Dirty Boy site Testing for NOD32 4 Beta

Inspired for some testing NOD32 4 Beta.I am No expert Here but here it goes.First I fired up shadow Defender.Then I found a nice dirty women for dirty boys site.First I try the link and NOD blocked the site as it should followed message suspicious/malicious content behind the seens.So I disabled Nod32 completly.I open the link for video I need to download a new version of active X this site was already in the red zone from Web of trust so I pretty much new with the active X I landed in the a good spot for testing.I let the download go but windows defender flaged it and blocked it so I ignored it to let on board.here is my results.these files where placed in user/appdata local temp. qpgiqmsi.1exe and qpgiqmsi3.exe.Now file1. exe uploaded to Virustotal here is the results of detection (1)Avira TR/rookit Gen. (2)Microsoft.TR/win32/cinject Gen!B (3).Nod32 win32/Agent.omz (4) Prevx 1 V2 Malicious Software (5) Secureweb Gateway total of 5 scanners. File3.exe (1) NOD32 (2) PCTools total of 2 scanners. Continue On Demad scan of NOD32 results.

 

Continue, However Nod32 looks Effective there still remains this that was placed in my favorites Run virus scan so I did and it lead to this.We all should now what this is by now.

 

Lets Keep in Mind that everything From Nod32 was shut Down entirely.So I depended on the OD scan which still picked up most of it that I can see.However it had missed the rogue this was placed in my favorites.Conclusion While Eset is actively protection is on its very Effective IMHO.Nothing was allowed Access Denied. PS also Nod32 was the only scanner ON VT to catch both the 1exe and 3exe. all the other scanners mentioned above from VT caught 1 of 2 of this file.

 

Re Test.Shut down NOD32 Back to dirty site Download active X Dam forgot about windows defender ignore again.Antivirus run in favorites once again. turn Nod back on and execute rogue virus run new results Eset detection.Seems it does detect execution of the rogue upon install but remains in favorite.

 

Final Test Web Access protection off.detection on execution and quarantine.

 

That's great to see 'cause I don't use web access protection and only relie on real-time protection.

 

The real-time protection uses less sensitive heuristics than the web protection so we don't recommend keeping it disabled.

 

Yes, thanks for the heads up Marcos, but everything works so mutch smoother with web access protection disabled, that's why I like it that way.
Just for example: sometimes when downloading PDF files it takes forever with web access protection turned on and I don't have the time, or will, to exclude every safe site from scanning in order to be able to download something.
This is my choice and even though I may be "at risk" by doing so I'm rational enough to know what to download and which sites to stay away from (most of the time ).

So far I've managed to stay malware free, even with these settings.

Cheers!

 

Couldn't it be that you have the application or browser set to use active mode when files are first downloaded completely, scanned and just after that passed to the application/browser?

 

Hmm...maybe, I'll check it out and do some testing

 

Thanks waterfox.My Un expert testing with web access protection on and off IMO NOD is strong with or without it as well but I would seroiusly have to agree with marco's with web access protection on. I couldn't Access the tainted site,with it on in the first place my access was denied to that site and there for protected from a drivebys and other nastie criiters.IMO its being stopped at the gate so to speak.Now on my machine there is very little difference on the web performance browsing with web access on or off.However the effectiveness of its protection on is much greater then off.PS I have my browser set Active Mode Nod is maxed out on all security settings Blackspear settings.No experienced problems but I use IE7 on Vista with UAC on.

 

Just and update testing Nod32 and re summitiing to VT know there was the only 2 yesterday with one of the files know there is 4 F-Secure and Kaspersky total of 4 scanners know.

 

Is that for performance reasons? Just wondering because if the real-time protection was made to use the same level of protection then it wouldn't matter so much if you had the web access protection disabled which is what you have to do if you want proper control over your firewall (unless you have Vista).

 

Hey DJohn,

Thanks for posting the results man and keep them coming!

I am a Systems/Server Administrator and work for a state agency.. I setup the school I was IT Director at for three years on Eset NOD32 with remote administrator..

Now I have got the department off of Symantec, and over to the new NOD32 V3 and Remote Administrator..

*Caught some nasty stuff in some peoples shares that Symantec had missed*

It really is so nice man.. NOD32 makes my life at work easier.. Their console gives me users MAC Addresses, IPs, I can assign them in groups, import users/groups from the LDAP of AD..

Today for instance one of my Tier 2 Technicians plugged in a Thumb Drive that had that Autorun.inf worm variant on it, and NOD32 was like "no thanks" and I got an alert through my blackberry..

By the ALL my servers are running ESET NOD32...

We are talking about

NT Domain Controllers PDC/BDC

Windows 2000 Server

Windows 2003 Server

Windows 2008 Server 64bit

I really can't express how happy I am right now with ESET products, and the ease of manability.. Thanks for donig some testing with Beta 4, and please for my sake report every little bug or thing it misses to them so it makes my life easier!

Best Wishes,

 

Hey thanks for the kind words,Glad to here Eset is working out for ya,Same feeling here as well.Nod32 has excellent heuristics with minimal False positives and low resource usage allowing a user to still manager his/her daily task will providing very good protection.You can be sure any bugs I find I will report it.cheers and happy holidays.

 

You too man..

I have also started to test Version 4 Beta on my home machine, and plan on putting up a Virtual Environment to test Remote Admin V4, V4 Business Client. It is so nice to be able to run AV on all my Server Environment here at work on our Netware, Linux, BSD, or Windows boxes... Even our Squid..

Plus we are going down the route of Windows Mobile Phones, and leaving the Blackberry world.. It's nice to see Eset going down that route too..

I got into Eset NOD32 years ago because I sold/used Symantec products on Servers, and Desktops.. So many times I had machines coming back with adware, and viri on them.. I woulds can folders (C:\windows\system32) over, and over, and over looking at a file named 1209182309.exe that I knew was a virus.. symantec would come back saying 0 files found infected..

So after hours of research it came down to kaspersky or eset.. I chose eset because I liked the interface, module GUI (Amon,emon,imon,dmon) and the detection rate.. It found those files, and cleaned it..

So I purchased it, uninstalled symantec, and started cleaning drives with it.. Ever since I used it, and I am happy to say that another Department other than mine has chosen to adopt Eset NOD32 at the same time I got mine to adopt to it..

I will also report to this thread if I find any bugs..

BTW I love the sysinspector module thrown into V4..