Future Changes to Nod32

Discussion in 'NOD32 version 2 Forum' started by Blackspear, Oct 1, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    The aim of this thread is to give feedback to ESET as to changes we would like to see in future upgrades of Nod32.

    Please be very specific so that your suggestion can be written in one line. After this go into DETAIL though remember to try and keep it in plain and simple terms. If it is too complex I will simply add: refer to post number XX. Basically, if I can't understand it, how can I write about it.

    If your suggestion has already been discussed in previous threads please post links to such, this may help further explain your case to ESET and others reading your suggestion.

    You are welcome to discuss the merits of each and every suggestion, just keep on topic, as there are other parts in the forum to discuss issues.

    A list will be maintained in this first post enabling people to easily see if their suggestion is already included.

    Cheers :D



    1. Change the word Quarantine to suit what its current function is; “Make Secure Copy for further Analysis”.

    2. Add “Submit to Eset” button, be this by Email or GUI.

    3. Add a Switch for Command line Scans.

    4. Set to "on" by default in all scans and profiles.

    5. Add a “Move” option.

    6. Option to delete Quarantine files after a set period is reached, i.e. after 30 days

    7. Add Detection

    8. Remove Detection

    9. Option to bulk submit files from quarantine with ThreatSense filtering still applied for samples ESET already have copies of.




    1. Add Clean (if cleanable) or Delete (if uncleanable) options.

    2. Add Quarantine.

    3. Enable by default when installing.

    4. If the installation is password protected, not require that password to START the protection! Only require it if the user wants to turn it off.

    5. Ability to disable AMON and turn it back on from the Tray Icon.

    6. Add option to have “Potentially Dangerous Applications”

    7. Drag and drop excluder.

    8. Option to create rules for blocking the creation, modification, execution etc. of *.pif, *.scr and other files, just like McAfee VSE 8.0i. Edit/Delete Message

    9. Add a hash (md5 or sha1) based exclusion list in addition to (or instead of) the current path based exclusion function. Further details: MD5 based exclusion lists

    10. Show entire path to a file, and not just the file name.



    NOD32 Scanner

    1. Add check-box to “My Profile” that would use “My Profile” settings for all Profiles and all Scans and all file types.

    2. Option to exclude files and folders and make it a simple function to do so.

    3. Add silent Scheduled tasks for cleaning.

    4. A Pause button to pause scanning.

    5. Delete worms or clean virus (which are running in memory) without restart or advise restart is required.

    6. Option to scan inside self extracting archives during On Demand Scan.

    7. Have one button to scan, at the end of a scan have the choice to use a clean button that follows the scan log to the problem areas and performs actions according to settings chosen within “My Profile”.

    8. Ability to use shortcuts while in Safe Mode

    9. Fix TAB order

    10. Rename Heuristic unknowns from “probably unknown new_Heur_PE” to Heuristic_TrojanDropper, Heuristic_BackDoor, Heuristic_Malware etc.

    11. Use Heuristic prefix, so you know what form the infection is found in i.e Trojan/ Win32/ or Worm/.

    12. Have a check box to allow only found infections to be displayed while scanning, or at the end of a scan have the option to click a button that would only show infected files, so NOD32 goes back through the log and relists only those files. Further discussions HERE.

    13. Popup Window to advise scanning is required and click ok to start (every 7 days), that can be switched off through options.

