First thing I did was rush over to www.eicar.org and click on the zipped files.

Believe me, you will be warned! ;D


http://www.nod32.com/download/downbeta.htm

System info from new beta.

{QUOTE-> System info from new beta. <-QUOTE}

Ahhhh, he's off and running ;D

So, what do you think?

Cheers ;D

Zip2 being caught...

{QUOTE-> Ahhhh, he's off and running ;D

So, what do you think?

Cheers ;D <-QUOTE}

I was camped on Eset's page and they still slipped it by me! ;D

I see no difference in speed, which I like personally. I like my speed!

I'll just have to go along here and see what happens.

You have had no problems with the beta, is that correct?

{QUOTE-> I was camped on Eset's page and they still slipped it by me! ;D

I no difference in speed, which I like personally. I like my speed!

I'll just have to go along here and see what happens.

You have had no problems with the beta, is that correct? <-QUOTE}

LOL, no other than the GUI staying put after booting, it has been running like a dream.

The lsass error seams to have been fixed as well, haven't seen it around for a while...

And I have it on good authority that Trojan detection through IMON using Advanced Heuristics is about to be greatly improved ;D

Cheers ;D

The thing says if not applicable to just click leave or terminate.....however, I don't see a "leave" button to click in that screenshot?????

{QUOTE-> LOL, no other than the GUI staying put after booting, it has been running like a dream.

The lsass error seams to have been fixed as well, haven't seen it around for a while...

And I have it on good authority that Trojan detection through IMON using Advanced Heuristics is about to be greatly improved ;D

Cheers ;D <-QUOTE}
I was hoping it would be in this beta, but doesn't look like the AH module was changed, guess they want us to test these new features first before mixing it up more. ;D

Btw do you guys have to press terminate 2 times for the eicar.com and the .txt one, and 4 times each for the zipped, and double zipped before the message dissappears?

I am testing it on an old low end machine, PIII 500, 256 Megabytes Memory.
With all options marked I am not seeing any speed problem. :)

{QUOTE-> ...Btw do you guys have to press terminate 2 times for the eicar.com and the .txt one, and 4 times each for the zipped, and double zipped before the message dissappears? <-QUOTE}

Yes, guess they want to make sure you are going against their advice to proceed with the download, when a virus has been detected...

Cheers ;D

{QUOTE-> The thing says if not applicable to just click leave or terminate.....however, I don't see a "leave" button to click in that screenshot????? <-QUOTE}

You are correct, they have missed out the "Leave" button, which probably is a good thing. The advice is to "Terminate", if you try to close the Window, it bounces straight back up, and you have to try and close it again...

I think they need to alter the advice message and remove "leave".

Cheers ;D

It will get your attention! Maybe a rename button would be a good feature too since xp tends to slap files in documents and settings in a hurry.

Yes, but my point is that they give you TWO choices and only one is present. If they only give you one button to choose from, then why the advice telling you to choose from the TWO......leave or terminate???

{QUOTE-> Yes, but my point is that they give you TWO choices and only one is present. If they only give you one button to choose from, then why the advice telling you to choose from the TWO......leave or terminate??? <-QUOTE}

I missed that, then reread your post, and took another look at the screen shot, and edited my message to reflect that...

Cheers ;D

Yes it does warn upon downloading the eicar test files, but remember that it only works if the IMON setting for the downloading program is "maximum efficiency." When set for "maximum compatability" IMON seems to do nothing about downloading an infected file. This means no meaningful protection for those of us who use a different browser which can't be used with the max eff. setting (in my case Maxthon 1.0.0178--downloads simply froze) or who use a download manager which ESET warns must be set in max compatability mode.

Update: My Maxthon now seems to be downloading perfectly well with NOD32 beta. I have no idea what the problem was, but I'm glad it's gone.

Why does NOD32 scan .gif and .jpg files?
Is that really necessary?

Notice that on the new ver.

{QUOTE-> Why does NOD32 scan .gif and .jpg files?
Is that really necessary?

Notice that on the new ver. <-QUOTE}


Where do you see that?

