Future Changes to EAV

Discussion in 'ESET NOD32 Antivirus' started by Blackspear, Jan 20, 2008.

  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I agree, the tray icon could play a better role. Red if something is found, as you said yellow or orange is a new release. Very good suggestion.:thumb:
     
  2. M_derator

    M_derator Registered Member

    Joined:
    May 3, 2009
    Posts:
    2
  3. birddogsc

    birddogsc Registered Member

    Joined:
    May 19, 2009
    Posts:
    4
    Minor tweak to Remote Admin.... Add a column for current/last username.
     
  4. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    in v4, a button to quit NOD32 as it has one in v2.7
     
  5. sasimmons

    sasimmons Registered Member

    Joined:
    Jun 1, 2009
    Posts:
    1
    Wake On LAN built into the Remote Administrator
     
  6. Trapster

    Trapster Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    13
    Location:
    Liverpool UK
    As well as some of the detailed additions I read which mostly look great; I would also like an:-

    'Automatically shutdown my computer' option adding which will give the user an option to automatically shutdown their computer immediately after completion of a scheduled or on demand scan where no infections are found. Acronis True Image Home 2009 and Auslogics Disc Defrag have similar functionality allowing the user to save some money on the ever increasing cost of electricity and be as enviromentally friendly as possible at the same time. If however a threat is found I'd like the system to remain on as an automatic shutdown might then further compromise system security. This will also give users an added confidence boost to go to their computer in the morning knowing because their system is switched off it means their system is clean!
     
  7. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    572
    Location:
    Bosnia
    Yep that would be good :thumb:
     
  8. Quitch

    Quitch Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    94
    Agreed, along with a Sleep alternative.
     
  9. LarryV

    LarryV Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    18
    I'd like for the configuration options on the client and those in the remote admim to match. Currently the configuration options in the 2 locations are in different orders, different headings, and even go by different names. It makes it unnecesarily difficult to reconcile the settings on the clients with those in remote admin. Too much guesswork involved.
     
  10. LarryV

    LarryV Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    18
    Allows tasks in Remote Administrator to be cancelled rather than having to delete a hung task so we don't lose the record of the task.
     
  11. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    better
    1. Anti-Stealth
    2. ESET SysInspector

    :)
     
  12. pinjoa

    pinjoa Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    74
    Location:
    Braga, Portugal
    give feedback after sending a file using "Submit suspicious files" form

    i already sent a lot of files and i don't if the lab received the files and if they are malware or not...
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Make sure that you follow the instructions for submitting samples.
     
  14. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    What about when submitting through the GUI? I can see in the client and RAS log that they are being submitted. When I do it that way I follow step 4 to give background info on where I found it, what it was doing in the registry, and link it to a VirusTotal analysis and yet I still have a folder of collected viruses and dropper applets that I have pulled out of user profiles that are still not detected, and some of these things are months old at this point.

    I guess some kind of automated feedback/tracking system so people can at least know if the sample was looked at and why a signature was/was not build for it would be useful.
     
  15. jedi_m

    jedi_m Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    93
    Location:
    Toronto, Canada
    That's correct, after 3 samples sended following the instructions and zero feedback or answers from ESET, I've got the feeling that nobody gives a damn. What should I do next time, if I will have a suspected or infected file?
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Please PM me the subject of the email as well as the email address you used for submitting the files to samples[at]eset.com.
     
  17. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    "nobody gives a damn" is a common attitude among ESET employees actually, whether it's dealing with your samples, your support, requesting features or asking general questions.
     
  18. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    SEAMONKEY PLUGIN REQUEST
    Although I realize that the market share of Mozilla Thunderbird likely is larger than the market share of Mozilla SeaMonkey suite (browser plus email), I would very much like NOD32 AV to have a Mozilla SeaMonkey plugin.

    Since Thunderbird and SeaMonkey email both use the MBox (many messages in a single file) format, and the Mork format for the *.msf files that index the MBox files
    [http://kb.mozillazine.org/Thunderbird_3.0_-_New_Features_and_Changes#MozStorage
    see also http://en.wikipedia.org/wiki/Mork_(file_format)],
    I would guess that a SeaMonkey plugin shouldn't be too difficult to write. That's a guess because I'm not a programmer.

    Later, Mork may be replaced by MozStorage in Thunderbird, and if that happens I would expect Mork to be replaced in SeaMonkey also.

    Even for pop3 (vice IMAP) email, a plugin has advantages, such as the ability to put a "Eset checked this" notice on Outgoing email. Comforting to the recipient, and extra advertising for Eset.

    Roger Folsom
     
    Last edited: Jul 3, 2009
  19. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    HELP FILE REQUEST
    The NOD32 AV 4.0.437 Help file --- at Contents, Dialog Windows, Antivirus Protection, Virus Scanner Setup, Objects --- statement about email scans should be modified to include the following italicized information:
    "Email
    "The program supports the following extensions: DBX (Outlook Express) and EML. It also supports MBox email files, such as those used by Mozilla Thunderbird and SeaMonkey."

    And that information should be in the User Guide also.

    The Background behind this request is in "Demand-Scans Of Thunderbird And Seamonkey Mbox Email Files," at https://www.wilderssecurity.com/showthread.php?t=243220
    particularly at the very end of post 2 by estbird.