    14. Popup bubble saying a scheduled scan is about to start.

    15. Autoclose the scanner if nothing has been found, but leave it open when an infection has been found.

    16. Ability to Scan/Clean on re-boot (boot-time scan)

    17. Locked files = be able to right click and select "These files are OK, hide untill changed".

    18. Highlight NEW locked files - flash them - or make them more visible in some other way.

    19. Ability to stretch the running scan log, to make it easier view the entire root directory of some files.

    20. An option similar to Kaspersky's "Scan new and changed Files only"

    21. Change "Leave" to "Leave - upon next reboot the file will be deleted"

    22. Option to play sound when virus found.

    23. Display an 'estimated time to completion of scan' in progress.

    24. Display information about a scheduled scan in progress, with option to pause/stop - see HERE




    1. Add version information resource structures to all executables and dlls.

    2. Add service description field for nod32krn Windows service.

    3. See post number 17.

    4. Option to disable the System Restore before starting an on-demand scan.

    5. Control Centre and Remote Administration interface to be an MMC snap-in.

    6. Add an option to disable GUI skin and use the default shell style, if the CC is not going to be a MMC snap-in.

    7. A flag readable by WMI/VBScript/whatever that will provide the status of the system (Idle/WAITING FOR RESTART/etc).

    8. NOD32/AMON - Ability to programmatically initiate an update from the client end.

    9. Simplify deleting old programs from IMON HTTP list.

    10. Add scanning of Alternate Data Streams.

    11. Nod32 for linux file server: have it properly handle (ignore) symbolic links to avoid possible recursive scanning. See post number 130.

    12. Change default http update port to be other than Sharepoint Admin port, ie 8032.

    13. Have clients check that what is at the other end of the port is not NOD32 update and report that rather than crash.

    14. Consider an additional detection group (or as an extension to PDA?) for software that can only have an illegal purposes eg. keygen, crack etc.

    15. Log entries in the Windows event log in addition to its own closed log files.



    Remote Admin

    1. Ability to automatically deny download, and advise of such in logs.

    2. UNIQUE identifier for all machines, preferably something like MAC address.

    3. Engine (component) version number available through the RA console, not just def versions.

    4. Ability to pull user configuration info (i.e. the contents of the Information tab) remotely.

    5. Ability to choose a config file when you highlight PC’s to run a scan on.

    6. Have the resolution or button pressed by the user as part of the notification message to the sysadmins.

    7. Ability to configure more than one mirror site, with fallback to choice of mirror sites.

    8. The ability to COPY a profile from one config file to another.

    9. Three default profiles available in the source XML file.

    10. Have the entire configuration written to the XML file by default.

    11. IMON listed as Running or Stopped like AMON.

    12. Fix lack of information about the action taken by IMON on Clients part.

    13. Anytime ANYTHING in the XML file is changed, update the mirror files, see post number 85.

    14. More comprehensive RA screen - make more detail available, though not necessarily on by default.

    15. Ability to let Admin adjust how far out of date a machine has to be before the system tray icon turns red.

    16. Adjustable "your definitions are out of date - please update as soon as possible" message.

    17. Ability to reroute Quarantine submissions directly to the Administrator for investigation instead of them going directly to Eset by the end user. This will also enable records to be kept.

    18. Ability to list clients by collapsable groups.

    19. Ability to change the name of a profile or copy an existing profile in the RA console, instead of having to recreate a new one every time

    20. A check box for "Replace all existing profiles with these profiles" so that old profiles are no longer kept in the client PC. I have a few machines (mostly test users) who have 5-10 profiles form various testing that we've done, when in actuality, there should only be two.

    21. A default set of profiles to match the ones that are already specified (Control Center - Local / Control Center - Diskettes, etc.). Should an admin have to create profiles that are already being referenced?

    22. Automatically change the Configuration ID when saving the XML file, so that if forgotten, the changes will still apply to the clients.

    23. View the NOD32 program version of clients. Ideally - the ability to view everything that appears in the System Information page of the NOD32 control center.

    24. View the update status of the client - i.e. whether the workstation is waiting for a reboot after a major program component update.

    25. Implement a more user-friendly method of updating the license file for the remote administrator

    26. Ability to resize the scan log properties window - so that you're not scrolling forever when reviewing scans

    27. Ability to see usernames of who's currently logged into that workstation.

    28. License keys - remove confusion between this and username and password.

    29. Decrease left margin within "Reports" to allow for printing to standard size A4 paper.

    30. Develop/market a smaller enterprise type version for the booming home network business and market a 3-5 license SOHO version with an admin ultilty that makes administration easier...ie a remote admin console.

    31. Console should display which configuration is applied to a particular machine.

    32. Console to have a column for the last scan date like it does for last event etc.

    33. An xml file that sits on the local mirror and the client reads/syncs his configuration at every update to this configuration.

