Future Changes to Nod32

No no no please do not !! Leave it the way it is, no firewall, no antspam ,nod32 is good, very good the way it is now, please focus only on the virussus and trojans spyware and what you do now !!
It is good this way.......

 

You can't fight the bloatware shuffle... I installed the latest version of KAV 5.0, and the wonderful new IDS has made it so that I can't send email... Oh joy.

 

Hi,

last week I was doing some scanning in safe mode on two notebooks. Since the displayed picture was in VGA mode, the NOD32 scanner dialog was a little too big. Ok, I can live with it.

1) But what I need is the ability to do actions using shorctuts. NOD32 does not have that at the moment so I tracked several times the tab order just to find out when to press ENTER to start scanning. It would be much easier to have something like ALT+S (scann), ALT+C (clean), etc.

2) The tab order in NOD32 scanner dialog (Scanning targets) is really messed up. Just look at this: Add(Directories and files) -> Delete (Directories and files) -> Local(Disks) ->Network(Disk) -> DeselectAll(Disks) -> SelectAll(Disk) (comes after DeselectAll!!) -> DeselectAll(Directories and files) -> SelectAll(Directories and files) (the same observation as before!!) ->Scanning Targets (??) -> Scan -> Clean -> Quit -> Help. It does not look nice, does it?

3) Missing information in NOD32 remote console (a Clients part) -> Alerts when the connection has been terminated by the IMON (i.e. when trojan from some http address tries to infiltrate). Since there is no information about the action (even though I get the alert message), I always initiate scan and then I find out that there are no infected files.

Regards,
Mladen

 

Hi Mladen,
1. you can press Alt+S to start scanning or Alt+C to start cleaning. It works here fine with the English version.
2. OK, this has been fixed, please wait for the next program component update for the change to take effect
3. the next version of the RA console will use a different approach

 

Hi Marcos,

thank you very much for your answer. Yes, I have tried it now and it is working (hm, I am sure I have tried this before ). Anyway, thanks.

However, there is one interesting thing about this. When you start NOD32, all buttons (Scan, Clean, Quit and Help) do not have any underlined character. If you initiate any action using shortcut key (i.e. ALT+S to start scanning), then all buttons reappear with the underlined character. However, it will not happen if you press mouse. Of course, once they show up, it will stay. Interesting, isn it?

Best regards,
Mladen

 

I hope ESET doesnt implement a firewall of anysort into NOD32. Releasing one seperately would be a different matter. Im sick of companies releasing things in packages when you only want a part of the package. A sandbox wouldnt be a bad idea if it was fully featured/configurable and optional. I think NOD32 could extend its databases to catch more spam/spyware/trojans and maybe have some advanced methods of removing the spam/spyware/trojans it detects, but an IDS/firewall would be too much.

 

I would like to see some naming in heuristics area.
Everything is marked as probably new_heur_PE.
Couldn't this be classed a bit? I saw other antiviruses using different names on heuristic detection. Like Heuristic\TrojanDownloader,Heuristic\BackDoor etc...
Also using Heuristic\some_malware_name form of naming would be better.
So you know right away that this is a heuristic detection.
NOD32 is a very heuristics intensive AV,so such improvement would be a good idea.
What do you think?

 

That sounds like a good idea, also optional extended databases simular to KAV's would be nice.

 

An extended database is available - just tick the Potentially dangerous applications checkbox in the on-demand scanner setup. Hope this helps.

 

More RA Suggestions

OK, after a bit more thought and coffee, here are a few other things I'd like to see - again, from a corporate standpoint/RA user:

1. Anytime ANYTHING in the XML file is changed, update the mirror files. If I change the XML files used for a set of users, they're often not updated in the mirror directory until a new set of AV defs comes in and the mirror is updated. Any changes to the configuration file should propagate virtually immediately. For instance, this last weekend when we had no AV def updates would mean that any configuration changes I made would have taken four days before they actually hit the end user, since there were no def updates. I made a change last night to three of my sites (after the Nov 30 defs had already hit), and they didn't update the mirror directory XML file until I manually launched the mirror update on each server.

2. More comprehensive RA screen - make more detail available, though not necessarily on by default. For instance, in the screen shot below, I've got four additional columns at the right to show me the status of the basic modules. Green is OK, red means something's wrong (bubble help shows disabled/not started?) for AMON/IMON/DMON/XMON:


Basically, I'm looking for more information available to a corporate admin who has to split their time between monitoring AV stuff and the rest of the things that we do. A quick glance at the screen should tell us that everything's OK or not.

