to disable autorun on all removable media and hard drives. this is a simple registry setting, but if implemented, will save so many Pcs going down due to malware)

Answer ... http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/

better active rootkit and keyloggers detection.
rootkit detection is worse it missed some stealth rootkits on my pc that is found with some other programs.

It would be nice to see a summary of the scan once it is complete, just confirming the locations of the infected files and whether they were or wern't dealt with.

The scrolling log which occurs during the scan itself always seems to get filled with bad archives and all kinds of other stuff which isn't dangerous. Sifting through it to infections is incredibly time consuming, so a summary window at the end would be marvelous.

-{ Quote: "
For you, Sangam...

lock USB ports, just like lock web browsing. organisations may be able to use this to implement policy not to allow USB pen drives.

Answer : Log in as admin, then go to Hardware manager/wizard and disable all USB drives at the bottom or uninstall them...
Or use a software like Drive Blocker or CD/DVD lock

option to disable autorun on all removable media and hard drives. this is a simple registry setting, but if implemented, will save so many Pcs going down due to malware)

Answer ... http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/" }-

thank you for your response, kevin. i am talking about easily implementing USB drive restrictions, and disabling autorun across all OS..., the user of a standalone machine or the network administrator should be able to implement restrictions or disable autorun, from inside the security software, those settings that are relevant, to increased risks of virus ourbreaks. further the software can prompt the user to delete autorun.ini entries if found in devices like pendrives.

a user need not have to go to control panel, or gpedit.msc and search where to make the required change, or use tweak UI, on 98 or xp home machines.

URL/keyword filtering subscription as an optional component, like XMON was, for both EAV and ESS. I would love to have this with EAV, without the antispam nor firewall options.

You have 90% of what is needed already. I'm using the limited list to block some porn (searches, keywords, non safesearch searches) but it's limited to 64k?

SquidGuard has a list of some URL lists, of which some are free to use;
http://www.squidguard.org/blacklists.html

Then you have the Cobian list aka ISS/IBM list which is used by a lot of other products. And you have Secure Computing & WebWasher which also sell lists.

Anyway, partner with someone and offer me, as an admin with a password protected EAV setup, to do some URL filtering via Nod. That would really give Nod a edge over the competition.

I mention it as an optional paid component because I'm sure 90% of your home users would not want it. However, parents might opt for it for parental controls.

My two cents.

Although this is a little off-topic, I thought it might be a good place to post a comment about the NOD32 signature.

I have given it a lot of thought and here is what SHOULD happen:

The virus-safe warning appended to e-mail (signature) should be wrapped in HTML with text alternative and should contain special formatting that facilitates recognition of the signature by Eset's scanners.
The signature should be updateable by Eset's scanners so that a message sent between two users that both have Eset installed will only have one signature, in a block that makes it obviously separate from the content. Right now, appending the signature each time a message changes hands has resulted in more than one message at my office that contains two lines of reply-text and 5 pages of e-mail signatures.
The signature should be customizable, not just removable. In other words, embeded into the antivirus software should be a simple editor that lets you define what goes in the signature. It would provide "keys" to be replaced when scanned and it would allow businesses and/or users to attach custom information like confidentiality links or acceptable use summaries. Consider the text below (but imagine it in a box with a 1 pt rule around it) (also, this is an extreme example to demonstrate a point):Disclosures and Notices
%policyDisclosure%

e-mail security:
checked by: %productName%, vers. %productVers%
date/time: %datetime% updated: %productUpdate%
definitions: %productDef%

e-mail policies:
usage: %policyUsage%
confidentialy: %policyConfidentiality%

contact information:
%policyContact%
contact: %company%
: %user%
: %phone%

%policyClosure%



would look something like this:


Disclosures and Notices

As a testament to our persistent commitment to the safety and privacy of our users, please read the following information as it pertains to this message, it's receipients and senders, as well as the content conveyed in this message.

e-mail security:
checked by: ESET, Smart Security Suite, vers. 3.0167
date/time: 06/06/08 updated: 06/06/08
definitions: eavss-060608v1

e-mail policies:
usage: Any dissemination or disclosure of any part of the content of this message without prior written permission of those persons to whom this message was conveyed, from whom this message was delivered or concerning the contents of this message is a violation of law persuant to some legal clause. This is a private, confidential correspondence.

confidentialy: If you are not the intended recipient of this message, please contact our office immediately and destroy this message, any copies (printed or electronic) immediately. Please know that you will be held accountable for any harm or damages caused by the unlawful dissemination of information to, from, or contained within this correspondence, even if received inadvertently.
contact information:
WhirledOrder
jaseinatl
(404) 444-4444


Thank you for your time and consideration and for helping us to ensure the continued safety and security of priviledged communication on the web.

Hi!

-{ Quote: "so that a message sent between two users that both have Eset installed will only have one signature" }-

How do you think this sentence? Because between sending and opening message can be time, when could have been released update, which includes signature with eg. worm, which hasn't been cauht before.

Your suggestion is very long, I think.

I do a lot of work for small law firms that require the inclusion of a non-disclosure agreement on every e-mail. I encase the signature in a custom DIV wrapper and every message sent from one of my offices is scanned for virii (using ESET) and for the custom div. If it exists, it is stripped from the message and the new signature is added.

This ensures that the message has the latest updated virus information and the latest version of the security statement. It's really easy to do and doesn't take half the overhead that the virus scanner does. In fact, it takes less than a second to locate the div and replace it with the updated div.

The point being that a simple line like:

ESET NOD32: SCANNED: 06.13.08, DEF:39392

would only take up one line and would read nicer than the current signature that takes up 1 2/3 lines (per nestled signature).

And if you are worried about version tracking in case a worm got through because it was new, you would be able to more accurately track the definition number in your history because ONLY the latest definition would appear on each message (instead of how it is now where you have all of the iterations repeated on every message in the thread).

But regardless, make it customizable. PERIOD. How could anyone argue with that logic?

btw, I don't use it at all. I do the scan and use a VBScript on my exchange server, so it's no skin off my teeth. I just think it would be common sense for Eset to be a little more adaptable and a lot more professional in this regard.

Add notification of new NOD32 version through UI / Balloon dialog. Please. ;D

Add animated pupil to NOD32 taskbar icon to show activity - scanning internet traffic etc. ;D

-{ Quote: "Add animated pupil" }-
-{ Quote: "Add notification of new NOD32" }-
No, thanks. Animation and similar things aren't necessary for security software.

-{ Quote: "No, thanks. Animation and similar things aren't necessary for security software." }-

In your humble opinion. You forgot to add.
So let me reiterate. Notification of new version releases and an animated 'pupil' in the NOD32 taskbar icon to show activity. Thanks

this is kinda lame but can nod32 have that logon screen thingy like online armor or kaspersky?? just for aesthetics...

>>this is kinda lame but can nod32 have that logon screen thingy like online armor or kaspersky?? just for aesthetics...

You mean where they append text onto the logon bitmap which says Protected by Kaspersky?

In my opinion, I like the fact this is not done. I like the non-animated tray icon as well.

Nod 2.7 showed in AMON/IMON/... the last file scanned. I'd like a window somewhere which shows that. Perhaps in Advanced mode, one tab which has these on one screen. (I know IMON is gone, but same idea.)

- Option to scan archives in Real-time file sistem protection (not only boot sectors, files and runtime packers).

- Long time ignored option to scan sent emails...in other word, integration with more email clients, not only Outlook and Outlook express.

-{ Quote: "this is kinda lame but can nod32 have that logon screen thingy like online armor or kaspersky?? just for aesthetics..." }-
not really, doesnt show in vista anyway with kaspersky.
better to get better protection features rather than pointless things that look nice.

Program Component Upgrades from RA- to allow an administrator to load program versions (of AV or SS) they want on clients into the RA, and EAV update itself if it is earlier than the version in RA.

This would get round the issue of waiting for eset to push out a Program Component Upgrade, and allow an administrator to determine what version all his clients need to be on.

Pushing out newer versions of EAV, every time eset release them when you support 50+ networks is to time consuming and a royal pain

To scan encrypted connections, especially on port https:// 443.

To scan emails not only POP3, also 443 and 995 - better protection with Gmail and Thunderbird.

To reduce false positives.

1. Do not force Help window to retain focus. When Help is open, it stays on top of main NOD32 window so user cannot do anything in NOD32. Should be able to arrange the Help window side-by-side with NOD32 window so user can simultaneously read the instructions and perform them.

2. Provide information in Help about error codes (such as the 0x0104 that I'm getting now - no info about what it is).

3. Extensively expanded Help. At present, troubleshooting suggestions cover only the most basic, obvious possibilities.

4. Everything Blackbear suggested is right on target.

Change the advanced settings so it is clear how ThreatSense options apply to each module. Originally I thought that there was one default/global setting for ThreatSense and then other modules could override the default settings. Now I understand that's not true.

Here is the thread explaining the problem:

Understanding Options
http://www.wilderssecurity.com/showthread.php?p=1271090#post1271090

I'm using Nod32 in my pc but it has poor detection of spyware like svichoost.exe and leftovers of new folder.exe. sometimes it will not detect viruses , sometime it do. spyware is the major problem.


nilupa.

I don´t know if it´s been said before (I didn´t check), but a "Quit" or "Exit" button like version 2.7 had would be nice...
I use it as an on demand scanner only, and it is a pain to be unable to quit the program after running a scan...

-{ Quote: "No, thanks. Animation and similar things aren't necessary for security software." }-
The animation is definitely required - I would certainly like to know whenever my NOD32 is upto something.

It would be great if Eset labs respond the users through email, about the status of detection of the samples sent by the users....like most other AV companies does.

I've been sending several undetected (malicious) files to the labs but I never get a response from the labs.....at least they should throw back a small email stating that the sample has been added to the detection bases.

it will be great if eset add this

They could add a feature to do "remote scanning". As in, scan 1 computer from another with the first computer not accepting non-nod32 inbound connections. It's possible to scan a computer's HD remotely right now, I've tried it, but it would take some coding to acutualy make it reject all non-nod32 connections.

-{ Quote: "EAV version 3 uninstallation process is no longer password-protected. I'm sure we need this so to prevent threats from removing the virus protection." }-

I would also like to see this option available again

I would like to see the ability to add file exclusions based on an MD5 checksum. AND!! the ability to post these MD5s to the RA server for the clients to synchronize with when they check in.