    34. The ability for a repeating task in the remote administrator.

    35. Some sort of "vault" that we can use to protect stuff that network admins NEED on the client PCs, while still allowing a highly aggressive scan on the clients? Maybe under a "So advanced, you'll get in trouble" button?

    36. Option for all ThreatSense.Net submissions (statistics and samples) to happen via the update path, even from client to RAS to RAS to RAS to ESET.

    37. Various suggestions HERE

    38. Further options for ThreatSense.NET that would allow clients to send such information to the update server then the update server forward this on to Eset.

    39. Display the major/minor version of nod as well as the virus signature version.

    40. Ability to add clients automatically to Groups based on
    o Active Directory Organisational Unit (Container)
    o IP address Range
    o Other criteria?

    Then depending on what group the client is added to, automatically apply a specific configuration task

    41. SNMP support or WMI interface so data (events, Viruses) can be entered from NOD into a Network Management System.

    42. Column wih name of config on every machine. - some machines have full internet access, some of them don't, so i could create „comps_with_full_net_19.09.2007.xml” and „comps_without_net_19.09.2007.xml, then modify something and create „comps_with_full_net_25.09.2007.xml” - send new config, and after few days I can easy see on which machines with full net config is not updated (just looking for config name on) and send it again.I think that it is very important – now when i am updated config i can't check if all comps updated (only manually one by one).

    43. There could be optionall column with procesor/RAM

    44. Ability to see usernames of who's currently logged into that workstation.

    45. Ability to add clients automatically to Groups based on Active Directory Organisational Unit (Container, group) or IP address Range?

    46. I would like to see option to send messages from RAC – to one machine, group of machines or manually selected? Something like Windows Messenger but based on NOD, since Windows Messenger does not work in Vista and can be turned off on WinXP.

    47. I see no way to modify group name or group description, if make an error, or i want to change group name - do I have to create new group??

    48. Scan during system scan (maybe additionally it could be ordered via RAC?) - Preboot Scan.

    49. Scan new and changed files only – so i could make full scan once a month, and new and changed files twice a week?

    50. Option for ThreatSense.NET that would allow clients to send information to the update server then the update server forward this on to Eset. - many of our people does not have full access to net, so thay have now way to send anything to ESET.

    51. Customizable NOD32 icon on systray, ideally it would be included into configuration file and send from RAC

    52. Visable Pause/Start/Stop buttons should be easily avalable from the main window during Admin designed scheduled scan times.



    Everything Else

    1. Use a profile to run a scheduled scan

    2. Excluding files and directories to be simplified, so that it accepts long names.

    3. “Boot CD” of Nod32.

    4. Online scanning facility.

    5. Nod32 “Control Center” GUI to be a single re-sizeable window with vertical split bar

    6. Rename Modules such as AMON to “Resident Scanner”, IMON to “Email and Internet Scanner”, DMON to Microsoft Office Document Scanner etc

    7. Online virus information database, including removal instructions.

    8. Ability to download latest update to removable media, for use in updating an existing installation of NOD on an infected computer. Must be simple, not technical.

    9. Ability to hide the system tray icon from view without affecting functionality of Nod32.

    10. Alert user when update has failed to download and mention the reason.

    11. Set Nod32 at Maximum everything out of the box – ALL Files, File Types, Scans etc.

    12. A “Reset to Default” button to put Nod32 back to complete maximum settings, as above.

    13. Add a Pause button in On-demand Scanner.

    14. Program Component Updates set to “Perform Update if available” by default.

    15. Include registration expiry information in System Information module.

    16. Ability to click through from Control Centre to Eset website for further information on virus detected.

    17. More ports added to IMON.

    18. Place Nod32 Updates in Start menu, All programs.

    19. Include IMAP scanning and secure IMAP – port 993

    20. A single configuration that would first use the mirror and then search for other available connections - similar to the choose server automatically function.

    21. A context menu in the tray icon to disable, restart and stop a module, make an Update.

    22. IMON to scan incoming Hotmail downloaded through POP3 accounts

    23. Ability to resume updates from where they were if you get disconnected while updating.

    24. Allow hovering over the system tray icon to show what modules are active and the current definitions.

    25. Option for a Preboot Scan.

    26. Ability to have “notify before downloading signature database update” and “perform program component upgrade if necessary” used at the same time.

