Auto protect in nod32

Hi.. I have nod 32 v2.51.8 fully updated with zonealarm pro v6.1.744.. I have followed all the settings prescribed in this forum for nod32.. In order to test its auto protect capabilities i downloaded a virus using limewire (a p2p download client) but nod32 was not able to detect the virus !! When I scanned it manually the virus was detected as Win32/VB.D worm.. Now my question is, why wasn't the virus detected when I was downloading it or atleast when I just finished downloading it ?? Which component of nod32 handles p2p downloads (IMON, DMON, EMON, AMON) ??

 

AMON handles realtime disk checking. Best bet would be that file was compressed in SFX archive (which are checked only by IMON HTTP when downloaded from webapages or by context scan). Content should be detected on extraction.

 

Do yourself a favor and test with Eicar instead, it's alot safer.

 

May be you are right RejZoR, but the file was detected as virus while downloading in similiar way by norton antivirus 2006, bitdefender 9 build 9.5.. Now why can't nod32 detect it

 

I am using zonealarm pro 6.1.744 for firewall. Which is the antivirus that gives the best security combination? Please help !!

 

Didn't you say that NOD32 did detect it when you checked?
p2p uses multiple seperate connections to download a file in parts and then re-assembles the file later. Since IMON has no way of knowing all the connections are parts of the same file or even how the parts go back together, it is entirely possible that IMON would be none the wiser. That said, IMON only checks pop3 and http traffic so any other data streams are not checked by it. (I think limewire uses some udp streams in addition to http doesn't it?)

AMON doesn't scan inside archives, it scans them on unpacking since they must be unpacked to run and if a threat is detected at this point it takes the appropriate action as you have selected - before you get infected.

Good advice from Brian N - use either eicar or runme.bat for testing regardless of whether NOD32 detects the file you've downloaded. Using live stuff for testing is like putting your hand on a rat trap just to see if it either a)goes off or b)if your heavy duty gloves save you from the sting.

Why don't you take a look at www.av-comparatives.org or www.virusbtn.com and compare the detection capabilities and track records for some of the products they independently review

Cheers

 

Your NOD32 version is old , I think.

The latest is 2.51.26

Remove your current version using Add/Remove programs in Control Panel and then after restart manually delete the ESET folder in C:\Program files

Download and install the latest NOD32 version from here:
http://www.eset.com/download/registered_software.php

Update NOD32

Configure AMON , EMON , DMON , IMON . Configure other settings
This may help:
https://www.wilderssecurity.com/showthread.php?p=266653#post266653

Learn more about NOD32's abilities:
http://www.eset.com/products/windows.php
http://www.eset.com/products/compare.php
http://www.eset.com/products/compare_heuristic_detection.php
http://www.eset.com/products/compare-NOD32-vs-competition.php

[MOVE] NOD32 [/MOVE]

Test AMON and IMON with EICAR test file here
http://www.eicar.org

Microsoft Protect your PC
http://www.microsoft.com/protect

Enjoy your day !

 

What would be gained by installing the newer version in terms of protection?

 

You must be joking , right ?!

kumarprabhatn's version is too old .

Q: What would be gained by installing the newer version in terms of protection?

A: Q: Why then ESET make new versions

 

Nothing in terms of protection are gained in the update. The newer version added a fix for updating through a proxy and unified the installer for 32 and 64 bit versions.
And with this new version one can install the new version "on top" of the old and preserve one's settings.
Please note Blackspear's and Marcus' post in the linked thread.
hey for 2.50 to 2.51 do I have to reinstall from scratch?

 

The point is that we should always keep our software and Windows updated and current . No matter what is fixed or not fixed . I still state that if there wasn't need of update/upgrade , ESET and other vendors wouldn't make new versions .

 

A newer version is made even if one string has changed in the Thai version. Of course, this "newer" version would not go to the web.

 

Needed program updates have always been supplied via the update process.

 

I agree with all.. But whats the bottom line !! Nod32 wasn't able to detect a virus transmitted through p2p while bitdefender 9 and even norton antivirus 2006 detected.. I m downloading the new version of nod32.. But will it make any good?? Any comments??

 

NOD32 does not scan files transmitted by P2P programs as each uses its own protocol for transferring files. If your P2P client supports an option to scan received files by an external scanners, you can set it the way that NOD32.exe, along with the desired parameters, is called whenever a file has been received. Otherwise AMON will check it on save to the disk, but this won't work if the file is an archive (in this case it'd be picked up upon extraction).

 

And here we see NOD's weakness in not scanning inside archives. I really hope an option to do this is integrated into NOD version 3.

 

Heh, NOD32 actually scans inside archives if you enable this option. What's the sense in scanning archives on the fly, rendering the computer unusable ?

 

Marcos, on the other hand i don't think it would slow down that much. At least not with NOD32. Using scan only archives smaller than XX MB could do the job pretty well. Though you need archive cleaning capability in the first place to have such feature...

 

It's actually a pain in the neck to unpack a relatively small archive with a lot of files inside. Also, there are small archives which grow to several GB after unpacking.

 

DeBombs?

 

What do you mean "ENABLE THIS OPTION" ?? I followed all the settings prescribed in this forum but it still did not auto detect.. Is there any other settings ? Please tell !!

 

YO yo yo everybody... Who says nod32 doesn't detect viruses in p2p downloads automatically ?After i started using the latest nod32, its detecting even if the virus is inside an archive !! Nod32 is the best !!
Thanks for all your help !!

 

Let everybody see it is absolutely necessary to ALWAYS use the latest version ! Yes ! The latest version is GREAT !!!

 

Thanks for posting back to let us all know your issue is resolved !!

Cheers

 

I'm using 2.50.25 I would expect the latest version to have no descernable increase in protection. As I'm sure I would have received program updates due to my licence being less than a year old.