Best configuration for V4?

What is the best configuration for full V4 AV?
I want the best security setup (Advanced Heuristic) but also want it to be as light as version 2.7 was.

My beta time with V4 was horrid, with AH turned on the system was extremely sluggish when opening new files or browsing files etc, that being said to a 4GB Dual Core 3.2 Ghz Core2Duo.

So now, I know that V4 has about 3 Places where I can tick AH on (for RealTime scan), so I know that I don't want it everywhere. That being said, what is the most logical and most economical place to turn on Advanced Heuristic.

 

wait for blackspear to post his guide.

 

V4's default settings are actually pretty perfect. (assuming you completely uninstalled the old version before updating so the default settings would be applied)

 

What exactly does the Advanced Heuristics do that makes opening/browsing files slow? Is it the feature that executes a file in a protected virtual environment to look for malicious pattern(s)?

 

Yes, the slowdown isn't really noticeable on today's computers. If a slowdown is noted it's usually a problem with a file on the system that AH doesn't like, but this is fixable when the file is found and reported.

 

Have a look in the help files !

IMO, Adv heur is usually not necessary in real time protection and it will, for sure, slow down your pc.

 

Understood, but wasn't such a case in 2.7...in terms of performance.

Reason why I want RT protection with AH is:
What if I open a file given to me on a DVD?
That's when RT kicks in.
What if the download was encrypted and not seen by the web scanner, only when I double click on the file, does it unpack and infect....that's when RT kicks in...etc.
So yeah for today's fast mutating/polymorphic viruses AH in RT.

 

In 2.7 AH was not used in real-time.

Which is why it's off by default.

 

All that the help file says is that it is a unique heuristic algorithm that significantly increases the detection capabilities of ESET. It doesn't say whether it emulates a file or not.

 

"What's new (in v4) ?

Smarter Scanner — Threats don't always enter your network in ways you expect. ESET NOD32 Antivirus inspects SSL-encrypted communication channels like HTTPS and POP3S and intelligently scans compressed files to find hidden threats other products miss. Proactive protection begins at the earliest point in system startup to ensure your computer is always secure.

Removable Media Security — Threats can enter your PC from removable media such as USB thumb drives. For self-running media, ESET NOD32 Antivirus scans autorun.inf and associated files when the medium is inserted, in addition to scanning any file on any removable device when it is accessed, or during a full-scan of the media. Power users can adjust ESET NOD32 Antivirus to perform additional levels of scanning on removable media.
"
and more..... http://www.eset.com/products/nod32.php

About AH, have a look in v3 BlackSpear tutorial here (post no 48 and more...)

AH is for special case not real time. More, if "Optimized scanning" (in advanced setup at bottom of the windows) is enabled, known clean files are not scan again and again, by AH or not, unless being changed by user or...

In english user guide for v4, you can read...

"4.1.1.1.3 Checking of newly created files
The probability of infection in newly‑created files is comparatively higher than in existing files. This is why the program checks these files with additional scanning parameters. Along with common signature‑based scanning methods, advanced heuristics are used, which greatly improves detection rates. In addition to newly‑created files, scanning is also performed on self‑extracting files (SFX) and runtime packers (internally compressed executable files)."


In french canadian version, they say much more... (automatic translation from french to english) => By default, archives are analysed up to the tenth level of interlocking and proved independently of their real size.

To conclude, take time to read the user's guide, you will find answer to some of your questions or concerns there. Just do a search in the guide with the words "advanced heuristic".

 

yes AH emulates the files

"4. What is ThreatSense® and how does it work?

ThreatSense is ESET's award-winning scanning engine. It combines multiple layers of detection technologies to ensure new and known threats are detected with high degree of accuracy and low false positive rates.

ThreatSense uses traditional and generic signatures to detect known threats and their variants. Passive heuristics finds patterns that indicate the presence of a malicious application. For applications that use encryption or compression to hide their true intentions, active heuristics employs emulation/sandboxing technologies to run the application in an isolated environment, then intelligently weigh a variety of observed behaviors to determine whether the application in question is malicious.

These layers of detection capabilities allow ThreatSense to proactively stop variants of known threats and even new threats well before other products realize they exist."

http://www.eset.com/media/faq.php

 

I think the world would be 1 notch dumber without people like you piranha

 

Hmm... I only read the help file, which clearly did not state that.

 

there are many good infos and documentations in the web site too

 

Similar to version 3, default settings should be fine for the average user. Adjust other settings accordingly to your needs if you feel.

Similar to version 3, it won't be as light as 2.7. RAM usage is approx 40 megs with v4.