The ability to turn on/off this feature too. And the ability to filter files preferably by size, but also name. So that a file under 100MB would be scanned regardless, but a file over 100MB would be checked against the MD5 lists for exclusion first.

1. By default, users shouldn't be notified when new antivirus signatures are downloaded. I would prefer only having a notification if there is a problem.

I realize that this can be turned off, but I recommend Nod32 to a lot of people who don't know much about computers, and having to outline how to do this makes things more difficult than they need to be. Also, I tell my friends that Nod32 is very quiet (because on my computer, I only have notifications enabled if they require user interaction), but when my friends install it to try it out, it is very "noisy" making them wonder what I was referring to when I mentioned that Nod32 was so quiet.

2. Allow user to keep only one item in the context menu instead of both "Scan with ESET NOD32 Antivirus" as well as "Advanced Options".

With v2.7, there was only one item in the context menu, which kept things clean. However, with v3 I now have to deal with two menu items. I would prefer the option to help slim this down for power users (I understand if this is kept on by default). Note that turning off context menu integration doesn't work because that removes the "Scan with ESET NOD32 Antivirus" option as well as the "Advanced Options" - I only want to turn off the "Advanced Options".

3. Allow at least basic configuration in "Standard Mode" of the interface.

Currently, in "standard mode", I cannot configure any options. So, if I need to help my friends disable the Desktop notifications, I have to have them revert to Advanced Mode revealing a bunch of options that most users don't care for. I would prefer to at least show a simplified list of basic config options in standard mode.

nowadays many home has multiple pcs and laptops. so i will request if the mirror feature can be included in the home version also. this will save quite a hassle and will bring down the internet bill also.

-{ Quote: "EAV version 3 uninstallation process is no longer password-protected. I'm sure we need this so to prevent threats from removing the virus protection." }-

Password protection on an installation package is not in compliance with .msi package standards which is what I heard is the official reason why the option is no longer offered. In addition, if a process is able to reach that point and access msiexec with administrative credentials in the first place, any password protection is going to be relying on a .ini file or registry key someplace on the system. The administrative credentials that the malicious process is using can take ownership of any registry keys or files on the system and modify them to bypass a password protection scheme. And an uninstall password would not stop malware from deleting core components of Nod32, unregistering critical dlls or services, or any other number of ways you can cripple a program once administrative credentials are obtained. Password protection of an installer is nothing more than security through obscurity, and at this point Nod32 isn't an obscure product and such measures will be targeted and circumvented. If you want real assurance that your installed packages won't be modified, don't let users have administrative credentials and keep the system properly patched. Hacks like a password on the installer only add complexity with no real benefit.

The ONLY changes I want to see is to make this program stable. ESET needs to bring the quality of this program back to the days of v2 stability.

Why bother with changes when you have software that isn't stable and runs more like a BETA release...

I'd like to request a way to change the size of the System Tray icon popups (i.e. font size, brief vs verbose, etc). A number of client PCs get the popups and they obscure a fairly large part of the screen - ideally should be able to make smaller and less obtrusive. Thanks!

It would be nice to have a better sample submission feature, because it has a size limit and also it does not gives any indication of sending progress or when it finished sent file.

I'd like to be able to block an entire top-level domain using the 'blocked addresses' section of the 'Web access protection' settings.

I strongly suggest that by default EAV shouldn't append a message to scanned e-mail unless a virus is found so that you have to choose to enable it actively if you want to have a message in all your e-mail.

/Preben

naming the program downloads so they indicate version numbers.

Changes mainly for the Antivirus version only.

1. Change the GUI back to something similar to v2.7 its because of this it will run on lower end systems and will still run in GUI mode in safe mode.

2. REMOVE the web access protection, v2.7 was great because it was just AV nothing more nothing less and did a damn good job too!!!!

Its infuriating that it blocks a site that i KNOW is fine and i try to disable it and it won't :(

3. After install have it already set to scan within archives etc rather than having to go through everything and set it all. This can be done with v2.7 if the registry entries are exported after it has been set up.

4. Remove the "fancy" bits (i dont just mean the GUI i mean in general) so as to lower CPU and RAM usage.

Thats everything i can think of :D

Just realised a really useful function of v2 was that you could see what file was currently being checked via AMON, could we see the Top-10 (or top 50) most checked files? It might be worth it to add them to the exclude list to help with performance issues, if the files where not required to be checked

-{ Quote: "2. REMOVE the web access protection, v2.7 was great because it was just AV nothing more nothing less and did a damn good job too!!!!
" }-
If I recall well, you can choose to install or not, if you choose the personalized install.

3.0 is really just a terrible code base and needs to be deleted.

Go back to 2.7, streamline it even more, put a pretty interface on the same code base, make it work with exchange 2007 / server 2008 and x64 OS's, improve the remote admin console and tool a bit and you have a winner.

If version 4 is just as bad as version 3, ESET will have one less reseller, and a lot of lost clients.

We can't put ANYONE on any system on v3 without problems that never happened in 2.x... systems will feel slow and laggy, then be fine again, more crashes and instability. No exchange server on v3 is a real PITA too so we have to try and mix supporting 2.x and 3.x on the same network.

Support just doesn't care, I try every build of V3 and it's crap.

That's great that some of you have no problems with it, but you may have been used to McAfee Security Center or some other bloated slow POS so of course V3 is better than that.

We just have users that tell us, we don't want this new AV it's slower after, and we have to load 2.x back on at our expense.

I would like a switch in the settings which cause the application to obey the windows system colour scheme.

I have a client who is vision impaired and has a high contrast colour scheme with white text on black.

The Nod32 application comes out hellishly bright on his system because it ignores the standard windows settings.

D.

-{ Quote: "Changes mainly for the Antivirus version only.

1. Change the GUI back to something similar to v2.7 its because of this it will run on lower end systems and will still run in GUI mode in safe mode.

2. REMOVE the web access protection, v2.7 was great because it was just AV nothing more nothing less and did a damn good job too!!!!

Its infuriating that it blocks a site that i KNOW is fine and i try to disable it and it won't :(

3. After install have it already set to scan within archives etc rather than having to go through everything and set it all. This can be done with v2.7 if the registry entries are exported after it has been set up.

4. Remove the "fancy" bits (i dont just mean the GUI i mean in general) so as to lower CPU and RAM usage.

Thats everything i can think of :D" }-

Have to agree in regard system resources or at least offer a switchable laptop option whereby bare bones rather than bells and whistles is easily catered for as in 2.7.

Thank you Eset.

Improve the detection Iv'e had a problem with
the ardamax keylogger nod 32 didn't detect it.
and also some trojans agents
that nod 32 didn't detect. my computer went slow and crashed for 3 times.
after a scan with zonealarm security suite I detected them and removed them since then he didn't crash.

-{ Quote: "Improve the detection Iv'e had a problem with
the ardamax keylogger nod 32 didn't detect it.
and also some trojans agents
that nod 32 didn't detect. my computer went slow and crashed for 3 times.
after a scan with zonealarm security suite I detected them and removed them since then he didn't crash." }-
Eset DOES detect this keylogger.
http://www.wilderssecurity.com/showpost.php?p=1269677&postcount=6

Making the cleaning options of Threatsense, realtime and ondemand scanner to "Strict Cleaning" by default

Insure that all aspects of the UI are easily accessible via standard Windows keyboard commands. This would improve usability for many, including those who cannot work with a mouse, or those using screen readers.

Nod32 has typically done well in this area. Version 2.7 was excellent, especially when the custom GUI was disabled; However, there are aspects of the version 3 UI which could use some work. For example, one instance which is really annoying me at the moment: I am getting a balloon asking for approval to submit some suspicious files. Apparently, the only way to open this approval window is by mouse clicking said balloon. I don't use a mouse, I can't click the Balloon, and as far as I can tell, I can't prevent it from repeatedly popping up.

* Allow a "Max CPU" limit to be set, so that the product doesn't hog the CPU.

* Provide a means by which the AV client can reread the cfg.xml file from a network share (IE, I want to be able to change the cfg file once, and have clients pick up the new settings on a reboot, etc., rather than having to run a task.)

* In the RA console, index PCs by their MAC address. Renamed computers should not come up multiple times as they do now.

Integration of nod32 v3.x on-demand scane with BarPE and UBCD (as in v2.7)

Make Node32 to scan and put your ESET stamp on eMail from Gmail an Walla.

Creating the option to automatic save the log file to a directory as a TXT file.

Give us the configurable "Quarantine folder" back.
We can't switch to v3 if this function is not available.

Mike

Hello,

Upon using this software in contrast to Avast, there are only a couple of things I would like to make the developers aware of.

1. It would be nice to have an audible warning to end users when a file is deemed infected or otherwise suspicious. The message/alert box is a nice feature, but as we all know in the IT industry, the end users are usually unaware that a problem exists just by looking at a message box. Plenty of times I have found that end users both residential and commercial, simply ignore these warnings, like "Warning, Virus detected" or "your subscription is expired" and continue on about their activities. Having a simple "Warning, A Virus has been found, Please select your action" with some horns, bells, or whistles would be great, as it's similar to what Avast uses, and customers all agree that it keeps them aware. Perhaps an mp3 or .wav file, or even a neat option of being able to put in your own audio file, and a check box to enable audio alerts or not. Imagine how COOL it would be if you recorded something that said "Warning, This is _Your_name_here_, A Virus Has been detected, Please leave the system as it is, and Call 555-5555 right away, Thank You" That alone would put nod32 at a serious advantage!

2. The buttons on the dialogue box when a virus is found. The last one says "leave" which in most cases, and end user assumes that "leave" means kill the virus, and be done with it. Though, that is not the case, and it lets the user carry one with the programs. Perhaps, we can have this button say "Take no action" or something easier and more direct to understand? Lot's of end users are not computer savvy, andthat is why they hire companies like mine.

3. When I went to advanced setup, and then to Web Access Protection > Web Browsers and added Mozilla Firefox 3.0, then put a check in the box next to firefox, it some how stopped all pages from loading. However if you go to Active Mode, and check off mozilla, It's fine. Whats up with that, or whats the correct way to handle that? Perhaps you can make it easier to understand, a help button maybe?

