Has the advanced heuristics get improved in version 4?

Discussion in 'ESET NOD32 Antivirus' started by Norton360, Mar 3, 2009.

Thread Status:
Not open for further replies.
  1. Norton360

    Norton360 Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    71
    Hi, some months ago I started a topic with a problem with Nod 3.

    It slowed my computer a lot when working with executable files: https://www.wilderssecurity.com/showthread.php?t=201268

    From solcroft:

    The problem with NOD32's advanced heuristics is that it's very resource-inefficient when it tries to emulate and analyze large and/or heavily obfuscated files. Large files aren't a problem on my computer (because they don't exist), but even on files as small as 150kB, NOD32 v3 can take up to 16 seconds to scan it if it is encrypted with complex packers.

    The problem is CPU consumption, not RAM. There's nothing you can do short of turning off advanced heuristics (and heavily castrating NOD32's detection rate), it's really up to ESET to fix the problem.



    I wonder if this has been improved in version 4.

    Can somebody please give me some information on this?

    Thanks in advance.
     
  2. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    From my beta experience if you turn it on anywhere besides for Newly Created or Modified files (In REalTime) then the system resource on openning files spikes through the roof as you described and you get notice a huge LAG when openning files. Even with the default setting it still creates some lag, or at least a LOT more then the 2.7 did.
    DOn't know if it changed much in the final version, but I used teh latest released beta. Now I am trying Norton Gamer 2k9 since it's on sale at BUY.com for $14.00. Normally I would not run Gamer but it's not different from 2k9.
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Use the default settings, they are what is recommended, and you won't have troubles.
     
  4. Norton360

    Norton360 Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    71
    I used default settings in NOD 3 and it was terrible slow. That is why I'm worried about version 4.


    Thanks for help mates.
     
  5. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You can get a trial version on eset.com to test.
     
  6. Norton360

    Norton360 Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    71
    I have downloaded trial version and installed in a Quad Core with 2 GB of ram DDR3. I haven't changed any settings in the program.

    Nod 4 has the same bug, when working with exe files the computer hangs and vista explorer freezes for some seconds. The same applies when I download a compressed file with executables inside. The download freezes in 99% and freezes. After some seconds it opens fine, but If I try to extract any file it freezes again.

    I thought eset would fix it in the new version but it is still a resource hog. I am very sad and dissapointed. :'(
     
  7. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    How would you propose to make archives and advanced heuristics any less resource intensive? Other products can appear faster because they simply give a pass on such files and do not bother deflating them to properly scan them, which increases the risk of malware slipping in. If the performance impact of these features is noticeable enough that you consider to impede the use of your system then tweak your settings, especially the ones related to advanced heuristics on new file creation.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Please provide me with a link to that archive. If it's a large archive, especially with a lot of files encrypted with some protectors, it's normal that it takes time to: 1, unpack the archive, 2. scan each of the files
     
  9. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372

    Valid point and valid argument, however the AH doesn't seem to give NOD32 much of a leg up in malware test comparisons. Many times other offerings provide better detection without the lag inducing AH. For example as I type this I have ekrn.exe spike to 25% and lag my keys to the point where I ghost type (aka buffer type).

    I mean my ekrn.exe is eating 100Mb of ram with just Firefox open.
    So it's eating both CPU and RAM, and the whole fact of Ghost Typing is just pathetic.
    Nod is set to Defaults and nothing is downloading at the moment just bunch of tabs open (7 to be exact).
    I be more then happy to help, since so far Version 4 is utterly useless in my book. I should not Ghost Type while typing this.
     

    Attached Files:

  10. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    Here is the picture after I decided to start Warhammer Online Mythic client...currently the client is downloading the game, and NOd is pegged at 100% cpu (50% since Dual Core).
    The system is EXTREMELY LAGGY, it's analogous to being infected with spyware.

    I mean there should no time in AV life where it will take all the CPU resources to itself. If I didn't have a dual core system, my system would be bricked right now. It's extremely frustrating typing this with lag, my god I feel like I am running Windows Millennium on a 386SX machine.

    So my choices at the moment are:
    1) Go back to 2.7 but forgo the extra cleaning, extra tweaked heuristics and other perks, so basically ride on an old technology with worse detection rating over already weakening 3.0 comparative test results.
    2) Stay with 4.0 but disable AH, at which point I am running a sub par AntiVirus. AH and low resource usage is what initially made NOD a great choice.
    3) Go to FREE Antivir while this is being fixed (if it ever gets fixed).
    4) Wait for my Norton Gamer (bought it on sale, same engine as 2k9 but $20 cheaper) to arrive and use that as main stream as opposed to a backup system Antivirus as originally planned.