    Roger Folsom
     
    Last edited: Jul 4, 2009
  20. dorgane

    dorgane Guest





    WHEN ?? version Nod32 version 15 ? in 2030 ?

    no in version 3, no in version 4....how many version for it ?

    thank you
     
  21. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    UNHIDE UPDATE PERMISSION DIALOG BOX

    In NOD32 v4.0.437, in the Entire Advanced Setup Tree, Update, Advanced update setup, Update mode tab, there is an option to "Ask before downloading update." (The minimum update size for which that option applies is 1kb; 0kb prevents the option from working. Apparently updates smaller than 1kb --- if that ever happens --- download and install automatically with no notice. I have no quarrel with that although it ought to be documented.)

    On my Win2kSp4 computer, I have checked that option. However, the option's yes/no dialog box, "Do you want to download files with the total size of nn.n kb" has two defects, the first one minor and the other two major:

    1) The dialog box's top band now simply says "Update." It ought to say "ESET Update" or some equivalent wording, lest a novice user fear that he may be downloading malware.

    2) That yes/no dialog box frequently hides behind other windows, for example Mozilla SeaMonkey browser or email. Therefore, the user doesn't know that NOD32 is asking for an update download permission until the user happens to close whatever window the dialog box is hiding behind.

    Instead, the box should work as I recall the NOD32 v2.7 update request did: always be obviously visible "in front of" all other open windows on the screen.

    3) If that yes/no dialog box has been hidden for a sufficiently long time (or has been ignored by the user who was not using the computer although the computer was turned on, in my case usually with a blanked monitor and stopped hard disk), clicking "yes" in that dialog box may not cause the download and installation to occur, I'd guess because Eset's server got tired of waiting for permission. The clues that the update download and installation did not occur are that the NOD32 system tray icon does not contain a rotating circle (it's stationary instead), and that no system tray message that the update was successfully installed ever appears.

    However, for some users those clues may be too subtle (they were too subtle for me until I realized them today).

    My suggestion is that the system tray icon ought to reinforce those two update failure clues by turning a different color, perhaps the same yellow-orange color that the main Window uses (if the user thinks to open it) to announce that the update failed.

    Roger Folsom
     
    Last edited: Jul 8, 2009
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Hello,
    thank you for noticing and reporting that. We'll do our best to fix both problems in the upcoming build.
     
  23. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    1) Option to inject notification in to HTTP stream when a connection is terminated. We use Nod32 on our terminal servers which can feed anywhere from 50-100 thin clients. We disable the global launch reference for egui.exe since all of that memory begins to add up and there isn't a good reason for users on these systems having access to the AV software by default. However, this creates a situation where if a threat is detected, it is silently terminated in the session. This is fine for file system activity, but if a webpage isn't loading that can be frustrating for the user. Injecting a message in to the HTTP stream right before the connection is terminated could give feedback in such a situation.

    If that isn't possible, an alternative and slimmed-down egui that only sits in the system tray and gives event notification popups would be useful.

    2) Ability to add custom detection rules based on SHA hash of a file. Quite frankly, I often find myself being able to find malicious executables in my environment days before the signatures get updated to detect them. Being able to push down my own detection rules would make me feel a lot less impotent sitting here waiting for you guys to sift through submissions.
     
  24. ron spencer

    ron spencer Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    9
    better scanning of NSIS installers...faster
     
  25. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    ADJUST USER GUIDE PAGE LAYOUTS FOR 100% PRINTING ON A4 AND LETTER PAPER

    The Eset NOD32 AV v4.0 User Guide (e.g. REV.20090520-005 and earlier) apparently is formatted so that it fits on A4 paper (used in Britain and probably elsewhere in Europe and other places), using a font size of 100%. To fit on U.S. "Letter size" paper, the font size must be reduced to about 93%, which makes the printed document difficult to read.

    Nevertheless, some very simple adjustments in each page's layout, without moving content from one page to another, could make the User Guide printable at 100% on both A4 and Letter size paper.

    A4 paper is 8.3 inches wide and 11.7 inches tall; Letter size paper is 8.5 inches wide and 11 inches long. The widths are similar; the big difference is length.

    1) Reduce the top margin on each page, to raise each page's content higher on the page. The most dramatic examples are the Contents pages 2 and 3, with content so low on the page that not only the bottom page numbers but also content are lost if the pages are printed on Letter paper at 100%.

    The top margin has plenty of room to be reduced, unless there is a large heading at the top of the page. These are "1. ESET NOD32 Antivirus 4," "2. Installation," "3. Beginner’s guide," "4. Work with ESET NOD32 Antivirus," "5. Advanced user," and "6. Glossary." But these headings could be lowered closer to the page's text, thereby making room to reduce the top margin.

    2) At the bottom of each page, move the page numbers higher (closer to the main text), so that they are not omitted when the page is printed on Letter paper at 100%.

    3) Less important (and not essential, given the small difference between paper width on A4 and Letter paper), center each page horizontally, if necessary using the A4 8.3 inch page width.
    Alternatively, assuming that even pages will be printed on the reverse side of odd pages, on odd numbered pages enlarge the left margin, thereby moving the page content to the right and making room for binder holes, and on even pages enlarge the right margin, thereby moving the page content to the left and again making room for binder holes.

    Roger Folsom

    P.S.: Many weeks ago I think I made similar suggestions in a different thread (or forum), but now I cannot find that post. In any case, this thread is where these suggestions belong.
     
    Last edited: Jul 23, 2009
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.