    27. IMON – Add option to have “Potentially Dangerous Applications” scan incoming HTTP.

    28. Warning notice if a user tries to alter servers from “Choose Automatically”, that this is NOT advisable.

    29. When a module is disabled/turned off make it clear, as in colored “RED” and the word “OFF”

    30. Add Edit button so it is obvious how to edit a scheduled task.

    31. Log file summary listing all infections found.

    32. Some form of notification (change log) about updates of modules.

    33. IMON server exclusion wildcard. i.e. *.eset.com

    34. A temp-file location to be used when expanding archives.

    35. An administrator version geared to the small home network users who want to make sure their kids' computers were up-to-date and whether they had encountered viruses.

    36. Stop the popup window from accepting UN and PW. Instead advise that the UN and PW is incorrect and to please place it in Control Centre> Update> Setup.

    37. Add a "save and load button" or "import and export button" for Nod's configuration, to make it easier when Nod has to be reinstalled.

    38. Swap Setup and Actions around - clicking on setup and turning on all options, you currently have to go BACK to Actions to set the actions for the newly enabled types of scanned items.

    39. Ability to exclude specific URL addresses from the IMON HTTP Scanner.

    40. Option for IMON HTTP to have silent notification while in "Higher efficiency" mode, the same as it already does in "Higher compatibility" mode.

    41. Submit file window, text needs to wrap so you can see what is typed.

    42. A method of determining what files contain what viruses in Quarantine, allows a user to return a FP when fixed.

    43. Customizable Virus detection message from XMON.

    44. Font smoothing

    45. When running a scheduled scan if there is a scan scheduled for the same day, not to run, this will stop overlapping of scans.

    46. An Event Log entry showing the name of the file and whether the submission system was contacted and the results (i.e. a sample exists and will not be submitted).

    47. A popup balloon advising that a file has been submitted or not.

    48. An option to scan quarantine to see if the sample is added into the virus database.

    49. A popup balloon advising that a scheduled scan is in progress, and the ability to turn this feature off (silent scan).

    50. License expiry date displayed in the Nod32 Splash screen or Control Centre.

    51. Allow the specification of port for smtp mail notification - for example, mail.eset.com:10025. Include SMTP over SSL (standard port 465) for notifications.

    52. Improve functionality of Repair feature to bring it to the same standard as winsockfix or have 2nd button with this function.

    53. Trial Version - more detailed set of error messages to do with updating.

    54. Trial Version - the default set of servers for the trial version being LIMITED to choose automatically - with a comment in the drop-down that functionality is restricted in the trial, but not in the full version.

    55. Add a statistics/sent files log.

    56. Add a DVD/CD/USB/Floppy rescue - see http://www.wilderssecurity.com/showthread.php?t=127640

    57. Trial version to have a different color-scheme to the full version, say - blue - instead of green - it will the quickest way to tell between the two.

    58. When updating, NOD32 should display a different message when it cannot connect to the server or the server is overloaded.

    59. Change Update Notices etc

    60. A proper "Quit" function that shuts down all modules and the kernel service.

    61. Rollover help menu, when you place your cursor over a button it gives you explanation of the buttons function.

    62. Ability to customize the NOD32 email checked tag.

    63. Right-Click Tray Icon 'Toggle' for Compatibility Mode.

    64. Mail attachment blocking for email clients based on file extensions - see this thread

    65. HIPS (Host Intrusion Prevention System) module in future products.

    66. In the update module, add some metadata to every http get request to avoid as many proxy issues as possible.
    eg: http://<esetupdaserver>/update.ver?<current.time> and http://u26.eset.com/update.ver?1718

    67. Ability to right click the tray icon and quickly disable AMON or any other module.

    68. Remove the Username and Password entry fields from the installation process. Have the Username and Password entered after installation.