    I want to stay with ESET since I've been a loyal customer since 2001, but you all seriously screwed the pooch with the past two releases. I mean pictures are wroth a 1000 words, please fix it or tell me how to fix it.

    I have about 2 years left of my 3 year renewal I don't want to trash them, but my current frustration with the lag is getting to me.
     

    Attached Files:

  11. Martinus

    Martinus Registered Member

    Joined:
    Jun 19, 2008
    Posts:
    29
    Hello Marcus,

    You can try http://www.devexpress.com/Downloads/NET/

    Download "DXperience v2008 vol 3.4 for Visual Studio 2005, 2008"

    It's an 230mb of encrypted files in it. I had the same problem as Norton360 with this file. I get regular updates and I had alot of trouble with Nod32 v3.

    That's why I changed to Norton. I want to go back to Eset since you are the only one (at my knowledge) to have native 64bit antivirus that is fast. But with big files like the one above, after 20min waiting at 99%, I got tired and deactivated Nod32 and downloaded it again.

    Or if someone could confirm that no one having issues with this file with Nod 4, I will press the buy button and remove the hybrid 64bit/32bit Norton that i'm sure is not taking full advantage of Vista 65bit.

    Martin.
     
  12. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    Just look what the CPU is doing to an 85MB patch that has been issued by Mythic, it's pegged at 100% (50% of dual core).
     
  13. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Average ekrn usage is 40mb + 2mb from egui.

    I'm not sure what kind of files you are downloading, is there a way to download them for free? Depending on how they are packed it might be a problem with AH.


    A 230mb of encrypted files... no wonder you get lag. The shear size+fact they are encrypted would mean, unpacking, decrypting, then scanning all off them.
     
  14. bradtech

    bradtech Guest

    I have never witnessed 95-100 MB usage for the ESET service until now. This is an extremely odd situation you got going on. However I have witnessed ekrn process to peg out to 50% or 100% while extracting, installing, or downloading files before depending on the program. I have everything extremely customized in my settings though for maximum protection. The extra time it may take a user during one of these few times is worth the AH setting enabled, along with some other settings enabled for real time and IMON. Especially with as much Rogueware these days out there....

    My erkn.exe*32 on Vista 64bit SP1 with 4GB it is using 43,136K on 4.0
    On 32 bit vista on my laptop with only 1.5 GB it only uses around 12 MB on 4.0
     
  15. bradtech

    bradtech Guest

    You might tell Mythic of the issue now that you have informed ESET..

    Try making an Exception for Warhammer also!
     
  16. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,662
    Location:
    Throughout the USA and Canada
    exactly - it's like trying for a 4-second 0-60 from your car and then moaning that during your speed tests you ONLY got a 2 miles to the gallon... QED fellas - Q.E.D.!!
     
  17. Norton360

    Norton360 Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    71
    So, is there a way to fix it without losing NOD detection power? Or we need to wait to NOD v5? As many users I want to purchase NOD but I can't if it slow down system so much :(
     
  18. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Ask yourself if your users are going to be frequently downloading 200MB packers with encrypted files inside.
     
  19. Norton360

    Norton360 Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    71
    Even with 8 MB files it freezes.
     
  20. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Then please follow:

     
  21. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    No...they (ESET) don't mentioned anything about AH, so conclusion is clear ;)
    In v4 you have only more options for fine tunning AH but this is only a proof that AH is enormous in aspect of resource usage.

    p.s. that's the question on which ESET moderators can give straight answer...but from I saw, they don't mentioned anything about potentially AH improvements:thumbd:
     
  22. Norton360

    Norton360 Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    71
    All the links I have are files from my work, so I can't share them.

    But you just compress into a zip any executable file and then try to extract it. I've just tried it with the installer of BSPlayer (8.46 MB).

    As I've already said, it hangs with ANY executable file. We don't need to post download links because it affects to all exe archives :'(
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I for one don't feel a need to mention improvements to advanced heuristics as the AH module is common for v2,v3 and v4 users and is constanly being improved regardless of the program builds.
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Please provide me with a link to that file. I'll check it out and let you know why scanning takes long (if long actually means several seconds).
     
  25. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Hey Norton360, I'm afraid I can't replicate your issue, which is why I wanted a link. If you can find a link that you're allowed to share I'd appreciate being able to test that.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.