Infiltration versus Threat; Demand-scan results

Discussion in 'ESET NOD32 Antivirus' started by rnfolsom, Feb 4, 2010.

Thread Status:
Not open for further replies.
  1. rnfolsom
    Offline

    rnfolsom Registered Member

    My wife ran an in-depth scan yesterday, and NOD32 v4.0.467 found and cleaned 10 "infiltrations." (Upgrading my wife's NOD32 to build .474 was on my "to do" list, but I've been swamped with other projects and my recollection is that the .474 upgrade wasn't really needed for a Win2ksp4 computer. I had, as usual, already put .474 on my own Win2kSp4 computer. I always use my machine as the test machine, but I "tested" for far too long.)

    Aside from being surprised that NOD32v4 had admitted that many "infiltrations," I am wondering what an "infiltration" is. A search of the NOD32 Antivirus 4 User Guide for "infiltration" came up with zero results. For "threat" there were approximately 1 billion hits.

    Is an "infiltration" the same as a threat? If they are different, then what's the difference? Now that NOD32 deals not only with "viruses" (broadly defined to include trojans et. al.), is one word used for virus, and the other for spyware or other "malware"?

    And regardless whether it is an "infiltration" or a threat that NOD32 cleaned, if it was in an MBox file (more on that below) what, if anything, is stored in quarantine?

    Today, my wife's quarantine list is empty.

    I looked also at the logs, and "Detected threats" list eight items (going back to 08 December, with the most recent preceding yesterday's on-demand scan) which say that "The threat was detected upon receiving email by the application [path to] Seamonkey.exe." Given that yesterday's scan recorded 10 infiltrations, my wife and I think that that those eight items (all dated before yesterday's scan) were items that had been detected by NOD32 as she downloaded them. She didn't keep a log, but she knows that NOD32 has caught a non-trivial number of incoming problems.

    If so, where does NOD32 record the threats found during an on-demand in-depth scan? Or have I somewhere set a preference to prevent NOD32 from recording on-demand in-depth scan threats found?


    Any comments, suggestions, or help would be greatly appreciated.

    Roger Folsom

    ________________________________________________________________

    P.S. Mozilla SeaMonkey (and also Thunderbird, I think) both put many messages into a single Windows file, which has an "MBox" format, but my understanding is that NOD32 knows that, and "cleans" or deletes a missing message out of the MBox file, rather than deleting the entire file. Each MBox file has an accompanying index, an *.msf file, and if one or more *.msf files are deleted then SeaMonkey or Thunderbird re-creates it the next time SeaMonkey or Thunderbird is loaded.
    Last edited: Feb 4, 2010
  2. Marcos
    Online

    Marcos Eset Staff Account

    I'd say infiltration is a piece of malware (threat) that has already made it to a computer and is usually already running in memory.
  3. rnfolsom
    Offline

    rnfolsom Registered Member

    Marcos: Thanks.

    I'd strongly suggest that if NOD32 is going to use the word "infiltration," then "infiltration" ought to be described in the User Guide!

    By your "running in memory" definition, "infiltration" is a very useful word, since an "infiltration" is an immediate problem, while "threat" implies something that might cause a future problem. That is, an "infiltration" would be more serious than the same malware that was "only" a threat.

    And I'm now warned that my wife needs to do On-Demand scans more frequently, given that bad stuff is getting through (probably via email, although we have no record of where the On-Demand scan found 10 infiltrations) despite NOD32's vigilance.

    At your convenience, I'd appreciate answers to the other questions in my message:

    Do On-demand scan discovered infiltrations get recorded anywhere, and if so where, or have I somehow blocked logging those?

    Where have I blocked On-Demand scan discovered infiltrations (or threats) from going into quarantine, so we would know where they they were found, and maybe where they came from?

    Thanks for any help.

    Roger Folsom
Thread Status:
Not open for further replies.