{QUOTE-> Why does NOD32 scan .gif and .jpg files?
Is that really necessary?

Notice that on the new ver. <-QUOTE}

Where are you seeing this?

Cheers ;D

{QUOTE-> Yes it does warn upon downloading the eicar test files, but remember that it only works if the IMON setting for the downloading program is "maximum efficiency." When set for "maximum compatability" IMON seems to do nothing about downloading an infected file. This means no meaningful protection for those of us who use a different browser which can't be used with the max eff. setting (in my case Maxthon 1.0.0178--downloads simply froze) or who use a download manager which ESET warns must be set in max compatability mode. <-QUOTE}
Hmm? I use Maxthon 1.0.0178 and it detected it on higher compatability... Yours is automatically on max comp?

{QUOTE-> I use Maxthon 1.0.0178 and it detected it on higher compatability... <-QUOTE}

Same for me...

blackspear do i use the special settings?
http://www.wilderssecurity.com/showthread.php?t=37509

Did you guys uninstall first??

Ruben

{QUOTE-> Did you guys uninstall first??

Ruben <-QUOTE}

I uninstalled and deleted Eset from program files before installing the beta.

{QUOTE-> I uninstalled and deleted Eset from program files before installing the beta. <-QUOTE}
Ok, is that also recommended by ESET - sounds logical though

Ruben

{QUOTE-> Where are you seeing this?

Cheers ;D <-QUOTE}

Check "Scanning .jpg & .gif" threat in NOD32 version 2 forum..

{QUOTE-> Ok, is that also recommended by ESET - sounds logical though

Ruben <-QUOTE}


It has always worked for me. I can't speak for Eset.

I install it over the previous version and works fine.

Until now this beta version works very well, I test it with the Maxthon, Firefox, Opera on the EICAR website and he catch all the files ;)

I don't see any slow down on my connection...

The DMON is compatible with OpenOffice?

Great work http://m2.overseasky.net/smileys/smiley32.gif

{QUOTE->
The DMON is compatible with OpenOffice?
<-QUOTE}
NO... :(

I don't know about Open Office, but Imon is scanning everything on newly opened web pages if you have it setup to scan all files. With advanced heuristics no less. No drop in speed, in fact, this beta seems to run even faster than the other version.

{QUOTE-> I don't know about Open Office, but Imon is scanning everything on newly opened web pages if you have it setup to scan all files. With advanced heuristics no less. No drop in speed, in fact, this beta seems to run even faster than the other version. <-QUOTE}

But will be nice if the DMON works with the majors Office managers...

I notice that now the "nod32kui.exe" use about 680kb and the "nod32krn.exe" 13.448kb

My memory usage is about the same as yours.

Scans Opera here with high efficency - is that ok or high compatibility be better

After Update got these infos:

NOD32 Antivirus System information
Virus signature database version: 1.819 (20040722)
Dated: Donnerstag, 22. Juli 2004
Virus signature database build: 4694

Information on other scanner support parts
Advanced heuristics module version: 1.007 (20040309)
Advanced heuristics module build: 1053
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.017 (20040715)
Archive support module build version: 1092

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.000.11b
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.000.11b
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.000.11b

Operating system information
Platform: Windows 2000
Version: 5.0.2195 Service Pack 4
Version of common control components: 5.81.4916
RAM: 160 MB
Processor: x86 Family 6 Model 5 Stepping 0 (233 MHz)


Thats what I needß

{QUOTE-> Scans Opera here with high efficency - is that ok or high compatibility be better

After Update got these infos:

NOD32 Antivirus System information
Virus signature database version: 1.819 (20040722)
Dated: Donnerstag, 22. Juli 2004
Virus signature database build: 4694

Information on other scanner support parts
Advanced heuristics module version: 1.007 (20040309)
Advanced heuristics module build: 1053
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.017 (20040715)
Archive support module build version: 1092

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.000.11b
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.000.11b
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.000.11b

Operating system information
Platform: Windows 2000
Version: 5.0.2195 Service Pack 4
Version of common control components: 5.81.4916
RAM: 160 MB
Processor: x86 Family 6 Model 5 Stepping 0 (233 MHz)


Thats what I needß <-QUOTE}


Higher compatibility is the default. I'll try this for awhile.

