needs to be added to NOD's detections

Discussion in 'NOD32 version 2 Forum' started by Elwood, Dec 12, 2005.

Thread Status:
Not open for further replies.
  1. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    Elwood, Dec 12, 2005
    #1
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Hope they've added it in the 1.1320 version. Unfortunately, I have some Trojans submitted to eset and they haven't been yet added. :( Hope they'll add them
     
    pykko, Dec 13, 2005
    #2
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Added to update NOD32 - v.1.894 (20041014). If you extract the archive, the exe file is detected.
     
    Marcos, Dec 13, 2005
    #3
  4. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    Thanks for that info, Marcos. Why can't NOD32 scan inside the file without extracting it first, the way most of the other AVs in that example can?
     
    Elwood, Dec 13, 2005
    #4
  5. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,662
    Location:
    Throughout the USA and Canada
    A file inside an archive isn't a threat to anyone UNLESS it's extracted - so just how "at risk" do you think you are if a threat is rendered harmless by the archive, and your threat detection solution detects it immediately it's un-archived?
     
    webyourbusiness, Dec 13, 2005
    #5
  6. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    I really don't know how at risk I am, but it seems reasonable to me that a file scanner type antivirus program should be able to scan inside a self extracting installer. Whether or not it can remove the malware inside is a different matter and I can understand why that would not be possible or even desirable.

    Many people disable their antivirus program before running installations to prevent interference with needed registry changes and initial configuration. I don't know if NOD32 has ever interfered with needed registry changes or initial configuration of installations, but I have been witness to some security programs doing it.
     
    Elwood, Dec 13, 2005
    #6
  7. Carver

    Carver Guest

    I just had a Trojan masquerading as a Microsoft tool bar, wiped out every single file on my Hard Drive. I had to reformat and reinstall Windows XP, I was updating a piece of software that has a M$ tool bar to adjust it on the fly. So I was expecting a m$ tool bar, Just not a Trojan impersonating a Toolbar.
     
    Carver, Dec 13, 2005
    #7
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have never had to do this with Nod32 in more than 3 years, and never advise my clients to do so either...

    Cheers :D
     
    Blackspear, Dec 13, 2005
    #8
  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,662
    Location:
    Throughout the USA and Canada
    I could understand how some REGISTRY protection systems might need to be disabled, but not a properly written AV with a properly written installer... of course, there are a lot of ways to improperly write software... ;)
     
    webyourbusiness, Dec 13, 2005
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...