Thanks A lot, and I hope you take this into serious consideration. As a former programmer, I would imagine that these 3 tasks can be rather easily implemented.

EDIT: Would it be possible to implement an alternative SMTP port option, as many ISP's block outbound SMTP connection on port 25 to any other mail server besides the ISP's?


Thank you for your time, and I look forward to hopefully seeing these option built in soon.

Advanced Computer Group, Inc
Enterprise IT Solutions
631-509-6020

I would like to give some suggestions which I think a good-standard AV should also provide or deliver apart from the common and traditional feautures, whether they have been available in the current version of ESET NOD32 Antivirus.

1. Prevention is always better than cure

(a) Warns users before they enter any infected websites (e.g. Site Advisory)

(b) Protects users from infected websites as well as phishing websites (e.g. Deny access to the websites or disable the links to dangerous sites)

(c) Protects instant messengers, for example, ICQ, MSN, and so on

2. A program should also make a full recovery to itself as well as the PC

(a) With self-defense from being disabled, stopped or prevented to install itself on infected systems

(b) Restores correct system settings and delivers most complete cleaning scan after removing malicious programs, for example, remove all the registry keys, shortcuts and so on left behind by the malicious programs

3. Delivers advanced protection and be always user-friendly

(a) Guard behavior on one's PC and alert them for dangerous behavior (e.g. keyloggers, intrusion into process, dangerous scripts, browser exploits and so on) when necessary. In short, advanced proactive protection.

(b) Easy to use and never annoys users, e.g. easy and quick installation and configuration, easy manipulation, quick updates, small update files, fast scanning speeds, the least CPU resources consumption and so on

I love ESET NOD32 because of its highlights - precise detection, quick updates with small update files, fast scanning speeds and the least CPU resources consumption. I think these highlights should be always maintained in every upcoming version.

-{ Quote: "Hello,

Upon using this software in contrast to Avast, there are only a couple of things I would like to make the developers aware of.

1. It would be nice to have an audible warning to end users when a file is deemed infected or otherwise suspicious. The message/alert box is a nice feature, but as we all know in the IT industry, the end users are usually unaware that a problem exists just by looking at a message box. Plenty of times I have found that end users both residential and commercial, simply ignore these warnings, like "Warning, Virus detected" or "your subscription is expired" and continue on about their activities. Having a simple "Warning, A Virus has been found, Please select your action" with some horns, bells, or whistles would be great, as it's similar to what Avast uses, and customers all agree that it keeps them aware. Perhaps an mp3 or .wav file, or even a neat option of being able to put in your own audio file, and a check box to enable audio alerts or not. Imagine how COOL it would be if you recorded something that said "Warning, This is _Your_name_here_, A Virus Has been detected, Please leave the system as it is, and Call 555-5555 right away, Thank You" That alone would put nod32 at a serious advantage!

2. The buttons on the dialogue box when a virus is found. The last one says "leave" which in most cases, and end user assumes that "leave" means kill the virus, and be done with it. Though, that is not the case, and it lets the user carry one with the programs. Perhaps, we can have this button say "Take no action" or something easier and more direct to understand? Lot's of end users are not computer savvy, andthat is why they hire companies like mine.

3. When I went to advanced setup, and then to Web Access Protection > Web Browsers and added Mozilla Firefox 3.0, then put a check in the box next to firefox, it some how stopped all pages from loading. However if you go to Active Mode, and check off mozilla, It's fine. Whats up with that, or whats the correct way to handle that? Perhaps you can make it easier to understand, a help button maybe?

Thanks A lot, and I hope you take this into serious consideration. As a former programmer, I would imagine that these 3 tasks can be rather easily implemented.

EDIT: Would it be possible to implement an alternative SMTP port option, as many ISP's block outbound SMTP connection on port 25 to any other mail server besides the ISP's?


Thank you for your time, and I look forward to hopefully seeing these option built in soon.

Advanced Computer Group, Inc
Enterprise IT Solutions
631-509-6020" }-

I would like to give some of my views on ACG's suggestion - Gives off an alert sound on virus detection.

I don't think this idea would produce the best result because some users might think that it is quite annoying or frightening if it makes a loud sharp noise.

On the other hand, I agree with him on his second suggestion - Uses plain English instead of technical language for some cases.

Instead of using the word Leave as an option, we can use plain English words such as Ignore and Take no action. We can also put a short but clear description next to the option.

For the third suggestion, I didn't quite get what ACG was trying to say. As far as I understand, he might be trying to say that there's some options he doesn't know how to configure and asking you to try to make it simpler.

-{ Quote: "Insure that all aspects of the UI are easily accessible via standard Windows keyboard commands. This would improve usability for many, including those who cannot work with a mouse, or those using screen readers.

Nod32 has typically done well in this area. Version 2.7 was excellent, especially when the custom GUI was disabled; However, there are aspects of the version 3 UI which could use some work. For example, one instance which is really annoying me at the moment: I am getting a balloon asking for approval to submit some suspicious files. Apparently, the only way to open this approval window is by mouse clicking said balloon. I don't use a mouse, I can't click the Balloon, and as far as I can tell, I can't prevent it from repeatedly popping up." }-

Sorry if I am saying something stupid, but I would like to give my opinion on your request. I think a mouse is absolutely necessary for every PC. If all the instructions to ESET NOD32 could be easily or directly accessed by Windows keyboard commands, this would put ESET NOD32 in danger because malicious programs might be able to disable or stop ESET NOD32 easily as well. In other words, they could misuse the program with keyboard commands. So, I think this request should be carefully considered and studied. Instead, we can consider using Left, Right, Enter buttons and so on to choose an option on the balloon messages.

Today, EAV incorrectly identified a password retrieval program as a virus. I understand why. It's made to recover people's passwords, a common activity for trojan viruses. But I works as an on-site computer technician, and I'm lucky if two weeks go by where I don't encounter someone who doesn't know their passwords (why the heck is it SO difficult for people to record these things in a neat, orderly fashion, and keep it somewhere you'll REMEMBER it?!) So I went to EAV's quarantine, and I restored it. Twenty seconds later, it identified it again, and put it right back IN quarantine. I had to manually add it to the exclusions list.

It seems to me that when someone restores something from quarantine, they know that EAV considers it a threat, but still wants it. So why not provide the user with a prompt asking if they want to add it to the exclusions list, so that they don't have to keep restoring it, and or go into the control panel and add it manually. It would also be nice to have a check box under advanced controls to turn off the prompt, so that if you restore somethign from quarantine, it's automatically excluded from future scans.
Edit/Delete Message

-{ Quote: "Changes mainly for the Antivirus version only.



2. REMOVE the web access protection, v2.7 was great because it was just AV nothing more nothing less and did a damn good job too!!!!


" }-

:thumb:
Yes!!! Or at least make it so that it offers if user wishes to install web access protection or not (in custom install, like in v2.7)

I want to see an implementation of a scrolling log for threatsense, showing exactly what's being 'live' scanned, this would make it easier to spot say a log that's being over scanned due to lots of modification and exclude it.

Didn't 2.7 have something similar?

-{ Quote: "I would like to give some of my views on ACG's suggestion - Gives off an alert sound on virus detection.

I don't think this idea would produce the best result because some users might think that it is quite annoying or frightening if it makes a loud sharp noise." }-
IMO, it's a good idea to have an audio alert upon virus detection - however, it could be designed with an enable/disable option.


-{ Quote: "I want to see an implementation of a scrolling log for threatsense, showing exactly what's being 'live' scanned, this would make it easier to spot say a log that's being over scanned due to lots of modification and exclude it.

Didn't 2.7 have something similar?" }-
Righto, I'm running 2.7

I'd like to have a standalone option without other resource hogging features like Firewall, AntiSpyware, AntiSPAM, HIPS, HTTP Filtering, AntiTheft, etc. etc. I'd just wish to have a good old traditional AntiVirus which would allow me absolute customization. This kind of standalone AntiVirus could be offered to Customers along with the existing do-it-all-jack. If ESET would offer such a release in parallel with the existent do-it-all-jack, maybe different kinds of Customers would find it appealing.

Network Monitory see what is going on in real time, ports application usage..

Whitelisting and Trusted Files like Norton to reduce CPU usage.

1- When I ask a deep analysis, it takes about 1h30 minutes (sometimes the analysis stop during almost 10 minutes before going on), and the journal do not work very well, from time to time he is empty of almost empty. When you want to close the windows "Journal", then you must close Nod32...
The smart scanning work faster (+/-30 minutes) and the journal works well.

The 2.7 version was working perfectly, the duration for a deep analysis on my computer was +/-45 min.


2- Every email is accompagned with a message talking about "a decompacting problem"... I didn't had such problems with the earlier version.

Concerning e-mails, the message about "a decompacting problem" appaears with Windows Mail.

There is no problem with Thunderbird.

There should be a bar added to the GUI showing NOD32's CPU usage. I believe that NOD32 should show off it's very low CPU usage.

It should be similar to Norton Antivirus 2009 bar on the GUI.

-{ Quote: "There should be a bar added to the GUI showing NOD32's CPU usage. I believe that NOD32 should show off it's very low CPU usage.

It should be similar to Norton Antivirus 2009 bar on the GUI." }-


This is a feature that only bloated softwares include . No , thanks - please!
NOD32 is showing its low CPU by not affecting the users' experience and working silently in the background.

All greetings! There was the question!
In the Internet will link to NOD32 betа 4
Here http://u40.eset.com/download/engine4test/ ---> new beta v4.
How to download it to test?

Or is it something else? :shifty:

i don't think you wan't download lol
but i want the changelog =D

Some of this is already included in the requested feature list, but I'd like to see some of the features included as a Vista gadget.

I would like to see a configurable NOD32 gadet that can display the following information, with perhaps interactive buttons appropriate to certain functions:

Scan status (and be able to pause / cancel)
Current AV definition and download status when downloading (with errors reported)
Infected file found alert with details (which could be used as an alternative or to supplement the normal virus alerts in the taskbar)

I'm sure there are other features that could be added, but this is just a thought. I saw an indexing status gadget and thought it was really cool, and figured the same sort of thing could be done with NOD32.