Looks like your info is correct.

All the browsers should be with the "high efficiency", but the NOD32 put all my browser (Maxthon, Firefox and Opera) in "high compatibility" by default...

I change them to "high efficiency" and will see what it's happen...

All of my programs were put in the higher compatibility mode. I just changed to higher efficiency mode and also will see how it goes.

Hi Eset, so far so good.

pitty though their is no internal protection for termination process?? or do I misunderstood??

virus or trojan can disable this process or not??

for the rest, super, better then before!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


THANXXXXXXXXXXXXXXXXXXXXXXXXX

Only in Opera I received this message after I select the option "Terminate":

Should we received the same in all browsers?

Infinity, were you really able to terminate the nod32krn process?

{QUOTE-> Yes, guess they want to make sure you are going against their advice to proceed with the download, when a virus has been detected...

Cheers ;D <-QUOTE}

Terminate? I don't have that. I still have to download and unzip eicar before AMON alerts. Nothing has changed.

Plus, I have quarantine checked and it isn't quarantined.

{QUOTE-> Terminate? I don't have that. I still have to download and unzip eicar before AMON alerts. Nothing has changed.

Plus, I have quarantine checked and it isn't quarantined. <-QUOTE}


Do you the beta released today? It will light up at eicar.org on the double zipped file if you just click on it.

Marcos, just with process termination from diamondcs. to be honest I presses on all. then it was removed from systray but service still runs. My bad. I guess it has this protection.

Yes, I have the new beta. It doesn't light up. I use
AMON. I want a resident scanner that works properly. I wouldn't dare use the IMON HTTP scanner on my W98SE box where I have the new beta installed. That scanner slowed my XP box a great deal when I had an earlier version of the beta on my XP box. KAV 4.5 doesn't slow XP at all and it is supposed to slow all boxes. It doesn't mine. But NOD32's HTTP scanner makes surfing too slow and that is on a very fast XP box. Can you imagine what it would be like to use the HTTP scanner on my old 450MHz box with only 224 RAM? Plus, I don't want anything messing with Winsock. I don't use the email scanner either. Too many problems with scanning at the Winsock level. Eset should have a standard email scanner IMO. I don't care particularly that I can't use the email scanner but I do care that almost all improvement in NOD32 is in the HTTP scanner and not in AMON where it should be.

So I am very unhappy. I wanted to see AMON doing a proper job. I should NOT have to unzip to have AMON detect eicar.zip. I guess NOD32 just isn't for me. KAV 4.5 detects without unzipping. That is what I was hoping NOD32 would do. Plus, if the way Eset is going to beef up trojan detection is through IMON then I know NOD32 is no longer for me. I am not going have my boxes slowed significantly by that HTTP scanner. I want the resident scanner to do a proper job that is all. I don't know why that is too much to ask.

{QUOTE-> Yes, I have the new beta. It doesn't light up. I use
AMON. I want a resident scanner that works properly. I wouldn't dare use the IMON HTTP scanner on my W98SE box where I have the new beta installed. That scanner slowed my XP box a great deal when I had an earlier version of the beta on my XP box. KAV 4.5 doesn't slow XP at all and it is supposed to slow all boxes. It doesn't mine. But NOD32's HTTP scanner makes surfing too slow and that is on a very fast XP box. Can you imagine what it would be like to use the HTTP scanner on my old 450MHz box with only 224 RAM? Plus, I don't want anything messing with Winsock. I don't use the email scanner either. Too many problems with scanning at the Winsock level. Eset should have a standard email scanner IMO. I don't care particularly that I can't use the email scanner but I do care that almost all improvement in NOD32 is in the HTTP scanner and not in AMON where it should be.