    69. Replace the Username and Password with a 30 digit numerical only entry, similar to that used by Microsoft.

    70. Ability to disable the daily definition update popups ONLY (not silent mode).

    71. Customizable nod32 icon on systray, say, showing a 'N' for instance.

    72. Allow customization of mail sending ports other than port 25 for notifications.

    73. Have available a PDF guide to additional settings.

    74. A variable to include the /UNIQUE/ Login-ID into emails sent by NOD32.

    75. A behavioral blocker like one in ZAP or part of KAV PDMs, CH, or Sana Security Safe Connect etc.

    76. Renew the same license so you do not have to change username and password.

    77. Make a "Quiet" mode that hides the successful update messages but shows all other error messages such as virus definitions out of date and incorrect username and password specified.

    78. Verify the checksum of the BIOS at startup and warn if it detects any changes.

    79. Catch attempts by applications to patch or flash the BIOS.


    Last edited: Sep 26, 2007
  2. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    1. The word Quarantine be changed to something to the effect of “Make a Secure copy to enable further analysis by Eset” Further discussion here and here. In its current form it is very misleading.

    2. A check box be added to “My Profile” that would say something to the effect of “Use My Profile” settings for all Profiles and Scans”. This will enable those (the average user) that want only one set of settings to have them.

    3. Add a “Quarantine Switch” to the command line.

    4. Have Quarantine set as default in all Profiles and Scans. Purely a safety factor.
  3. bsilva

    bsilva Registered Member

    Mar 24, 2004
    MA, USA
    1. I would like a move option also with the quaratine.
  4. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    1. Provide an Online scanning facility, rather than send someone to a competitor, it would be nice to say, go to www.nod32.com and click on "scan your computer". It would be a great public relations tool.

    2. Provide a “Boot CD” of Nod32, discussed here and here
  5. puff-m-d

    puff-m-d Registered Member

    Feb 13, 2002
    North Carolina, USA
    1. Have a "Submit to ESET" option from within Quarantine.
  6. Howard

    Howard Registered Member

    Sep 3, 2004
    Wales, UK
    Have a rational, intuitive procedure for excluding files and directories, one which simply accepts long names
  7. Proud User

    Proud User Registered Member

    Jun 19, 2003
    How about an active mode that doesn't crash? :D
  8. bsilva

    bsilva Registered Member

    Mar 24, 2004
    MA, USA
    If you have it set autmatically deny download, it should say it in the log for action taken. This is for Remote Admin
  9. rumpstah

    rumpstah Registered Member

    Mar 19, 2003
    Amon with an action of Clean (if cleanable) or Delete (if uncleanable).
  10. sir_carew

    sir_carew Registered Member

    Sep 2, 2003
    Santiago, Chile
    An option to exclude files and folder from NOD32 Scanner like in AMON.
  11. gkweb

    gkweb Expert Firewall Tester

    Aug 29, 2003
    FRANCE, Rouen (76)
    The possibility to submit to Eset a file (from the GUI, not by email).
  12. Alec

    Alec Registered Member

    Jun 8, 2004
    Dallas, TX
    Here are some of the things I would like to see (some are perhaps repeats of what others have said):
    1. AV Boot CD creation functionality.

    2. Integrated sample submission functionality (one-click for "possible new" heuristic detections).

    3. Persistent (between reboots/logins) window placement and sizing for nod32kui.exe "control center" GUI.

    4. Make nod32kui "control center" GUI a single, re-sizeable window with vertical splitter bar rather than current two window structure.

    5. [Nitpicky warning...] Make nod32kui "control center" GUI minimize toward taskbar tray icon area rather than to the left side of taskbar in the app area (e.g., note how Zone Alarm implements this)

    6. Add version information resource structures to all executables and dlls.

    7. Add service description field for nod32krn Windows service.

    8. Strongly consider a new module naming convention. AMON, IMON, EMON, DMON, etc. is confusing to newbies. Perhaps just have selections for "Resident Scanner", "POP3 Scanner", "HTTP Scanner" , "Office Script Scanner", "MAPI Scanner". POP3/MAPI naming might also be intimidating to newbies, but it would at least be more accurate.

    9. Authoritative online and/or offline virus information databse (when you get the time. Whew!)
    Last edited: Oct 1, 2004
  13. markpl

    markpl Guest

    The most annoying thing with NOD32 is sheduled scan. For example I'm watching movie on computer and nod32 sheduled scan is working in the background - there is no possibility to disable it without killing nod32 process.