-{ Quote: "All greetings! There was the question!
In the Internet will link to NOD32 betа 4
Here http://u40.eset.com/download/engine4test/ ---> new beta v4.
How to download it to test?

Or is it something else? :shifty:" }-


More information here http://www.wilderssecurity.com/showthread.php?t=223328&highlight=ESET+NOD32+Versions

What really let's me down is the ugly looking popups for when Eset has updates its definitions or when a scan is done. They made there GUI so nice looking why can't they do it for the popups. The transparency on them make them really hard to see and it gets me confused with the Windows popups. They should make a square box come up that touches the back Vista bar and make it look like the GUI of the actual program.

With the 100% CPU thread and the discussion that NOD32 appears to have issues with items like HTML log files that are always updated, could NOD32 "detect" this situation and warn the user that scans of a given file (or files) are adversely affecting performance.

Hello, Marcos said about this thing few weeks ago. ;)

Why not an online virus submission form like Avira or F-Prot use? It's quite obvious that the e-mail method is not working for ESET at all. Weeks after submission and still no detection added.

+1 for send by website (it more easy !!!)

and see :
http://www.wilderssecurity.com/showthread.php?t=223932

Why don't add auto-undll at Nod32 ?

-{ Quote: "
Why don't add auto-undll at Nod32 ?" }-

When using Undll, there's a risk that the computer will restart itself. We cannot afford such a risk in the program as it's used on servers as well.

-{ Quote: "When using Undll, there's a risk that the computer will restart itself. We cannot afford such a risk in the program as it's used on servers as well." }-


Ammmm , can't you make it (change UnDll) in a way so that it doesn't restart the machine until user confirms reboot , or integrate UnDll in the program itself.

-{ Quote: "Ammmm , can't you make it (change UnDll) in a way so that it doesn't restart the machine until user confirms reboot , or integrate UnDll in the program itself." }-

Generally removing already injected dlls from running processes is unsafe and may lead to a computer restart. The next version should bring some improvemnts in this regard.

In ThreatSense.Net Warning System add more extensions in default exclusion filter for sending suspicious files.

Eset NOD32 Antivirus 3.0 User Guide says the following in chapter "4.7 ThreatSense.Net":

Exclusion filter
Not all files have to be submitted for analysis. The Exclusion filter allows you to exclude certain files/folders from submission. For example, it may be useful to exclude files which may carry potentially confidential information, such as documents or spreadsheets. The most common file types are excluded by default (Microsoft Office, OpenOffice). The list of excluded files can be expanded if desired.

By default the following file extensions are excluded:
*.doc|*.rtf|*.xl?|*.dbf|*.mdb|*.sxw|*.sxc

This is a rather small list as there are many other document formats that may contain potentially confidential information.

Add more file types of Microsoft Office until ver. 2003:
*.ppt|*.pps

Add more file types of StarOffice and OpenOffice.org ver. 1.x.:
*.sxi|*.sxd

Add some ODF file types that can be created by components of OpenOffice.org ver. 2.x and StarOffice ver. 8:
*.odt|*.ods|*.odp|*.odg|*.odb

Add some file types of Microsoft Office 2007 (aka Open XML file types):
*.docx|*.docm|*.xlsx|*.xlsm|*.pptx|*.pptm|*.ppsx|*.ppsm|*.sldx|*.sldm
(see http://office.microsoft.com/en-us/help/HA100069351033.aspx#3 )

-- rpr.

Provide better protection like it did in the past, I been seeing tests and NOD32 has gone worse with their protection.

Improve on antispyware too.

-{ Quote: "Generally removing already injected dlls from running processes is unsafe and may lead to a computer restart." }-
Yes, this happend when I tested KIS v8. Suddenly avp.exe fell down and restart followed.

NOD32 needs it's detection improving further, G-data Antivirus and Avira are getting better...

I have high expectations for the much-loved ESET products... keep em' coming...

-{ Quote: "NOD32 needs it's detection improving further, G-data Antivirus and Avira are getting better...

I have high expectations for the much-loved ESET products... keep em' coming..." }-



Hello,

Version beta coming soon Q4= October, November and December



cumps

I would prefer waiting before talking about 100% sure dates. When beta will be, then will be released.

I wouldn't mind the option to DELETE malware when detected... instead of quarantining it. When I discover malware.. I want it off my computer ASAP, I don't want it sitting around in some quarantine area, even if it is "harmless" there.

-{ Quote: "I wouldn't mind the option to DELETE malware when detected... instead of quarantining it. When I discover malware.. I want it off my computer ASAP, I don't want it sitting around in some quarantine area, even if it is "harmless" there." }-


The purpose of the quarantine is not made for trojans but for files , detected as threats , that are not real threats - a.k.a. false positives . If , in case of false positive , a legitimate file is permanenly deleted , nothing fill be able to recover it

-{ Quote: "Provide better protection like it did in the past, I been seeing tests and NOD32 has gone worse with their protection." }-

I second this. Let the prime focus always be in improving and maintaining NOD32 Antivirus's reputation for top detections and advanced heuristics with lightweight resource consumption.

-{ Quote: "Improve on antispyware too." }-

I consider this a secondary consideration for NOD32 Antivirus. I say let ESET focus on the thing they do best: antivirus. We have a host of other effective security utilities to cover NOD32's relative weakness with spyware and adware.

On that note, the one other thing I wish ESET would continue to do is keep developing Antivirus as a separate program. The trend in this industry is to throw together security suites and abandon individual security apps. This only leads to poor quality security since nobody does all security features great. ESET's firewall has done poorly in reviews, I would not like to be forced to use it in order to use their antivirus program. Further, I prefer to mix and match so that I have the best of all worlds. Keep promoting and selling both the suite and the antivirus separately; when the firewall matures I'll give it another look.

One thing I would like to see is the ability of NOD32 to accumulate e-mail alerts and send them together.

I have received over 65,000* e-mail alerts from NOD32 today alone. 99% which are false positives or "error is:" with no error. This gets very old very quick. MRTG HTML output is constantly a cause for false positives. I've submitted several, but never a reply. Almost all other cases are .log files, or false positives on other files which I've submitted yet remain false positives.

Why do I need 1000 e-mails separate e-mails from a single server about a (false positive) virus in one minute? Can't we accumulate them and maybe just send out one e-mail per ~5 minutes?

I'd also like to see some money spent on fixing these bugs mentioned over and over in the forums. When renewal times come up I must ask myself if I should trust a product with soooo many bugs to protect my 600+ machines. The number of infections with Nod32 have gone up significantly in the last year. My impression is that 2.7 was built with a very thorough technical staff, but that 3.0 had a completely other staff which is not so thorough. I am seeing things like XP Antivirus, Agent, virus toolbars, and other malware which I'm alerted by Nod32 that the system is infected (Files in system32, or c:\ or in %temp%) but locked and can't be cleaned. Sometimes Microsoft's antimalware released each month cleans these up, other times I have to nuke the laptop when it comes in for maintenance.

I'm not trying to flame, just stating how I feel. We still have 9 months before our license 675 user license expires. I'm hoping effort is spent in making 3 or version 4 as good as my impression of 2.7 was.

* By the end of the day there were over 770,000 e-mail alerts from Nod32. 99.9% being false positives on a log file. I'm still trying to clean those up.

I agree an email "summary" would be pretty awesome.

I'm not sure about your FP's, but response rate this week has been rubbish because of holidays. Give it until Monday and try sending them again. Remember to entitle your email with "False Positive" only. If there's still no response send a PM to Macros he should be able to assist you.

v4 boasts superior cleaning capabilities, especially in places where v3 had to reboot, v4 does not. I'm hoping we have a stable v4 release before 9 months time... I should think so anyway.

One thing i'd like to see is if you password protect the settings when you go to make a change that requires a password you have a grace period where the password doesn't need to be entered again which could be user configurable and manually closed (right click Tray Icon - "End Password Grace Period").

It's annoying to want to make several chnages and clean up the logs and quarentine and have to enter the password over and over every 15 seconds.

For the Enterprise crowd.

A multi-threaded installer so you can "push install" multiple workstations more quickly....

-{ Quote: "For the Enterprise crowd.

A multi-threaded installer so you can "push install" multiple workstations more quickly...." }-

Additionally have it push out with the latest definitions available. This would be great for unattended installs with SMS/SCCM.

my suggestion comes under item 2, not sure if it is the same idea, but when the anti virus is on a scheduled scan of my hard drive , that the icon in the bottom left taskbar [ by the clock] spins or something to let me know that a scan of my system is in progress, currently the only way I know is if I open up the programme itself.

I would like to see the right click scan option to be able to scan more than the first volume of a full archive of let's say for instance, RAR files. I've been constantly getting the message when I right click to scan an individual file or folder made up of RAR files that the scanner cannot find the next volume. I've contacted ESET tech support and all they can say is be sure that all the files are being scanned one way or another and not to worry about it. I was also told that no other right click scanner scans all the volumes in an archive, which isn't true. I use Malwarebytes Anti Malware right click scanner to scan RAR files and it always tells you that it's scanned said amount of files.

I wish to be able to disable the on-demand scan report window
if the scan didn't result in any findings. Like in Avast.

This may already be on the list, but it's important.

When a possible infection dialog appear, the option to "ADD TO EXCLUSION LIST".

Manually adding is a pain in the ass...

-{ Quote: "This may already be on the list, but it's important.

When a possible infection dialog appear, the option to "ADD TO EXCLUSION LIST".

Manually adding is a pain in the ass..." }-

It's already there in advanced options in v4.

-{ Quote: "In ThreatSense.Net Warning System add more extensions in default exclusion filter for sending suspicious files.

Eset NOD32 Antivirus 3.0 User Guide says the following in chapter "4.7 ThreatSense.Net":

Exclusion filter
Not all files have to be submitted for analysis. The Exclusion filter allows you to exclude certain files/folders from submission. For example, it may be useful to exclude files which may carry potentially confidential information, such as documents or spreadsheets. The most common file types are excluded by default (Microsoft Office, OpenOffice). The list of excluded files can be expanded if desired.

By default the following file extensions are excluded:
*.doc|*.rtf|*.xl?|*.dbf|*.mdb|*.sxw|*.sxc

This is a rather small list as there are many other document formats that may contain potentially confidential information.