So I am very unhappy. I wanted to see AMON doing a proper job. I should NOT have to unzip to have AMON detect eicar.zip. I guess NOD32 just isn't for me. KAV 4.5 detects without unzipping. That is what I was hoping NOD32 would do. Plus, if the way Eset is going to beef up trojan detection is through IMON then I know NOD32 is no longer for me. I am not going have my boxes slowed significantly by that HTTP scanner. I want the resident scanner to do a proper job that is all. I don't know why that is too much to ask. <-QUOTE}


I don't notice a slowdown on my xp machine with http scanning on. I guess each machine is different.

I don't see any reason why amon shouldn't detect zips as you say. Maybe they can add that feature-------------hey Marcos!!

{QUOTE-> blackspear do i use the special settings?
http://www.wilderssecurity.com/showthread.php?t=37509 <-QUOTE}

Yes, the screen shots should line up totally now ;)

Cheers ;D

{QUOTE-> ...It will light up at eicar.org on the double zipped file if you just click on it. <-QUOTE}

That happened the first time, not the second time, it must be loaded into cache (which I have yet to figure out how to clear with Firefox) or a temp file. I was a little dissapointed that it did not flare up on just clicking the link as it did in the first instance, which was impressive...

Cheers ;D

{QUOTE-> ...I wouldn't dare use the IMON HTTP scanner on my W98SE box where I have the new beta installed. That scanner slowed my XP box a great deal when I had an earlier version of the beta on my XP box... <-QUOTE}

You are talking about earlier releases, there have been about 10 previous versions of pre-release Beta that I know of, I have kept 6 or so of them, they are all different file sizes...

There was someone else that posted with the same specs as your 98 machine.

Cheers ;D

{QUOTE-> That happened the first time, not the second time, it must be loaded into cache (which I have yet to figure out how to clear with Firefox) or a temp file. I was a little dissapointed that it did not flare up on just clicking the link as it did in the first instance, which was impressive...

Cheers ;D <-QUOTE}


Firefox, options, tools, privacy, clear all. You will have to log on to Wilders again if you clear the cache while here because your cookies go too.

{QUOTE-> Firefox, options, tools, privacy, clear all. You will have to log on to Wilders again if you clear the cache while here because your cookies go too. <-QUOTE}

Thanks for that...

Cheers ;D

Why clear all? Just clear the cache in FireFox and keep it very low. You do not need much cache unless you are on dial up. So for those on broadband connections the recommended cache size is about 500KB. Just enough cache so you can download extensions. Most of us would have 0 cache except then you have to go back and make a small cache each time you download extensions. They cannot download if the cache is set to 0. If you don't download extensions often, then set the cache to 0.

Tool/options/privacy/clear cache ... not clear all information stored while browsing!

{QUOTE-> I don't notice a slowdown on my xp machine with http scanning on. I guess each machine is different.

I don't see any reason why amon shouldn't detect zips as you say. Maybe they can add that feature-------------hey Marcos!! <-QUOTE}

Some here have asked for this for a long time. :(

{QUOTE-> KAV 4.5 doesn't slow XP at all <-QUOTE}

That is NOT TRUE. I have a machine that is far superior to most out there and I CAN see an impact from KAV 4.5 and 5. I don't know what you disable but on default settings KAV slows XP down by noticable amounts.
;) Not trying to start anything just stating facts I have observed on 3 different pc. ;)

{QUOTE-> That is NOT TRUE. I have a machine that is far superior to most out there and I CAN see an impact from KAV 4.5 and 5. I don't know what you disable but on default settings KAV slows XP down by noticable amounts.
;) Not trying to start anything just stating facts I have observed on 3 different pc. ;) <-QUOTE}
I agree with you.

I have tested the KAV 4.5 on my older pc (PIII 500, 320MB) and my computer was very slow and with nod32 it didn't...
The KAV 5.0 is much better about this...

I have KAV 4.5 trial on a 3GHz Dell Dimension with 1GB RAM. I have everything enabled for scanning except email. I don't use email scanners. I see no slowdown at all. I did see significant slowdown with KAV 5.0 though. That is probably because it caused immediate, severe fragmentation mostly in System Restore files (where I have about 80 restore points) and rendered System Restore useless. I would not put KAV any flavor on my older W98SE box as I would expect slowdown.