    There should be _visible_ and _easy_ way to stop sheduled scan.
  14. sagittarius

    sagittarius Registered Member

    Apr 19, 2003
    Queensland, Australia
    Absolutely ... a must-have imho :D
    The ability to download latest update to floppy (or other removable media) so that it can be used to update & existing installation of NOD on an infected computer. If this is already possible, forgive my ignorance :doubt: , but no doubt someone will enlighten me on how to do it o_O
  15. jtodd929

    jtodd929 Registered Member

    Oct 1, 2004
    NOD32 peeps: please allow users to hide the system tray icon from view without affecting the functionality of the antivirus software.

    Please incorporate this request--hopefully soon.

    e.g., you have a "Do not display splash screen at startup" radio button. Please have something like, "Do not display system tray icon," which would simply serve to hide the system tray icon from view but not change the functionality of the software in any way.
  16. rdsu

    rdsu Registered Member

    Jun 28, 2003
    An option to alert the user when the update failed to download and mention the reason.
    Already discuss here.

    The rest are already in the list ;)
  17. radicalb21

    radicalb21 Registered Member

    Jun 6, 2003
    I have enclosed pictures in a .jpeg format so you can better understand my problem as well as see it for yourself. When I right click on the eicar.zip files and choose NOD32 Antivirus System. When the eicar.zip file is scanned the virus is detected. When I click the clean button I am presented with three options: leave button, putting a checkmark in quarantine, and quit scanning there is also a details button. There are button options shown in the box but they are shaded or grayed out for whatever reason I don’t know. This wasn’t a problem w/ NOD32v2b5. In that version I didn’t have this problem as described above. I have also tried the admin version of NOD32 v2 and still encounter the same problem as described above. Any and all help would be appreciated. If possible could you give step-by-step instructions on how to correct this problem? My email address is res51cue@comcast.net . Look at post #7 in paticular as well as all the other posts. Here is the link to the thread I started back in June 03' and the issue still persists.


    It is now Oct 04' and it has been almost a year and a half since I reported this problem and it has yet to be addressed by ESET. I would also appreciate this thread being reopened so this problem can still be diiscussed. Thanks for any and all assistance.
  18. Kil

    Kil Registered Member

    Jul 29, 2004
    Blackspear, I’m impressed with your initiatives. You’re inspirational. Keep up the wonderful work you are doing here.

    My suggestion to Eset would be to improve its consumer and public relations. This can be achieved in many ways, one of which is establishing a trust with the public by showing a warm personality (including pictures on the website of Eset facilities and the people in charge of the company). After all, when purchasing a product which needs constant updating (virus definitions, etc.), one is involved with the company. Better lines of communication = stronger consumer commitment.

    Very good suggestions by all. Like the show "America's Most Wanted", the more people are involved, the better and faster "bad guys" are caught.
  19. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    Thank you for your kind words Kil. The forum is made up of some really great people, and through sharing their knowledge and experiences we all learn...

    All the best...

    Cheers :D
  20. rdsu

    rdsu Registered Member

    Jun 28, 2003
    An option to disable the System Restore before start an on-demand scanner... ;)
  21. rdsu

    rdsu Registered Member

    Jun 28, 2003
  22. HiltonT

    HiltonT Registered Member

    Jan 5, 2003
    Brisbane, Australia
    The Control Centre should be an MMC snap-in, as should the Remote Administration interface. This way it complies with the standard Microsoft format for applications of this nature.
  23. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    Enable AMON by default. See post number 10 here

    Have Program Component Updates set to “Perform Update if available” by default see post number 10 here

    Cheers :D
    Last edited: Oct 3, 2004
  24. Phil_S

    Phil_S Registered Member

    Nov 13, 2003
    Include registration expiry information in System Information module.
  25. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Aug 10, 2004
    an expansion to the virus information on the web site with a link from control centre, so u can get detailed info on the virus etc, that u have.

    by expansion, i mean more detail and a listing for ALL the latest threats.
    it can be quite hard to find info as ESET has different names for some of the viruses etc to competitors.
Thread Status:
Not open for further replies.