Add more file types of Microsoft Office until ver. 2003:
*.ppt|*.pps

Add more file types of StarOffice and OpenOffice.org ver. 1.x.:
*.sxi|*.sxd

Add some ODF file types that can be created by components of OpenOffice.org ver. 2.x and StarOffice ver. 8:
*.odt|*.ods|*.odp|*.odg|*.odb

Add some file types of Microsoft Office 2007 (aka Open XML file types):
*.docx|*.docm|*.xlsx|*.xlsm|*.pptx|*.pptm|*.ppsx|*.ppsm|*.sldx|*.sldm
(see http://office.microsoft.com/en-us/help/HA100069351033.aspx#3 )

-- rpr." }-

It would be good to add the Access file formats in to this. In this case: *.mdb|*.ldb|*.accdb|*.laccdb

Rewrite the saved email scan log Threat Found! message for a Trojan (or other threats non-deletable from within the scan log)

Suggested wording (based on a NOD32 2.70.32 user's experience): "This archive cannot be cleaned now, because of the type of infection it contains [or because it contains a Trojan, if that's the only infection that prevents cleaning an archive]. And the entire archive cannot be deleted, because it includes non-infected content. But the infected file within the archive probably can be removed later, from within [or, by using] the appropriate application. For example, an infected email message in an email archive probably can be removed later, from within the email program. But before you open 'the appropriate application' to attempt to remove an infected file from an archive, first back up the archive, for example by copying it or copying a folder containing it."

The rationale and background for this suggestion is in a Wilders NOD32 forum thread, "Saved Email 'Threat Found!' Suggestion for NOD32 3.0 and 4.0," at
http://www.wilderssecurity.com/showthread.php?p=1402804#post1402804

Roger Folsom

is there anyway to make the new nod32 3.0 have the interface that 2.7 does? i looked at the help files with the screen shots but i think the 2.7 is nicer looking

1) better anti-(spyware/rootkit) protection
2) an integrated link scanner (in co-op with major search engines)
3) automated download for the app. updates (main app.)
4) disable/exit option via sys. tray icon
5) default scheduled scan, or config-wizard for the scheduled scans during installation
6) push updates
7) p2p protection

-{ Quote: "
3) automated download for the app. updates (main app.)
" }-


L O N G overdue...............and I mean L O N G!

1. Understand Windows variables in exclusions paths.

This means things like %windir%, %systemroot% etc.

2. Have a tick box which implements the Microsoft recommended exclusions for Windows: http://support.microsoft.com/kb/822158

From my understanding of the article they would like as follows:

Windows XP/2003

%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb
%windir%\security\edb.chk
%windir%\security\edb.log
%windir%\security\res1.log
%windir%\security\res2.log
%windir%\security\tmp.edb
%windir%\security\database\Secedit.sdb
%windir%\security\logs\*.log
%allusersprofile%\NTUser.pol
%Systemroot%\system32\GroupPolicy\registry.pol


Windows Vista/2008

%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb
%windir%\security\database\edb.chk
%windir%\security\database\edb.log
%windir%\security\database\edbres00001.jrs
%windir%\security\database\edbres00002.jrs
%windir%\security\database\tmp.edb
%windir%\security\database\Secedit.sdb
%windir%\security\logs\*.log
%allusersprofile%\NTUser.pol
%Systemroot%\system32\GroupPolicy\registry.pol

3. Global toggle for Potentially Unsafe Applications, perhaps during setup as is already done for Potentially Unwanted Applications.

I agree with Quitch on points 1 and 2 - this would make it much easier to set up.

Possibility to enter username and password for update server in a password protected setup

Have a desktop notification to show that NOD32 AV has scanned incoming email (in Outlook 2003 in my case)...say, at the end of every POP3 session where one or more emails have been received.

This way I can be assured that NOD32 is always scanning email as it should (per my settings), without having to either allow email tags, or having to keep checking the stats.

Thanks. New to the product, really impressed thus far.

EDIT: Meant "desktop notification," had said "balloon tip."

Double-agree with Quitch on both points... in fact, I'd go so far as to make #2 enabled by default (auto-detecting which version of Windows it is being installed on of course)...

1) Provide a means in the CURRENT product to be able to tell us about a NEW major upgrade. My 3.x version should be able to alert me to such major news so that I know I should look to upgrade. It'd be even better if it could, with my okay, perform this upgrade seamlessly (without my having to go initiate a download and go find it and run it).

2) It'd be great to have a search function in the product to search for things like, "Conficker" and see that I'm okay. I watched 60 Minutes last night and wondered if NOD32 new about this and if I was fully covered. It'd be nice to have that extra layer of comfort. I type "Conficker" and NOD32 tells me all it knows about it and assures me that I've been scanned and seem to be clean. Or I see nothing and ask support about it.

-{ Quote: "1) Provide a means in the CURRENT product to be able to tell us about a NEW major upgrade. My 3.x version should be able to alert me to such major news so that I know I should look to upgrade. It'd be even better if it could, with my okay, perform this upgrade seamlessly (without my having to go initiate a download and go find it and run it)." }-

Yeah, honestly when I found out NOD32 didn't it was a real WTF moment. I can understand delaying the auto rollout, but never?!

Eset Smart Security v3 & v4. If the Advanced Heuristics option is turned ON at Realtime Protection Module sometimes it will smather menus in "start" all programs tree (taskbar). Also some DIRs with mixed contents (different size and type) will block all system resources for dozens of second due to program code gap which utilizes this option rather dissapointing. There is a leakage in that peace of the code!

NOD32 2.70.39 also had the same option with primitives and coroutines in heuristics but it didn't bug at all !!! If it bugs in start menus on QuadCore machines @3GHz with 4GB of RAM DDR3 @1600MHz and RAID striped disks @10K 32MB buffer it is not good at all, it is pretty bad !!! It is stupid enough, so rewrite that segment of code (to Eset experts)!!! MOST IMPORTANT is THIS: if it's bugging dll, exe, com, sfx...WHY is Advanced Heuristics bugging START MENU tree and all SUBMENUS when it should open in a few msecs, it needs 10-20s to show! Thats only shortcuts to programs, not files at all.

Best regards from Serbia

-{ Quote: "
it needs 10-20s to show!
" }-

Milliseconds on all our systems....

Turn all Adcanced Heuristics in Realtime module for all types of file. All options must be set to ON (max. protection), Then play with menus oftenly. You will seee that bugging, not often but sometimes it will bug in menu and not show for seconds. On all machines at that settings, about 20 PCs had the same issue. I say not always, but every 10-20 times of menu searching and submenus listing...try, and you will se...it is very irritating. That vanishes if AdvHeur is OFF.

Again, that's normal. Advanced heuristics scan all files the shortcuts refer to in real time which has an adverse impact on system performance (you were warned of this fact when enabling AH on file access). It all depends on the files you have, I barely see any delay (I guess the delay is 250-500 ms at most on my system).

Hello.
I posted this in another thread (http://www.wilderssecurity.com/showthread.php?t=233781), but I believe I should have posted it here and not there. I didn't see this thread before. I apologize for the double post.

I have a suggestion. It would be nice if the message that Nod32 attaches to e-mails could be in two languages, the language version of Nod32 installed and in English. It would be a nice optional feature.

Thanks,
Danny Azevedo-Hawkins

Add Outlook data file (pst) scanning capability, or failing that at least log the fact that pst files haven't actually been scanned.

Background and details:
I posted a separate question about pst scanning capability. While there were no replies, further research seems to indicate that while NOD32 does scan Outlook Express data files (dbx files -- as confirmed in Help), it does not scan Outlook data files (pst). (I ran across some older threads which suggest that pst scanning *may* have been included in previous versions, but it's clearly not a current capability.)

Even with NOD32 integration into Outlook, this would be useful for evaluating whether an archived or backup pst is infected in advance of reattaching it, so that the user can locate and delete/disinfect the offending email(s) promptly upon reattachment.

The current shortfall is compounded by the fact that NOD32 does not properly list the pst files as exceptions in the scan log. But now that I have discovered that they aren't really being scanned, I will know to use an alternative such as the free online BitDefender scanner to evaluate whether a pst is clean.

I agree with the .pst scanning. When one has a network drive full of 600 PST files, it is nice to be able to scan them at night and clean out any viruses.

Outlook Integration conflicts with Kerio connectors, so we have to have that off globally, since we can't tell if a particular user is IMAP or POP3.

RAV had this option and I was able to clean up many PSTs using it.

I also second the %dir% in the exceptions. As it is, I have to specify c:\winnt c:\windows d:\winnt d:\winnt.1 and so forth.

They should return to NOD32 2.70.39 Advanced Heuristics Options...on ESS 3 and 4 nobody is using AdvHeur because it is stupidly serching for files on disk even if you walk through menus!!! Double doing the same job, cause if you open some shortcut it either will be scaned!!! Option that is not used is not an option. Just return to NOD32 2.70.39 setting for this!

As a user of the Business Edition with the RA, something I would like to see on the client is a check box on each of the "lists." On the exclusion list, the check box would be "Enforce only these exceptions" and on the URL Filter list it would be "Enforce only these blocks" as well as "Enforce only these exceptions."

Users end up with exceptions or whitelist entries that I don't approve of as the person in charge of antivirus. Stupid things like c:\*.*. I have no way of knowing this without going through 675 client configs. I'd like to have the option to set in my policies at the RA that the exclusions I create are the only permitted ones, and the clients enforce that.

I'd also like to see you partner with someone like Websense or Bluecoat and offer an add on service of URL Filtering. Bluecoat doesn't require a database download, so that might make more sense. You've got 95% of the puzzle to do URL Filtering. Just need a database instead of a list file which you have now.

NOD 32 is not capable of performing boot-time scans, right?

I think it would be a good idea to implement this feature...

One stupid thing about engine update is that I must to wownload whole setup @#$&^&* Why cannot be done from within update module??? It can simply repair engine with new version and make restart...also Eset needs much stronger realtime scanner in a sense of removing residues of virus body that can be cleaned off only with automatic restart and wipeing before Win startup. Eset rearly do restarts and viruses stay in highmem!

Probably all been said before but what i'd like to see is.