Hi Folks:

I'm gonna install the new beta now.Any recommendations about best setup for it ? And about lsass.exe problem ? Has it been fixed ?

Best Regards,

DonKid.

I would turn on "automatically deny download of infected file" in the IMON setup by choosing the Expert setup mode when installing. I like the splash screen when malware is identified. ;D

The lsass.exe problem seems to be specific to some machines. I have 12 machines running the beta with Windows XP SP1 (8) and Windows 2000 SP4 (4) and none of them have experienced this issue.

{QUOTE-> ...about lsass.exe problem ? Has it been fixed?... <-QUOTE}

As far as I'm concerned, no, the little mongrel just reappeared >:(

I started a new Beta thread about it. The previous pre-release had sorted the problem, arrived home this afternoon to find it popping it's little head back up, them thare varments have returned ;)

Cheers ;D

Hi all

Just small note to default compatibility settings in HTTP scanner. All unknown (untested) programs are automatically set to higher compatibility. We need to fill the list of aprroved browsers (which works with high efficiency level set) with at most browsers as possible.
So if your browser is not in the list, please set it to high efficiency level a use it for a while. If everything looks OK, send information from Compatibilitty settings dialog to beta2011@nod32.com, we will add the browser to the list.
Also, if you meet any particular problem with browser (probably on specific webpage), please report this too.

Regards

Tomas

Hi !

Will there be also a german version of the beta ?

ww

Depending on the feedbacks of beta testers, most likely we will give out also other language mutations of beta.

{QUOTE-> Depending on the feedbacks of beta testers, most likely we will give out also other language mutations of beta. <-QUOTE}
Nice info indeed ;)
Then i will wait till the german beta version is released ;)

Thx for your efforts,
ww

P.S. Could you give me a hint - will it be hours, days or weeks ?

Hello, you'll probably think this a silly question. ::) On the bottom of main scanner are the choices "Scan" and "Clean", is there a difference in these functions. I tried "clean" last night and it looked just like an ordinary scan. I never noticed but maybe this was on last version. ;)

{QUOTE-> Hello, you'll probably think this a silly question. ::) On the bottom of main scanner are the choices "Scan" and "Clean", is there a difference in these functions. I tried "clean" last night and it looked just like an ordinary scan. I never noticed but maybe this was on last version. ;) <-QUOTE}


I never understood why it was programmed this way, but "scan" will scan your system and tell you afterwards if anything is infected, etc. However, you can't clean from this point........If anything is found during the "scan", then you must select "clean" upon which the entire process will be repeated again and as NOD finds each problem, you will have the option at that time to clean, etc.

Don't understand why when scanning and if something is found, you can't clean it at that time. Why the repetition of the entire scan process.....

{QUOTE-> I uninstalled and deleted Eset from program files before installing the beta. <-QUOTE}

Ooops I installed it over the previous version, but I haven´t had any problems (yet anyway :) )Works perfectly, no speedloss.

Well? ;D

{QUOTE-> I never understood why it was programmed this way, but "scan" will scan your system and tell you afterwards if anything is infected, etc. However, you can't clean from this point........If anything is found during the "scan", then you must select "clean" upon which the entire process will be repeated again and as NOD finds each problem, you will have the option at that time to clean, etc.

Don't understand why when scanning and if something is found, you can't clean it at that time. Why the repetition of the entire scan process..... <-QUOTE}

Why don't you just click the "Clean" button the first time to start the scan instead of the "Scan" button?

If you click the clean button first then the scan cannot be unattended as it will hang on any nasty it finds (assuming you have it set to ask you what to do) which is the recommended action. Thus, the recommendation that one first run a "scan only" scan and that can be while you are asleep, etc. There is no need, unless a nasty is found, to then run an attended "clean" scan.

{QUOTE-> If you click the clean button first then the scan cannot be unattended as it will hang on any nasty it finds (assuming you have it set to ask you what to do) which is the recommended action. Thus, the recommendation that one first run a "scan only" scan and that can be while you are asleep, etc. There is no need, unless a nasty is found, to then run an attended "clean" scan. <-QUOTE}

Well now, what I do for an unattended scan is mark "Clean" and if uncleanable mark "no action".

