Is nod32 bad.I have do a test with 36 infected files and Nod32 can only cover 4 files of the 36.Other scanners can find all the 36 but nod32 4.I have submit what samples but how long does it take before i can delete the other archives

Well, it's questionable if the samples not detected by NOD32 are actually viruses. Most of other AV companies strive for having the largest database of viruses and it usually happens that the samples they add are actually non-functional. As a result, it may imply that the AV, which do not detect them, are worse in terms of detection capabilities.

Also please make sure you scanned them with all objects selected in NOD32 scanner setup (e.g. if the file not reported by NOD32 as infected was actually in a zip archive and you didn't have scanning archives enabled, it's obvious that NOD32 could not pick it up). If you did so, I suggest you send them to samples@nod32.com so that we can analyse them and tell why they were not detected.

Now can Nod32 find 35 of the 36 virusses :) .I have send 1 sample to the adress.The name of the zipfile is phpfaces.zip

Hi,
NOD detect all your viruses. Let me explain:
PHP.Faces is a highly polymorphic virus. NOD uses a emulator to detect many polymorphic viruses, for this reason the virus need to have the real extension. In this case the extension should be .php and not other as .txt, .doc, etc. I've found this virus in a site renamed as .txt. Please rename it to .php and NOD will detect it without problems.



{QUOTE-> Now can Nod32 find 35 of the 36 virusses :) .I have send 1 sample to the adress.The name of the zipfile is phpfaces.zip <-QUOTE}

{QUOTE-> ...please make sure you scanned them with all objects selected in NOD32 scanner setup (e.g. if the file not reported by NOD32 as infected was actually in a zip archive and you didn't have scanning archives enabled, it's obvious that NOD32 could not pick it up). If you did so, I suggest you send them to samples@nod32.com so that we can analyse them and tell why they were not detected. <-QUOTE}

why, Why, WHY does Nod32 by default NOT arrive set to it's maximum strength ???

why, Why, WHY should the public have to discover this after the fact, when something has NOT been detected, due to default settings, as in the basis of this thread.

Cheers ;D

{QUOTE-> why, Why, WHY does Nod32 by default NOT arrive set to it's maximum strength ???

why, Why, WHY should the public have to discover this after the fact, when something has NOT been detected, due to default settings, as in the basis of this thread.

Cheers ;D <-QUOTE}


I think they are trying to avoid false positives as much as possible. That can scare a new user. And if a new user should delete a false positive, they might possibly break their operating system.

That is the only reason I can think of.

Polymorphic viruses aren't detected even if NOD is configured to scan all files. Why? because NOD need to emulate the virus. It's not dangerous because if a virus has a bad extension it can't run so can't damage your system.

{QUOTE-> why, Why, WHY does Nod32 by default NOT arrive set to it's maximum strength ???

why, Why, WHY should the public have to discover this after the fact, when something has NOT been detected, due to default settings, as in the basis of this thread.

Cheers ;D <-QUOTE}

{QUOTE-> ...was actually in a zip archive and you didn't have scanning archives enabled... <-QUOTE}

I am talking about "Default Settings" that should be ticked by DEFAULT, we go through after installing Nod32 for clients and tweak it up, I would rather be at full strength and deal with a possible "False Positive", than deal with a angry, upset and confused client who then has to be told, go to settings tick everything that should be ticked, rerun your scan, and ohhhh now Nod detects the infection...

Cheers ;D

{QUOTE-> I am talking about "Default Settings" that should be ticked by DEFAULT, we go through after installing Nod32 for clients and tweak it up, I would rather be at full strength and deal with a possible "False Positive", than deal with a angry, upset and confused clients who then has to be told, go to settings tick everything that should be ticked, rerun your scan, and ohhhh now Nod detects the infection...

Cheers ;D <-QUOTE}


In this case, NOD needs to rewrite their help file that comes with the program.
They state in the help file that NOD is optimized out of the box.

Maybe Marcos can shed some light on this.

i agree it should be optimized out of the box, i have a reg tweak that does alot :D

download RegSnap run it, & compare registry changes before & after u configure nod how u like it, then u just have 2 double click the .reg file 2 have it install when u install nod for the first time

regards

thanks for all the replys

{QUOTE-> I am talking about "Default Settings" that should be ticked by DEFAULT, we go through after installing Nod32 for clients and tweak it up, I would rather be at full strength and deal with a possible "False Positive", than deal with a angry, upset and confused client who then has to be told, go to settings tick everything that should be ticked, rerun your scan, and ohhhh now Nod detects the infection...

Cheers ;D <-QUOTE}


Hi guys

Hads a couple of infection recently, so decided to reinstall XP. Decided to give NOD a try too. So far, very impressed with it.

With reference to the above post, what 'tweak' should I make to the default setting to ensure I get maximum protection?

So far, I've changed the HR scan from safe to deep, is this better?

TIA

{QUOTE-> ...what 'tweak' should I make to the default setting to ensure I get maximum protection? <-QUOTE}

See this thread: http://www.wilderssecurity.com/showthread.php?t=21171

{QUOTE-> ...So far, I've changed the HR scan from safe to deep, is this better? <-QUOTE}

Yes ;D

You can also set up Nod to make a automatic weekly or daily scan, see this thread: http://www.wilderssecurity.com/showthread.php?t=33275 and from post number 18 onwards... And post number 46 in the same thread for a maximum strength command line scan...

Cheers ;D

I left my NOD32 updating every hour as it was set upon install. Anyway, that' not the point of my post; rather my point is to say that I too would have preferred that the application installed with "max" or "very high" so to speak levels of detection or security without me having to make a few adjustments. All the same, I must also state that I've never had any other AV so impressive as this, and it's definitely never missed a single thing (yes, for the record - I have double and triple and quadruple and blah blah blah checked :-D )

Blackspear

Thanks for the link. Followed your example setting up a schedule scan :)

The schedule was set up in the admin account, under profile. I have a limited account set up for nornal everyday use.

Will the scan start while I am logged in the limited account, or do I need to be in the admin account for it to work?

TIA