Hello!

I like to know a little more about Optimize scanning.
How Amon knows that file was checked. What if NOD32 first time doesn't recognize virus in file, in next update ESET will add virus signature for this virus will AMON detect this file because of 'Optimize scanning'?

Best regards,

izi

No company discloses details on the technology developed / used.

{QUOTE-> No company disclose details on the technology used. <-QUOTE}

OK!

Best regards,

izi

Hi Marcos,

The question MUST be answered, not how eset do it, but if a file allready scanned will be rescaned after an av update...
Please answer this. If it's not rescanned, then it's a bug and the file cache must be flushed after an update.

Regards,

shaman

i'd like to know the answer to this question too, and i'm sure it can be answered without giving away any top secrets!

thanks, Lee

{QUOTE-> ...not how eset do it, but if a file allready scanned will be rescaned after an av update... <-QUOTE}Hi Marcos,
I must admit that I'm also more than just a little curious about this question but IMHO please don't answer it if you would prefer not to. However you guys at ESET have got this sorted I'm fine with it.....But it is an interesting question and one that I've been asked by other already outside this forum when I mentioned to people the Optomise Scanning feature.

I payed for NOD32, my question about security must be answered, even if marcos prefere not to. Imagine a computer never rebooted (server for instance), that could lead to enormous security flaws.

Please answer.

Shaman

I don't think that asking Marcos how feature works at a high level is out of line, but he does not have to tell you the specifics of it.

That's information you don't need to know and no company is going to give you the details. Doesn't matter if you paid for it or not. Might as well ask MS to give up source code on Longhorn because you're going to buy it.

If I remember correctly, on another thread, he stated that 2.5 does not use ADS, so my guess is that it's some sort of checksum table so it only scans new and modified files.

Please read or understand the question before speaking. I'm asking if after an av update the files allready scanned are rescanned. If they are not, imagine this :
On a server a new virus lands. The av scans it but don't see it's virus. Next the update occures, and it contains virus definition. If the file is never rescanned the virus stayes forever on the computer !!!
So u say i cannot ask if NOD will protect me from virus , i don't need to know such info ??? Are you silly or what ? I don't ask how they manage to have the cache working !
So please answer.

Shaman

To all concerned.

I can verify that after an update, AMON and/or the On Demand Scanner will detect the file even it has not been previously detected (I have a few hundred samples previously submitted using the Beta and have recently been added).

{QUOTE-> Please read or understand the question before speaking. I'm asking if after an av update the files allready scanned are rescanned. If they are not, imagine this :
On a server a new virus lands. The av scans it but don't see it's virus. Next the update occures, and it contains virus definition. If the file is never rescanned the virus stayes forever on the computer !!!
So u say i cannot ask if NOD will protect me from virus , i don't need to know such info ??? Are you silly or what ? I don't ask how they manage to have the cache working !
So please answer.

Shaman <-QUOTE}

Hello,

Check your NOD32 Scheduled Tasks, if this task is not visible enable displaying of System tasks.
After an update NOD32 rescans all commonly used files.
So no worry :) I think anyway that this "stuck-in virus" thing is a so trivial issue that Eset couldn't have missed it :)

Regards,
SA

{QUOTE-> Hello,

Check your NOD32 Scheduled Tasks, if this task is not visible enable displaying of System tasks.
After an update NOD32 rescans all commonly used files.
So no worry :) I think anyway that this "stuck-in virus" thing is a so trivial issue that Eset couldn't have missed it :)

Regards,
SA <-QUOTE}

Hello!

If this is true, there is a hole. If virus signature is updated
in 24 hours. Next scan will be after 24 hours if the virus signature is updated.

This is case on my computer.
Task 'System startup file check (commonly used files)' didn't start yesterday after virus signature update(9.4.2005 15:56:54). Last run was 9.4.2005 0:18:40. The next run 'System startup file check (commonly used files)' will be at next virus signature update if I understand this correct.