1) Better detection of smitfraud/zlob, virtuamonde and their ilk.
2) System Updates = No Updates by default install.
local drives and memory by default install.
3) Ability to take ownership/permissions of files that are locked by rootkits,
so nod can actually scan them and not give a [4].
...Especially when added as a second drive in a clean system.
4) Setting all the settings with a script after install using 1 script on totally different pcs.
(dunno if it can do it now or not)
5) Easier to navigate gui. I know checkboxes and sliders are cool but
pick one or the other please.
6) Get rid of the scary robot from the "irobot" movie in the spashscreen before you get sued by wil smith.
7) Faster load time on boot.
8) Fix the "Importing badly messed with xml file crashes nod" error. :p
9) Auto Delete quarantined files after so many days.
10) Some kinda registry cleaner to at least remove services if not all the crud
that trojans add, for a more complete removal.

I know there have been several posts about software updates already, but would like to add to them here...

Currently I run ESET on both XP and VISTA (as well as 2000, but that is being retired)... If there is a major Microsoft update that I have missed, the tray icon turns yellow/orange... If ESET puts out a new version, it sits there green and happy...

Shouldn't the ESET ICON at least turn yellow/orange if there is a new release that you are licensed for ???

Also, the update page allows the check and download for a new definition file but not a new version... If you are licensed, shouldn't you also have the option to download the latest version of ESET from the update page ???

Currently I am finding about about the new versions from STUMBLING on them while viewing other software threads... and so I finally signed up here only to find yet ANOTHER version available... means I am way behind times on the new versions...

Yes, I should probably visit the ESET site more often, but each time I move to download a new version I have to remember which system it is for and what the username and password for that particular license is... so if the software had the check embedded inside itself, I wouldn't have to open text files stored on a USB stick or on a desktop to determine what the login access was to download the new version... the update page would hopefully fill that information in as it brought down the new version for me to install...

I can understand if there are issues with an automatic install... but if the option to download a new version to a folder on our PC was available, then we could install it after the internet connection disappeared...

Thanks for providing this location where we can provide feedback of things we would like to see with ESET...

Regards -
-Bob

I agree, the tray icon could play a better role. Red if something is found, as you said yellow or orange is a new release. Very good suggestion.:thumb:

Improved/easier exclusion lists:
Exclusions - Too many Dialogues! Some do not even work. (http://www.wilderssecurity.com/showthread.php?t=241118)

Minor tweak to Remote Admin.... Add a column for current/last username.

in v4, a button to quit NOD32 as it has one in v2.7

Wake On LAN built into the Remote Administrator

As well as some of the detailed additions I read which mostly look great; I would also like an:-

'Automatically shutdown my computer' option adding which will give the user an option to automatically shutdown their computer immediately after completion of a scheduled or on demand scan where no infections are found. Acronis True Image Home 2009 and Auslogics Disc Defrag have similar functionality allowing the user to save some money on the ever increasing cost of electricity and be as enviromentally friendly as possible at the same time. If however a threat is found I'd like the system to remain on as an automatic shutdown might then further compromise system security. This will also give users an added confidence boost to go to their computer in the morning knowing because their system is switched off it means their system is clean!

-{ Quote: "
'Automatically shutdown my computer' option adding which will give the user an option to automatically shutdown their computer immediately after completion of a scheduled or on demand scan where no infections are found. " }-

Yep that would be good :thumb:

Agreed, along with a Sleep alternative.

I'd like for the configuration options on the client and those in the remote admim to match. Currently the configuration options in the 2 locations are in different orders, different headings, and even go by different names. It makes it unnecesarily difficult to reconcile the settings on the clients with those in remote admin. Too much guesswork involved.

Allows tasks in Remote Administrator to be cancelled rather than having to delete a hung task so we don't lose the record of the task.

better
1. Anti-Stealth
2. ESET SysInspector

:)

give feedback after sending a file using "Submit suspicious files" form

i already sent a lot of files and i don't if the lab received the files and if they are malware or not...

-{ Quote: "
i already sent a lot of files and i don't if the lab received the files and if they are malware or not..." }-

Make sure that you follow the instructions (http://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1246011973595) for submitting samples.

-{ Quote: "Make sure that you follow the instructions (http://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1246011973595) for submitting samples." }-
What about when submitting through the GUI? I can see in the client and RAS log that they are being submitted. When I do it that way I follow step 4 to give background info on where I found it, what it was doing in the registry, and link it to a VirusTotal analysis and yet I still have a folder of collected viruses and dropper applets that I have pulled out of user profiles that are still not detected, and some of these things are months old at this point.

I guess some kind of automated feedback/tracking system so people can at least know if the sample was looked at and why a signature was/was not build for it would be useful.

-{ Quote: "give feedback after sending a file using "Submit suspicious files" form

i already sent a lot of files and i don't if the lab received the files and if they are malware or not..." }-

That's correct, after 3 samples sended following the instructions and zero feedback or answers from ESET, I've got the feeling that nobody gives a damn. What should I do next time, if I will have a suspected or infected file?

-{ Quote: "That's correct, after 3 samples sended following the instructions and zero feedback or answers from ESET, I've got the feeling that nobody gives a damn. What should I do next time, if I will have a suspected or infected file?" }-

Please PM me the subject of the email as well as the email address you used for submitting the files to samples[at]eset.com.

-{ Quote: "That's correct, after 3 samples sended following the instructions and zero feedback or answers from ESET, I've got the feeling that nobody gives a damn. What should I do next time, if I will have a suspected or infected file?" }-

"nobody gives a damn" is a common attitude among ESET employees actually, whether it's dealing with your samples, your support, requesting features or asking general questions.

SEAMONKEY PLUGIN REQUEST
Although I realize that the market share of Mozilla Thunderbird likely is larger than the market share of Mozilla SeaMonkey suite (browser plus email), I would very much like NOD32 AV to have a Mozilla SeaMonkey plugin.

Since Thunderbird and SeaMonkey email both use the MBox (many messages in a single file) format, and the Mork format for the *.msf files that index the MBox files
[http://kb.mozillazine.org/Thunderbird_3.0_-_New_Features_and_Changes#MozStorage
see also http://en.wikipedia.org/wiki/Mork_(file_format)],
I would guess that a SeaMonkey plugin shouldn't be too difficult to write. That's a guess because I'm not a programmer.

Later, Mork may be replaced by MozStorage in Thunderbird, and if that happens I would expect Mork to be replaced in SeaMonkey also.

Even for pop3 (vice IMAP) email, a plugin has advantages, such as the ability to put a "Eset checked this" notice on Outgoing email. Comforting to the recipient, and extra advertising for Eset.

Roger Folsom

HELP FILE REQUEST
The NOD32 AV 4.0.437 Help file --- at Contents, Dialog Windows, Antivirus Protection, Virus Scanner Setup, Objects --- statement about email scans should be modified to include the following italicized information:
"Email
"The program supports the following extensions: DBX (Outlook Express) and EML. It also supports MBox email files, such as those used by Mozilla Thunderbird and SeaMonkey."

And that information should be in the User Guide also.

The Background behind this request is in "Demand-Scans Of Thunderbird And Seamonkey Mbox Email Files," at http://www.wilderssecurity.com/showthread.php?t=243220
particularly at the very end of post 2 by estbird.

Roger Folsom

-{ Quote: "


1. Provide "Pause" and "Stop" items on the ESET system tray icon pop up to allow users to pause or stop scans (including scheduled scans). It would also be helpful is the system tray icon changed colour or shape when a scan is running. The problem with using "balloons" to display messages it that users do not see the messages if they are away from the PC.

2. Provide a facility to automatically display on the screen (not a balloon) and/or email the results of a scheduled scan when it completes.

3. Provide "Disable" and "Exit" items on the ESET system tray icon pop up to allow users to temporarily disable all ESET functionality or exit ESET completely.

4. Make EAV 3.0 useable via Windows Scheduled Tasks, where other users may frequently group their tasks.

5. Add a HIPs module.

6. Expand the scope of information captured by Ctrl-C in some dialogs - see post number 7.

7. The ability to skip scheduled scans if a laptop is running on battery power at the time. Some defrag programs offer this functionality.

8. Integrate command line inside EAV and ESS like option scan for easy access

9. Bootscan as option (it demands restarting pc similar the Avast)

10. Elapsed and Estimated time scan pc

11. Add option web protection site advisory (http://img.photobucket.com/albums/v426/Peace_of_God/Semttulocopy.jpg) (icon green, yellow, red and "?" )

12. Web browser image Access denied "after (http://img.photobucket.com/albums/v426/Peace_of_God/oll.jpg)" and "before (http://img.photobucket.com/albums/v426/Peace_of_God/_llpcopy.jpg)".

13. Better User-centric settings control for the GUI. Things like splash screen toggle, etc.

14. More granular control of the password protection for different parts of the program (i.e. Quarantine protection having a different password than other sections).

15. Configurable scheduled scan 'snooze' button, with forced scan completion after X snoozes of Y minutes.

16. Add an option of automatic response when a possible threat is submitted you have actually received it ... an automatic reply you have received the ~threat , no matter if you are going to add it.

17. Active Process Scanning

18. As mentioned above, better self protection (right now, I can kill the process with an application I built in vb. This shouldn't be so easy.)

19. Configurable archive scanning depth

20. Better integration with Mozilla Thunderbird (like it was in 2.7)

21. The ability to make the list of blocked addresses configurable per user so that certain URLs are only blocked for certain users.

22. Add a setting to the proxy filter for programs so users can set auto or manual adding setting so advance users don't get a list full of programs that don't belong in there.

23. Add the non GUI option as some don't need a pretty GUI for AV.

24. Downloading Progress Bar http://www.wilderssecurity.com/showthread.php?t=194773" }-



WHEN ?? version Nod32 version 15 ? in 2030 ?

no in version 3, no in version 4....how many version for it ?

thank you

UNHIDE UPDATE PERMISSION DIALOG BOX

In NOD32 v4.0.437, in the Entire Advanced Setup Tree, Update, Advanced update setup, Update mode tab, there is an option to "Ask before downloading update." (The minimum update size for which that option applies is 1kb; 0kb prevents the option from working. Apparently updates smaller than 1kb --- if that ever happens --- download and install automatically with no notice. I have no quarrel with that although it ought to be documented.)

