That little grey pop up scanning window (botton right of screen)

Does it LOG those scans somewhere?

 

It would be nice if someone from ESET would answer the above question - especially since I'm noticing now that certain websites (NON-porn) that I visit trigger off the monitor - and I don't know why. (It doesn't seem as though they should).

It would be VERY useful to be able to back-track that activity from a log so I can see what's up.

Would someone from ESET kindly provide some input here?

 

Hello everybody,

This is Eset calling...! The download popup window is shown only for applications set to active mode (Higher efficiency) in the HTTP scanner compatibility.

Alec gave a very good description (nice one Alec) further back in this thread, of why the download window appears on some occasions and not on others. But just to emphasise the point, I'll paraphrase some blurb from our Help files:

With IMON in passive mode, portions of a downloaded file are continuously passed on to the target application whilst IMON stores a temporary copy of each of the fragments. When the last fragment is detected, the whole file is scanned for viruses. If an infiltration is detected, a warning window appears and the connection with the particular server is terminated. A disadvantage of that is that the already downloaded portion of the file may already contain a fundamental portion of a malicious code. What's more, if the application repeatedly attempts to download infected file, it may use the already downloaded data and request only the rest of the file. In this case, IMON may not find anything suspicious in the remaining portion.

In active mode, IMON first downloads and scans the whole file and then passes it on to the target application. This procedure is safer because in the case of an infiltration, the application does not receive any portion of the downloaded file. A disadvantage is that the application receives all the data at once, therefore it cannot show the download status properly. Therefore, if the download lasts for more than 5 seconds, a small window showing the download progress pops up. Active mode is not suitable for certain types of data which requires a continual data flow (e.g. multimedia, streaming video/audio).

Bandicoot.

 

to answer a simple question?

DOES the IMON scanner - when in "active" mode - LOG any of the things that it's scanning?

Only if it FINDS something?

What?

If so, where's the log?

 

In the Virus log. Control Center--Logs--Virus Log.

Example:

Time Module Object Name Virus Action User Info

9/6/2004 0:23:01 AM IMON (edit) Win32/TrojanDownloader.QDown.L trojan connection terminated

8/28/2004 2:42:47 AM IMON (edit) Win32/TrojanDownloader.IstBar.NAD trojan connection terminated

8/23/2004 7:44:38 AM IMON (edit) Win32/SecondThought.C trojan connection terminated

8/23/2004 7:44:30 AM IMON (edit) Win32/TrojanDownloader.VB.DB trojan connection terminated

 

Time Module Object Name Virus Action User Info
9/14/2004 14:37:13

PM IMON archive http://www.eicar.org/download/eicarcom2.zip Eicar test file connection terminated 9/14/2004 14:37:07

PM IMON archive http://www.eicar.org/download/eicar_com.zip Eicar test file connection terminated

9/14/2004 14:36:58 PM IMON file http://www.eicar.org/download/eicar.com Eicar test file connection terminated