Consensus on all files extensions?

Mele20 recommends setting Amon to scan "all files", while I was under the strong impression that it really didn't afford much (any) better security. Mele20 referenced this thread:

https://www.wilderssecurity.com/showthread.php?t=37509

I realize now that a lot of folks here agree with Mele20 - and that's cool - but I want to get a sense if this was debatable. I'm also interested in hearing what the Eset folks currently believe is best practice.

Another point is that there may be some middle ground - extensions worth scanning beyond the default settings, but short of "all files".

Thanks in advance for any input.

 

I'm sort of a NOD32 newbie, I suppose, but I don't really believe in the need for scanning all files in AMON either. Yes, I have my on-demand scanner configured for scanning everything, but I only want my resident scanner checking executables. I don't really see the point in doing otherwise.

 

Hi,
I think that scan all files is important. There're some proof-of-concepts that use for example .bmp files, etc. If AMON is configured to scan all extensions, AMON will detect those. Of course that are only proof-of-concept and aren't ITW, however in the future can appear more viruses of such type.

 

For my clients I want the maximum strength scan possible, rather be over cautious than under cautious. I prefer defence at arms length than up close and personal, even if it took another 10min to do a scan using "All Files" then I would do it for my customers and myself. If they want to play with the settings after this, then that's fine, I could tell you though, I bet 99.9% of them will leave the settings as they are

Cheers

 

There are cases when the resident scanner MUST NOT scan all files for the system to work properly (e.g. on Exchange servers, files with the edb and tmp extensions MUST be excluded from scanning if AMON is set to scan all files. This does not go only for NOD32 but also other AV programs)

 

Hi Blackspear

I agree with you about being willing to sacrifice a modest amount of scan speed for added security. My concern (maybe too strong a word) is that scanning all file types is a bit like looking for my car keys in the unopened box of breakfast cereal in my cupboard; the chances are so exceedingly small that it really doesn't make any sense to bother.

Still looking to see if there is a majority position on this issue. In the meantime, I've switched to "all files" as an experiment.

Best regards,
- O

 

Rodzilla has said stated several times that he thinks NOD32 settings should all be set at maximum by default. I know he has said this here more than once and also said it to me privately. This was the only quote I could quickly find:

> Usability of the A/V (in this case) software is probably the biggest factor of all: an incorrectly or loosely configured installation is dangerous, and NOD32 IMO fails the test of usability and default installation settings (to be fair KAV 4.5, for instance, is worse in the usability stakes - not so KAV 5.0, though - but its default installation settings are more secure than NOD32's).

"OK ... I'll grant you that. I would prefer to see NOD32 set at "maximum everything" by default and advise the user of the slight decrease in scanning speed and the slight increase in the possibility of false positives and let him/her shift down a couple of gears if he/she wanted to."

https://www.wilderssecurity.com/showthread.php?t=29179&page=2&pp=25