I don't think one should should mark "Delete" for an unattended scan but I don't mind if it tries to Clean it and then for uncleanable items "no action".

For the very few times it may find a nasty it can't clean I then run the scan again with "offer action"

{QUOTE-> Well now, what I do for an unattended scan is mark "Clean" and if uncleanable mark "no action".

I don't think one should should mark "Delete" for an unattended scan but I don't mind if it tries to Clean it and then for uncleanable items "no action".

For the very few times it may find a nasty it can't clean I then run the scan again with "offer action" <-QUOTE}

If you do it Mele's way then you can scan, in the unlikely event that it finds something while unattended, after checking the log, you can then run a clean which has already been set to your desired perimiters, I have it set to offer action... or you can simply go to the infected location and right click and scan that particular file, instead of your entire system...

Cheers ;D

{QUOTE-> If you do it Mele's way then you can scan, in the unlikely event that it finds something while unattended, after checking the log, you can then run a clean which has already been set to your desired perimiters, I have it set to offer action... or you can simply go to the infected location and right click and scan that particular file, instead of your entire system...

Cheers ;D <-QUOTE}

That does sound like the best way.

{QUOTE-> Well now, what I do for an unattended scan is mark "Clean" and if uncleanable mark "no action".

I don't think one should should mark "Delete" for an unattended scan but I don't mind if it tries to Clean it and then for uncleanable items "no action".

For the very few times it may find a nasty it can't clean I then run the scan again with "offer action" <-QUOTE}

I don't get much so maybe that is why, but I don't think NOD32 has ever been able to clean a nasty.

{QUOTE-> I don't get much so maybe that is why, but I don't think NOD32 has ever been able to clean a nasty. <-QUOTE}

I had Nod32 logs full of Netsky at work, it does the job very well ;)

Cheers ;D

Of course NOD is able (and has always been able) to clean viruses and macro viruses which infect other files. Worms propagating by email, trojans and other kinds of malware which do not infect other files can only be deleted as they consist only of a viral code.

Yes I know NOD32 can clean viruses but I thought we were talking about worms or about a virus that hasn't infected any other files and NOD finds it on right click scan after download and you try to clean it and you almost never can. You have to delete it. I thought we were discussing this kind of situation. Sorry, I misunderstood.

Any news on more different language versions of the beta ?

thx,
ww

{QUOTE-> Yes I know NOD32 can clean viruses but I thought we were talking about worms or about a virus that hasn't infected any other files and NOD finds it on right click scan after download and you try to clean it and you almost never can. You have to delete it. I thought we were discussing this kind of situation. Sorry, I misunderstood. <-QUOTE}

Regarding worms, there is nothing to clean, the same for a virus that hasn't infected anything, there is nothing to clean, deletion is the only thing you can do with them, unless you want to keep them around for some reason.

Imon caught the MyDoom.R trying to sneak in my email today. This is the first virus/worm that has gotten past my ISP.




__________ NOD32 1.822 (20040726) Notification __________

Warning: NOD32 antivirus system found the following infiltrations in the message:
instruction.zip - Win32/Mydoom.R worm - deleted
instruction.zip > ZIP > instruction.zip - Win32/Mydoom.R worm - was a part of the deleted object

Just so you know...

If you do an unattended scan, by clicking Scan, and you have any infected files you want to clean, you can just right-click in the log window of the NOD32 Scanner, and choose Clean. It will then perform the action specified in the Action tab ("offer action" for example) on the file in the log entry you right-clicked.

Best regards,
Anders

Anders

Thanks for the tip. Can you tell me when the help file will be updated?

{QUOTE-> ...If you do an unattended scan, by clicking Scan, and you have any infected files you want to clean, you can just right-click in the log window of the NOD32 Scanner, and choose Clean. It will then perform the action specified in the Action tab ("offer action" for example) on the file in the log entry you right-clicked... <-QUOTE}

Very nice, thanks for that Anders

Cheers ;D