v4 or v5?

[chrcol]

which is better to use at the moment, obviously I want it stable.

my license expired a while back * but I have decided to switch back as I think overall nod32 is faster *.

This time got a 2 year license. whilst waiting for the code to be emailed to me I need to decide which to use

win7 64bit is the OS.

I do have an external hdd been used via usb.

[Cudni]

Go for the latest version and see for yourself how well it works. Any issues, further questions, etc with it please post if needed.

[chrcol]

well you would say that as you want as many to use as possible, shame no end users replied yet.

Well I installed v5 and found a bug already and to me its a bad one.

I went to the eicar website to do some tests and noticed no alerts coming up (imported my old nod32 settings which should prompt for any alert).

Went to the nod32 advanced settings for web protection and cleaning was set to the middle option so I moved it the left for no cleaning and selected ok.

Tried again no prompt.

Went back to the options and its back to the middle again ??
Checked email and thats also in the middle, selected both again to no cleaning and ok, but going back in the options they back on the middle option.

I dont want detections silently cleaned.

Also eicar.com.txt isnt been detected at all.

I found the reason.

it seems in v5 the file extensions set under real time file protection overides those set in web access protection in v4 its the other way round.

[Cudni]

You are the end user and ultimately the one who decides what to run. Might as well try and see what works best for you irrespective of what others say

[chrcol]

ok do you have any interest in fixing this issue I just reported?

if not I will go to v4.

surely the web protection should scan the extensions configured in that part of the settings.

[chrcol]

ok I did some testing with v4 also.

The bug seems to be if archive is left on automatic setting then web protection cannot be set to prompt.

When I manually configured the archive scan size I was then able to set no cleaning.

The extensions thing is a red herring as the eicar http links all seems dead and nod32's https scanning isnt working which meant that testing was a bit off, I moved all the eicar files to my own webspace and on http scanning they work. Although on both v4 and v5 https doesnt seem to work well. So now I am back on v5 and will see how it goes from now.

Also the log all files option what is it supposed to do? as I dont see all scanned files logged just one's that have an infection.

[rcdailey]

Quote:

Originally Posted by chrcol

ok I did some testing with v4 also.

The bug seems to be if archive is left on automatic setting then web protection cannot be set to prompt.

When I manually configured the archive scan size I was then able to set no cleaning.

The extensions thing is a red herring as the eicar http links all seems dead and nod32's https scanning isnt working which meant that testing was a bit off, I moved all the eicar files to my own webspace and on http scanning they work. Although on both v4 and v5 https doesnt seem to work well. So now I am back on v5 and will see how it goes from now.

Also the log all files option what is it supposed to do? as I dont see all scanned files logged just one's that have an infection.

I'm running NOD32 v. 5.0.95.0 on an old Dell with XP SP3. I went to eicar.org and got the text line from the site and pasted it to a notepad file and saved it as eicar.com. NOD32 immediately identified it as an infection and quarantined it. I don't have any special settings for the web so that may be why it works for me.

The scanner logs should be visible if you go to the "log files" and select the ones you want to view. If you have never done a scan, then there won't be any log files. Run a scan (smart scan will do) and a log file will be created. If you want the software to do regular full scans, you'll have to set up schedule. I don't have mine scheduled. I just do it occasionally. I have other software doing daily scans.

[chrcol]

yeah I know now why eicar http downloads werent working however I can verify the bug with having to manually configure the archive setting to get the cleaning setting to work.

I expect the bug isnt noticeable or even an issue on the default settings hence you and others not finding it an issue.

so basically there is no logs for web and real time scanning only for manual scans?

also do the https scans work for you? by that I dont mean it been detected on the real time file scanning but during transmit over https.

[rcdailey]

Quote:

Originally Posted by chrcol

yeah I know now why eicar http downloads werent working however I can verify the bug with having to manually configure the archive setting to get the cleaning setting to work.

I expect the bug isnt noticeable or even an issue on the default settings hence you and others not finding it an issue.

so basically there is no logs for web and real time scanning only for manual scans?

also do the https scans work for you? by that I dont mean it been detected on the real time file scanning but during transmit over https.

I don't have SSL enabled. It doesn't work with Thunderbird so I don't use it and if you don't have SSL enabled, then scanning of https probably isn't working, either. I had not thought about that, in fact, so maybe I will check the setup and try enabling SSL.

OK, coming back after trying scanning SSL "always" and found I could not go to gmail.com due to the a certificate issue when using Firefox 12, and I found the same certificate issue with Thunderbird 12. Now, it is a fact that the certificate I had on file for gmail was already out of date, but there is no newer certificate, apparently, from Google. Anyway, turning off SSL scanning again got rid of that issue. Oh, and I did delete the out-of-date certificate for the security device from the list in Thunderbird so that it would not exist.

There is an interaction between NOD32 and Firefox, for sure, when it comes to websites and SSL, so if the certificate is out-of-date and you have SSL scanning enabled, there will be a problem going to the website and there will be a popup from Firefox so that you will know that there is an issue with the certificate. I believe that this is the way it is supposed to work if a certificate is out-of-date. Anyway, you won't get a blank page, so there should not be a mystery. It's up to the user to decide whether to have SSL scanning enabled, I think. I will leave it disabled for now, because I need to use gmail.

Added: Just for good measure, I tried accessing gmail.com using Google Chrome as the browser and with SSL enabled in Eset NOD32. That gave me a page from Google explaining a conflict with Eset and how to fix it: Do not scan SSL protocol

Google should get their act together, but they are too big to fail, I guess.

[siljaline]

There was a similar conversation in this thread recently. Perhaps you may be able to decide based on statements made there.

Cudni has a point, it boils down to what you are comfortable with and what works best for your in your environment.

[chrcol]

The way I see it http (including https) and email are the 2 most important things to scan meaning https scanning should be higher priority than eg. real time file scanning.

Also it seems to me a major problem that the http scanning options dont even work properly and there is hardly any interest in it here. I am planning to test the email scanning today to see if that suffers the same issue.

nod32 tech support's answer was to simply revert to default settings so they completely side stepped the issue.

also refusing to load a page because a ssl cert is out of date is impractical, a out of date ssl cert doesnt make a page insecure. not to mention google's certs arent even out of date anyway. turning of your https scanning fixed nothing, you simply disabled a function so you no longer scanning https traffic only the file after it reaches your hdd.

The results I expect to see when I test default settings is everything will be scanned and 'appear' to be normal but the http scanning to actually not work and all be picked up by the file scanning.

[Marcos]

Quote:

Originally Posted by chrcol

Also it seems to me a major problem that the http scanning options dont even work properly.

Please be more specific as to what problem with SLL you mean. Do you have problems scanning eicar with IE or Opera? If you use another browser, note that Mozilla refuses CA with self-signed certificates and Chrome must be run with the "--disable-ssl-false-start" switch when SSL scanning is enabled.

[rcdailey]

Quote:

Originally Posted by Marcos

Please be more specific as to what problem with SLL you mean. Do you have problems scanning eicar with IE or Opera? If you use another browser, note that Mozilla refuses CA with self-signed certificates and Chrome must be run with the "--disable-ssl-false-start" switch when SSL scanning is enabled.

To me, that is a reason to not have SSL scanning enabled. Who wants to micro-manage Chrome? It's supposed to be a browser for dummies. I mostly use Firefox, so I'm not quite so concerned about Chrome.