3. By the way, let us adjust how far out of date a machine has to be before the systray icon turns red.

4. Adjustable "your definitions are out of date - please update as soon as possible" message. We're currently doing this via login script, but it would be nice to punch it into the registry so that our mobile users will get it when they're more thatn "x" days out of sync. It's currently set to (I think) 30 days? That's too long. May as well make the message content configurable while I'm wishing for stuff... ;-)

That's it for now - caffeine's running low.

 

I'm missing submite button in Quarantine. It would be nice if NOD32 could send samples directly from within quarantine to ESET. Especially for samples detected by heuristics.

 

Under Quarantine in the 1st post

 

Automatic submission of suspicious files will be encorporated in the upcoming version of PCU.

 

Thank you very much Marcos for sharing, is there an very approximate timeline to when we will see this?

Cheers

 

Blackspear,
it won't be ready sooner than by the beginning of next year.

 

Thank you Marcos

Cheers

 

Aha ok Blackspear,could you add enhanced Heuristic naming to the list on your first post? I mean,naming malware so it won't be named "probably unknown new_Heur_PE" but Heuristic/TrojanDropper,Heuristic/BackDoor,Heuristic/Malware etc.

Also using Heuristic/ prefix,so you know directly that we're talking about heuristically detected sample (like Trojan/ Win32/ or Worm/).
I explained this few posts before,but it seems that everyone missed this one...
AntiVir uses such way to classify heuristically detected files.

Btw whats PCU in this case?

 

Done

Program Component Upgrade.

Cheers

 

AnotherJack you have some great ideas... I also would like to that implented.

 

Would we finally get a Better Single GUI instead of split Window with new PCU ? ( I think i have been crying for this enough )

A question i always wonder is if Imon and Dmon are loaded in memory everytime?
Since i don't use Dmon and Imon cause me problem ( or hassle i should say ) i disable them. But i don't see any difference when i disable them and enable them?

 

Here are my suggestions:

- Add ability to update from "Safe Mode with Networking"

- Self Boot disk which would use current virus definitions from system

- Rename AMON, IMON and NOD32 to RealTime protection, Internet
Protection, Scanner

- Ability to add a file into quarantine section and Submit button

- Ability to scan START_UP items and submit them to ESET for analyse with one click

- Add "Registry Monitor" for monitoring stat-up items and ability to Submit unknown start-up program!

- Remove options CLEAN, DELETE and ADD CLEAN if imposible than DELETE

- Ability to stop scheduled scan with button "Run as soon as PC is unused for more than 1 hour"

- Add NEWBIE INTERFACE with simple buttons like SCAN my PC, Update my PC, set automaticaly Clean or Delete and set by default scanning once per week.

- Add antispyware definitions and realtime protection against them!

- Build firewall as separate product!

- Make one software package for all versions of Windows!

- Ability that server for updates can check if one licence using update for several computers and automatically block that user!

- Allow 1 licence for 2 computers because anyway nobody buying 2-3 licences for home!

- Ability to automatically scan and submit all critical parts of windows like start-up programs, spyware places... on users request! This would bring many many more samples for NOD!

 

"Internet Monitor (IMON) enabled" is greyed out when not working and dark type/Chk mark in box when "ON". A tired brain or novice seeing "Enabled" in any type can mistakenly think it's working. I suggest "DISABLED" as an "OFF" indicator versus greyed-out type/no chk mark.

 

1. The ability to disable AMON and turn it back on from the Tray Icon like you can do with F-Prot, NAV and other AV programs.

I turn off AMON when I run other AV on demand programs, AdAware, SpyBot, etc., Scandisk or Chkdisk, defrag utilities and working with very large Excel, Word, PowerPoint files and graphics programs.

Now I have to launch the Control Center and click Quit then go into the Start Menu to turn AMON on again.

See #38

2. The ability to exclude files, folders or file extensions

 

» Enable Clean button on each trojans/malware/adware/..., which won't clean them, just delete them.

» Improve AMON cleaning abilities

 

Here's my 2 cents:

I'm not a programmer, so I don't have any idea as to what goes into coding features. My only "wish" is that no matter what features are added and/or changed, the program remain "light".

It seems the more we want programs to do, the more bloated they become. And since I'm still enamored by this product (after switching from NAV 2004), I don't want NOD32 to head toward the same bloat spiral.

I guess what I'm saying is that I like the program the way it is, and while I (and I would fathom most people) would like improvements/features, etc, I don't want them to infringe upon what makes NOD32 great.

Dom