On my Win2kSp4 computer, I have checked that option. However, the option's yes/no dialog box, "Do you want to download files with the total size of nn.n kb" has two defects, the first one minor and the other two major:

1) The dialog box's top band now simply says "Update." It ought to say "ESET Update" or some equivalent wording, lest a novice user fear that he may be downloading malware.

2) That yes/no dialog box frequently hides behind other windows, for example Mozilla SeaMonkey browser or email. Therefore, the user doesn't know that NOD32 is asking for an update download permission until the user happens to close whatever window the dialog box is hiding behind.

Instead, the box should work as I recall the NOD32 v2.7 update request did: always be obviously visible "in front of" all other open windows on the screen.

3) If that yes/no dialog box has been hidden for a sufficiently long time (or has been ignored by the user who was not using the computer although the computer was turned on, in my case usually with a blanked monitor and stopped hard disk), clicking "yes" in that dialog box may not cause the download and installation to occur, I'd guess because Eset's server got tired of waiting for permission. The clues that the update download and installation did not occur are that the NOD32 system tray icon does not contain a rotating circle (it's stationary instead), and that no system tray message that the update was successfully installed ever appears.

However, for some users those clues may be too subtle (they were too subtle for me until I realized them today).

My suggestion is that the system tray icon ought to reinforce those two update failure clues by turning a different color, perhaps the same yellow-orange color that the main Window uses (if the user thinks to open it) to announce that the update failed.

Roger Folsom

-{ Quote: "
1) At the top there should be a label that states that the downloads are from Eset NOD32.

2) Instead, the box should work as the NOD32 v2.7 update request did: always be "in front of" whatever other windows are on the screen.
" }-

Hello,
thank you for noticing and reporting that. We'll do our best to fix both problems in the upcoming build.

1) Option to inject notification in to HTTP stream when a connection is terminated. We use Nod32 on our terminal servers which can feed anywhere from 50-100 thin clients. We disable the global launch reference for egui.exe since all of that memory begins to add up and there isn't a good reason for users on these systems having access to the AV software by default. However, this creates a situation where if a threat is detected, it is silently terminated in the session. This is fine for file system activity, but if a webpage isn't loading that can be frustrating for the user. Injecting a message in to the HTTP stream right before the connection is terminated could give feedback in such a situation.

If that isn't possible, an alternative and slimmed-down egui that only sits in the system tray and gives event notification popups would be useful.

2) Ability to add custom detection rules based on SHA hash of a file. Quite frankly, I often find myself being able to find malicious executables in my environment days before the signatures get updated to detect them. Being able to push down my own detection rules would make me feel a lot less impotent sitting here waiting for you guys to sift through submissions.

better scanning of NSIS installers...faster

ADJUST USER GUIDE PAGE LAYOUTS FOR 100% PRINTING ON A4 AND LETTER PAPER

The Eset NOD32 AV v4.0 User Guide (e.g. REV.20090520-005 and earlier) apparently is formatted so that it fits on A4 paper (used in Britain and probably elsewhere in Europe and other places), using a font size of 100%. To fit on U.S. "Letter size" paper, the font size must be reduced to about 93%, which makes the printed document difficult to read.

Nevertheless, some very simple adjustments in each page's layout, without moving content from one page to another, could make the User Guide printable at 100% on both A4 and Letter size paper.

A4 paper is 8.3 inches wide and 11.7 inches tall; Letter size paper is 8.5 inches wide and 11 inches long. The widths are similar; the big difference is length.

1) Reduce the top margin on each page, to raise each page's content higher on the page. The most dramatic examples are the Contents pages 2 and 3, with content so low on the page that not only the bottom page numbers but also content are lost if the pages are printed on Letter paper at 100%.

The top margin has plenty of room to be reduced, unless there is a large heading at the top of the page. These are "1. ESET NOD32 Antivirus 4," "2. Installation," "3. Beginner’s guide," "4. Work with ESET NOD32 Antivirus," "5. Advanced user," and "6. Glossary." But these headings could be lowered closer to the page's text, thereby making room to reduce the top margin.

2) At the bottom of each page, move the page numbers higher (closer to the main text), so that they are not omitted when the page is printed on Letter paper at 100%.

3) Less important (and not essential, given the small difference between paper width on A4 and Letter paper), center each page horizontally, if necessary using the A4 8.3 inch page width.
Alternatively, assuming that even pages will be printed on the reverse side of odd pages, on odd numbered pages enlarge the left margin, thereby moving the page content to the right and making room for binder holes, and on even pages enlarge the right margin, thereby moving the page content to the left and again making room for binder holes.

Roger Folsom

P.S.: Many weeks ago I think I made similar suggestions in a different thread (or forum), but now I cannot find that post. In any case, this thread is where these suggestions belong.

EAV4 USER GUIDE: MINOR RE-ORGANIZATION TO FIX TWO ANOMALIES

In EAV4 User Guide Rev 20090520-005 (no longer available online) and in Rev 20090213-002 (an older version, available at http://www.eset.com/download/manuals.php), the Content list for Chapter 4.1 is given below. The asterisks indicate topics that match the Entire Advanced Setup tree's main entries. But there are two anomalies:

a) The Entire Advanced Setup tree includes "Document protection," but the User Guide Rev 20090520-005 includes it only in "What's New," and Rev 20090213-002 does not include it at all. For both User Guide versions, instead of Document Protection, the Content list includes the Host Intrusion Prevention System, which in the online Help file is described in a Note for Antivirus and antispyware protection.
Apparently the Host Intrusion Prevention System is a basic feature of Antivirus and antispyware protection, and ought to come much earlier in the User Guide, as section 4.1.0.
Then section 4.1.2 could be used for Document protection.

b) The User Guide Content does not include Exclusions. To include them (in a location that matches the Entire Advanced Setup tree), use section 4.1.6 for Exclusions, and renumber Protocol filtering as 4.1.7, ThreatSense engine parameters setup as 4.1.8, and An infiltration is detected as 4.1.9.

Roger Folsom

----------------------------------------------------------------

4. Work with ESET NOD32 Antivirus
* 4.1 Antivirus and antispyware protection ...................12
* 4.1.1 Real-time file system protection .....................12
4.1.1.1 Control setup ......................................12
4.1.1.1.1 Media to scan ....................................12
4.1.1.1.2 Scan on (Event?triggered scanning) ..............12
4.1.1.1.3 Advanced scan options ............................12
4.1.1.2 Cleaning levels ....................................12
4.1.1.3 When to modify real?time protection confguration ...13
4.1.1.4 Checking real?time protection ......................13
4.1.1.5 What to do if real?time protection does not work ...13
[Document protection, not listed in User Guide Content]
* 4.1.2 Host Intrusion Prevention System (HIPS) ..............13
* 4.1.3 Email client protection ..............................13
4.1.3.1 POP3 checking ......................................13
4.1.3.1.1 Compatibility ....................................14
4.1.3.2 Integration with email clients .....................14
4.1.3.2.1 Appending tag messages to email body .............14
4.1.3.3 Removing infiltrations .............................15
* 4.1.4 Web access protection ................................15
4.1.4.1 HTTP, HTTPs ........................................15
4.1.4.1.1 Address management ...............................15
4.1.4.1.2 Web browsers .....................................15
* 4.1.5 On-demand computer scan ..............................16
4.1.5.1 Type of scan .......................................16
4.1.5.1.1 Smart scan .......................................16
4.1.5.1.2 Custom scan ......................................16
4.1.5.2 Scan targets .......................................16
4.1.5.3 Scan profiles ..................................... 17
* [Exclusions, not listed in User Guide Content]
* 4.1.6 Protocol filtering .................................. 17
4.1.6.1 SSL ............................................... 17
4.1.6.1.1 Trusted certificates ............................ 17
4.1.6.1.2 Excluded certificates ........................... 17
4.1.7 ThreatSense engine parameters setup ..................18
4.1.7.1 Objects setup ......................................18
4.1.7.2 Options ............................................18
4.1.7.3 Cleaning ...........................................19
4.1.7.4 Extensions .........................................19
4.1.7.5 Limits .............................................19
4.1.7.6 Other ..............................................19
4.1.8 An infiltration is detected ..........................20

________________________________________________________________

BACKGROUND - ADDITIONAL INFORMATION

The User Guide's Host Intrusion Prevention System (HIPS) description, now in section 4.1.2 on page 13, is the following:

"Host Intrusion Prevention System (HIPS) protects your system from malware or any unwanted activity attempting to negatively affect the security of your computer. It utilizes advanced behavioral analysis coupled with the detection capabilities of network filter to monitor running processes, files and registry keys, actively blocking and preventing any such attempts."
This description matches the Antivirus and antispyware protection online Help file's Note.

----------------------------------------------------------------

The User Guide's (Rev 20090520-005) Document protection description, in What's New, section 1.1, page 4, is the following:

"The document protection feature scans Microsoft Office documents before they are opened, as well as files downloaded automatically by Internet Explorer, such as Microsoft ActiveX elements.
"The feature is activated by applications which use the Microsoft Antivirus API (e.g., Microsoft Office 2000 and higher, or Microsoft Internet Explorer 5.0 and higher)."
This description matches the Document protection online Help file's help.

________________________________________________________________

In the Entire Advanced Setup tree, Exclusions, the online Help file states the following:
"This section enables you to exclude files and folders from scanning. We do not recommend that you alter these options, to ensure that all objects are scanned for threats. . . ." plus instructions about how to exclude folders and files.
In the User Guide (Rev 20090520-005 or Rev 20090213-002), I cannot find an equivalent statement.

However, the User Guide (Rev 20090520-005 and Rev 20090213-002) does include the following information about exclusions.

4.1.6.1, SSL [page 17:] "Ask about non-visited sites (exclusions can be set) - If you enter a new SSL protected site (with an unknown certificate), an action selection dialog is displayed. This mode enables you to create a list of SSL certificates that will be excluded from scanning."

4.1.6.1.2 [SSL Continued, pages 17-18] Excluded certificates
"The Excluded certificates section contains certificates that are considered to be safe. The program will not check the content of encrypted communications utilizing certificates in this list. We recommend installing only those web certificates which are guaranteed to be safe and have no need for content filtering."