Time Module Event User
9.4.2005 0:18:39 Kernel The virus signature database has been successfully updated to version 1.1050 (20050408).
Time Module Event User
9.4.2005 15:56:54 Kernel The virus signature database has been successfully updated to version 1.1051 (20050409).

Where is log file in 'NOD32 Scanner logs' for 'System startup file check (commonly used files)'?

Best regards,

izi

I think Optimize scanning should be done with the help an additional software (file checkers), some thing like `Kaspersky's AVP Inspector' or an application like `ADinf' and regular scannings is essential also....

What if someone untick System startup file check (for common used files & files run after user logon). How will this impact on Optimize scanning? Will AMON re-scan files?


Best regards,

izi

After today's update 'System startup file check (commonly used files)' task start and scan commonly used files.

So is necessary to enable that task in order to work the optimization?

{QUOTE-> So is necessary to enable that task in order to work the optimization? <-QUOTE}

I don't know, it's secret.::) Look post: http://www.wilderssecurity.com/showpost.php?p=426188&postcount=2

{QUOTE-> So is necessary to enable that task in order to work the optimization? <-QUOTE}

The task is scheduled to occur after the successful update of the virus signature database - no task scheduled, no system check - and the last column of the task (in the Scheduler/Planner) specifies when it was last run, so it is easy to check whether it has been run after the last virus database update. For example, my last virus signature database update occurred at 10/04/2005 12:16:45 and the system check was run at 10/04/2005 12:16:51

Works just fine :)

Sure it works, but i talk about optimization. I think that is better someone to clarify what we have to do (step by step) in order to work the optimization. Automatically updates (IMON) is the only schedule that i have in my NOD.

I second this post. Please clarify (Eset) if we are fully protected with optimization enabled or not. If not, correct it.
My gess is if nonody from eset responds to such a simple question is that the response is bad.

Im sure we will have the answer soon. Eset's responce is always very fast.

It looks like the files ARE NOT rescanned after an update.
NOD updated and the files scaned in amon (about 1800) before update do not increase as it should. So this is a BIG security issue.

I suppose it is better to leave the "Optimize scanning" feature disabled if one wants to keep the system safe from any supposed hidden/lurking trojans or worms?

I think is impossible noone in Eset havent thought about these issues. I think is better to wait for their answer.

{QUOTE-> It looks like the files ARE NOT rescanned after an update.
NOD updated and the files scaned in amon (about 1800) before update do not increase as it should. So this is a BIG security issue. <-QUOTE}
Hi Shaman_fr:

You are assuming that AMON is scanning the files. Since it is an internal task to NOD32, then the AMON number would not increase.

Think about the logic. If one runs an On Demand scan, should the number of files scanned in AMON increase by the same number scanned? No. It is a separate task, just like the System startup file check - Independent of each other. That would be pulling double duty. Not a wise programming choice.

Does the System startup file check pop up an AMON window? No, it opens its own.

Maybe this screenshot will help.

Hi,

I'm only speaking of AMON, not tasks. I don't care if tasks are executed again or not. I just want that after an update, if AMON missed a virus on a file access before the update, next time i access the file it catches the virus. A fully normal behavior for an AV...

Shaman

Looking at the task scheduler, it seems to me you just remove the "at most every 24 hours" part, so it will be executed after every update.

I think its just a protection versus resources used decission to set the scan at maximum once per 24 hours.

You did not unsderstand anything to the discution. ;)

AMON certainly rescans a particular file after it's been changed, the virus signature database has been updated, if AMON's settings have been changed or an application has attempted to access the file in write mode.

{QUOTE-> You did not unsderstand anything to the discution. ;) <-QUOTE}

Thanks.

Next time, please tell me what I didn't understand.

Thanks for the clarification Marcos.

{QUOTE-> AMON certainly rescans a particular file after it's been changed, the virus signature database has been updated, if AMON's settings have been changed or an application has attempted to access the file in write mode. <-QUOTE}
Thank you also. It's great to get the confirmation that ESET are much more inteligent than some would give them credit for.