NOD32 extra info thread. A lesson learned

I was recently pointed at https://www.wilderssecurity.com/showthread.php?t=37509 by Fred Langa's newsletter (you all get this ... right www.langa.com there is a free version but I pay for the plus version and it is an excellent read).

This provides a comprehensive set up and tweak list for NOD32 version 2.5 and is excellent.

The only problem I had (and this is the warning) is that after applying all the tweaks GetRight download manager stopped getting file sizes for new downloads and really struggled to complete downloads.

Be aware that the HTTP compatability settings need to be set with care (half way down page 2):



and in particular all the GetRight settings need to be set for compatability mode.

The problem arises becase when "Higher efficiency" is set all files are downloaded first by NOD32 and scanned before being passed to the application that requested them. Sometimes this means that applications make the request and it is then downloaded twice! Once for NOD32 to check and once for the application, but in GetRights case it tries to download it and sticks in the last few bites forever and so the download never completes!

 

Hi CarolHaynes, welcome to Wilders.

Step 4 of that post does state the following:

4. It is recommended to change the compatibility level to "Higher Efficiency" unless you experience problems with certain applications.

The reason "Higher Efficiency" is recommended is also stated, in that lowering this setting may allow Trojans to slip past.

Cheers

 

Download managers and streaming media players must remain set to Higher compatibility mode due to the way they work.

 

Thanks for the comments - both are fair points.

Trouble is you do this tweaking and then wonder a few days later what could be causing odd effects. I just thought it worth mentioning my specific experience. No criticism intended.

 

Well, personally, I find "Higher Efficiency" scanning to not really be worth the extra hassle that it may involve in determining compatibility and/or adjusting for client compatibility issues. While I do understand the underlying technical difference between the two formats, I believe it to be a pretty rare occurence that would result in serious computer compromise or malware infection as a result of not using Higher Efficiency. Although I do acknowledge and conceed that it results in a nominally increased amount of security. However, I also believe that it isn't worth the time to adjust the real-time scanner for all files rather than the default set of executable, scripting, and macro-based extensions. Like nearly everything in information security, there is a tradeof or a compromise to be made.

Sometimes the minimal extra protection afforded by a security configuration, setting, or program isn't worth the extra compatibility hassle or extra overhead incurred. Knowing where to strike the right balance is also part of information security. At the end of the day, it is certainly personal preference and also a decision that must be made in consideration of one's own unique situation and application... yet, still, I think the point should be made that it's not always best just to set every setting to maximum. At least not without some careful consideration. Moreover, I think it's somewhat disingenuous to throw in, almost as an after-thought, a disclaimer saying essentially: "Oh, yeah, by the way this setting might cause you problems." I believe that if you are going to provide detailed instructions and recommendations, you owe your readers a more detailed explanation of what may go wrong and what you may break by configuring such settings.

 

Most download managers have the option to put in command line parameters for scanning files after downloading. I normally just set that (similar to Blackspear's suggestions for the scheduler, but with /scanmem-) and exclude the download manager in IMON. With all options enabled, this can potentially result in a better scan anyway