4.7.1 ThreatSense.Net, Suspicious Files [page 28]
"Exclusion filter – The Exclusion filter allows you to exclude certain files/folders from submission. For example, it may be useful to exclude files which may carry confdential information, such as documents or spreadsheets. The most common file types are excluded by default (.doc, etc.). You can add to the list of excluded files if desired."

i think it will be great if nod32 blocked the access to the usb flash till an automatic scan finishes.

some times there is some undetected threats especially the new threats.
so we go to remove the virus manually so

why do not we create a new feature in nod32 to deal with the virus's file to delete them automatically by giving nod32 the paths to the virus files.

so i can make a configuration file with the virus's file paths to be captured by nod32 as threats.

this really will be amazing , till the update comes from ESET.

Use Multiple cores.

New systems now have multiple cores (2 or more CPUs). I have a AMD 4 core system (4 CPUs).

It would be nice to have NOD32 use threads and utilize all cores (let you select how many cores to run on) for faster scanning.

Also, make NOD32 catch viruses like this one (http://www.wilderssecurity.com/showthread.php?t=249881)which it recently missed on my system.

-{ Quote: "Use Multiple cores.

New systems now have multiple cores (2 or more CPUs). I have a AMD 4 core system (4 CPUs).

It would be nice to have NOD32 use threads and utilize all cores (let you select how many cores to run on) for faster scanning.

Also, make NOD32 catch viruses like this one (http://www.wilderssecurity.com/showthread.php?t=249881)which it recently missed on my system." }-

I just checked the affinity settings for the service under task manager and it says that NOD is set to all 4 of my cores.

I really think the web protection site advisory, with an option to submit unsafe sites such as scam scanners etc, would be fantastic. I miss this from AVG, it would be brilliant to see it in ESET programs.

Hello,

I believe you will find Intel certifications for ESET NOD32 Antivirus and ESET Smart Security here (http://ibx.intel.com/directory/productpage/tabid/85/language/en-us/p-2085-eset-nod32-antivirus.aspx) and here (http://ibx.intel.com/directory/productpage/tabid/85/language/en-us/p-2086-eset-smart-security.aspx), respectively, on Intel's web site.

Regards,

Aryeh Goretsky

-{ Quote: "I just checked the affinity settings for the service under task manager and it says that NOD is set to all 4 of my cores." }-

The ability to import a configuration (.xml) file with the command line on a already installed client.

Improve : anti-stealth ,anti-hack/hijack/phishing, overall scanning spd/info, update and user interface(statistics)make it easier/predigest + accuracy , more intellectuality overall settings especially scanning settings and network control /firewall.Of course put on steam about the idea of eset : a briefness , small and exquisite ，efficiency+stable , high performance and lowest usage antiv/ssc.;D i lik it :thumb:

*notice : accelerate update overall antivirus/smrt antivirus program and advertisement at official website , at website aspect particularly the virus encyclopedia hope it get up to date and better than other company.My opinion now Eset tardiness about improve overall program/v.encyclopedia , hope eset may pay more attention to tis.

New functions : site advisor , parent control(briefness) , secure file protection :lurking:

:) Hope Eset attention it.

add anti spam to the basic anti virus not just the one with firewall

-{ Quote: "add anti spam to the basic anti virus not just the one with firewall" }-

I agree NOD32 AV should have Anti Spam!

TH

-{ Quote: "I agree NOD32 AV should have Anti Spam!

TH" }-

I disagree... no bloatware :dry:

I would be nice to have the choice :-

I would love the antispam element, as I get quite a lot of spam (even though I run my own mailserver with SpamAssassin). The reason I have EAV and not ESS is that I do NOT want the firewall part of ESS. I already have the Windows firewall, I have a Cisco router, and I'm using NAT, so my PC defences are fairly strong. But spam can bypass all these defences.


Jim

-{ Quote: "
The reason I have EAV and not ESS is that I do NOT want the firewall part of ESS." }-

Simply change the type of firewall integration with the system to "Only scan application protocols" in the main ESS setup -> Personal firewall -> System integration and ESS will work like EAV with antispam.

Remove splash screen



detect single or multi core processor, speed scan and emulate code AH



Design futuristic - optimize space and clear access



better detection real time and proactive



feedback samples send



option - mode game and mode netbook



better firewall



continue to preserve their good points



I wish that ESET continue to be the Yin & Yang of AV's, this is a balanced program

HIPS please.

Hello,


Tag email:


After:

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4518 (20091017) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



Before:


____________________________________________________________

The message was checked by ESET NOD32 Antivirus, virus signature database 4518 (20091017)


http://www.eset.com





So we are left with a more organized with the end of the email, thereby saving unnecessary space.

Support for removing tracking-cookies like Free AVG does.
Consider a new pricing model for 5-user licenses. NOD32 may be the best, but I find paying ~239 USD for ESET NOD32 Antivirus (5 users) while I can get a very similar product for 5-users from Symantec for ~89 USD. Loyalty to a good product has its limit, regardless how good is.

You can get a 5-pack for ~120 USD here (http://www.betterantivirus.com/catalog/eset-nod32-antivirus-home-edition-user-year-standard-license-p-359.html)

Problem is they normally only sell 1, 2, 3 or 4 user pack license. If you need 5 a Business Edition is available at around the same price.

I've been using NOD32 for over 5 years now and after reading the entire thread and combining it with my personal experiences here is what I have to say:

1. Stop asking/adding for more eye-candy and functions ==>
2. Only focus on the antivirus product. The firewall doesn't seem to catch on anyway. TBH it isn't that good...
3. Get back up to the top with the detection rates. AV-comparatives show Eset is behind the competition ==>
4. As I found out myself, virusses I encounter are missed regularly. And I know no AV is perfect, but that is no reason to perform worse over time.
6. Scan speed is not what it used to be. Performance crown has been lost
7. Don't check whether I have my windows updates installed. Stop bloating NOD32! Focus on the AV part please.
8. Show your customers that you care. Reply to e-mails regarding samples.
9. Add samples faster. Most samples I send take days if not more than a week to get added.*

*I really don't understand the slow adding of samples. Eset does check the jotti.org and virustotal database like any other vendor?

Overall that are the reasons why I am slowly migrating to Avira (still have running NOD32 licenses). It seems the NOD32-Kaspersky reign is over... for now. May sound funny but I've parted with NOD32 with regret. The product was really appealing back in the days NOD32 had the feel of "the AV for the computer enthousiasts". I feel Eset has lost their focus a bit. Thing are not too late though, many fora are still recommending Eset but word is starting to leak through what is really going on...

RA:
- Option for description/name of configuration schemas which was was send/configured for clients.
- Option for updating new login/pass to ESET servers for clients registred in RA (without reinstallation or configuration jobs)

AV:

- better known trojan/...ware remover (like Combofix ?)

-{ Quote: "I've been using NOD32 for over 5 years now and after reading the entire thread and combining it with my personal experiences here is what I have to say:

1. Stop asking/adding for more eye-candy and functions ==>
2. Only focus on the antivirus product. The firewall doesn't seem to catch on anyway. TBH it isn't that good...
3. Get back up to the top with the detection rates. AV-comparatives show Eset is behind the competition ==>
4. As I found out myself, virusses I encounter are missed regularly. And I know no AV is perfect, but that is no reason to perform worse over time.
6. Scan speed is not what it used to be. Performance crown has been lost
7. Don't check whether I have my windows updates installed. Stop bloating NOD32! Focus on the AV part please.
8. Show your customers that you care. Reply to e-mails regarding samples.
9. Add samples faster. Most samples I send take days if not more than a week to get added.*

*I really don't understand the slow adding of samples. Eset does check the jotti.org and virustotal database like any other vendor?

Overall that are the reasons why I am slowly migrating to Avira (still have running NOD32 licenses). It seems the NOD32-Kaspersky reign is over... for now. May sound funny but I've parted with NOD32 with regret. The product was really appealing back in the days NOD32 had the feel of "the AV for the computer enthousiasts". I feel Eset has lost their focus a bit. Thing are not too late though, many fora are still recommending Eset but word is starting to leak through what is really going on..." }-

Agree.

Not renewing licenses either.
But will keep an open mind and watch for future improvements/changes.

Hi,

I Would like to see this feature in REmote Administrator Console

Multi-Threaded install..Instead of waiting to install clients one by one. Why install 5 at a time. If Symantec can do it..you can also

Patrice

1. Registry scanning to clean traces of malware left behind after the files have been removed.

2. Lower memory utilization 15-25MB EKRN would be great instead of 45-55 MB. This helps compete against other AV companies who have a smaller memory footprint

3. Cloud based Reputation system for URLs, and installers that have been seen and reported as malware to stop users from downloading fake malware based on reputation instead of signatures that may not be out yet to clean infection.

4. Cloud based statistics users can look at and see what may be out there that is being blocked by reputation

-{ Quote: "I've been using NOD32 for over 5 years now and after reading the entire thread and combining it with my personal experiences here is what I have to say:

1. Stop asking/adding for more eye-candy and functions ==>
2. Only focus on the antivirus product. The firewall doesn't seem to catch on anyway. TBH it isn't that good...
3. Get back up to the top with the detection rates. AV-comparatives show Eset is behind the competition ==>
4. As I found out myself, virusses I encounter are missed regularly. And I know no AV is perfect, but that is no reason to perform worse over time.
6. Scan speed is not what it used to be. Performance crown has been lost
7. Don't check whether I have my windows updates installed. Stop bloating NOD32! Focus on the AV part please.
8. Show your customers that you care. Reply to e-mails regarding samples.
9. Add samples faster. Most samples I send take days if not more than a week to get added.*

*I really don't understand the slow adding of samples. Eset does check the jotti.org and virustotal database like any other vendor?

Overall that are the reasons why I am slowly migrating to Avira (still have running NOD32 licenses). It seems the NOD32-Kaspersky reign is over... for now. May sound funny but I've parted with NOD32 with regret. The product was really appealing back in the days NOD32 had the feel of "the AV for the computer enthousiasts". I feel Eset has lost their focus a bit. Thing are not too late though, many fora are still recommending Eset but word is starting to leak through what is really going on..." }-

EXACTLY. Although I'm still a proud ESET user. I still use version 2.70 to this day. (Support for Windows 7 on version 2.70 would be nice as well...) Go back to the smaller footprint: Less eye-candy more efficiency. I think a LOT of users would prefer a tiny-simple GUI over hte "new look" anyday... Just my 2 cents...