NOD32 finds virus but takes no action

I browsed throught the older posts but did not find this so please excuse if it has already been addressed. I have a scheduled task to scan all files. I have tried to set action from prompt, clean, or delete but nothing happens in each case. Infected files are found, and I can see them in the scanner log. (I put the eicar test file in several places). In fact if I start NOD32 from the start menu and click Scan, it still does not delete the files. But if I click Clean, it does. Any suggestions?

 

Just tried another experiment. Right clicked on a folder containing the eicar.com file. Clicked the NOD32 Antivirus system. The folder was scanned and it detected the test virus, but simply made a log entry. My options were to clean and if uncleanable to prompt for action.

 

Did you actually set the action to Clean & Delete for files and not for archives, runtime packers or other possible objects?

 

hi n_spect_r

when you coose the option to scan with NOD32 from the context sensitve menu, it just scans for viruses. in the nod32 log it will show the virus highlighted in red, so then if you were to right-click on that it would offer you the option to clean, or if you instead click Clean rather than Scan, it will scan for viruses and give you the prompts you have set.

Lee

 

Hi n_spect_r, welcome to Wilders.

See the following screenshot.

Hope this helps...

Cheers

 

hi

isnt what n_spect_r has described actually the way NOD32 works?

If you start the scanner with the right-click context menu it will automatically start up in Scan mode, not Clean mode, and will just highlight infections in red.

if you start the scanner using a scheduled job it again only scans and doesnt actually take any action during the scan. its up to you to go through the scan log and right click the infections and take action.

Maybe i'm missing an option that i havent set correctly, but as far as i can see if you want to start nod32 in Clean mode (so it either cleans, deletes, however you have it set), you have to either start it from the Control Centre and hit the Clean button, or start it via the Right-click menu and click Stop to stop the Scan mode and then click Clean to begin the Clean mode.

thanks, lee

 

Hi Friends,

If you are a newbie I recommend you full reading of this page https://www.wilderssecurity.com/showthread.php?t=37509&page=1&pp=25 and the page after it, It contains full instructions for a NOD32 HomeUser ....

To set a cleaning scheduled job you have to choose `Execute an external application' and set the command-lines you wish... you may read more about the command-line parameters here https://www.wilderssecurity.com/showthread.php?t=37509&page=2

 

Here are my $0.02:

1. Update the virus signature database to the most current version

2. Double-click the NOD32 icon on your desktop

3. On the Targets tab, select all local drives you want to scan

4. Open the Setup tab and enable the following options:
- runtime packers
- advanced heuristics
- adware/spyware/riskware
- alternative NTFS streams (if you use NTFS)

5. On the Actions tab, select each of the file type from the drop-down menu and select Clean and Delete, if cleaning cannot be performed.

6. Click the Clean button to run a scan in cleaning mode

7. On exit, save the changes to the current profile so that next time you will not have to configure the scanner for automatic cleaning again.

 

Thanks for all the replies. apparently I need to configure to execute an external application. I will look into the referenced pages. Personnally I don't have a problem in viewing the log and cleaning files, however my blond relatives sometimes have trouble finding the mouse and so I want something that will automatically fix problems when I am not around.

 

I use NTFS but can't find the setting in NOD for checking this I have all the other settings for deep heuristics/runtime packers etc but do not know where to find NTFS streams is this something I have to add manually?

 

The support for scanning NTFS streams by the on-demand scanner was added to version 2.50, currently available as a beta.

 

Thank you, now I know I don't have the beta version, I can stop looking now.

 

I tried the command line type scan. Set up the scheduled task with the reccommended switches and voila it took appropriate action on all copies of EICAR. Thank you.

As we each have our quirks I will ad this as my own preference.

The command line method opens the scan window in the same way as clicking the program from the Start menu. Using the default scheduled Scan, runs the application in the background. My personnal preference would be to run the Clean option in the background with no user interaction unless there is a problem. (Again I consider my blond relatives) Other than that I like the product.

 

Is NOD32 supposed to clean .DBX files?

On this topic...

Is NOD32 supposed to clean .DBX files?

Frequently a full system scan will find infections inside Outlook Express .dbx files but wont clean them.

 

Re: Is NOD32 supposed to clean .DBX files?

No program in the world is capable of modifying DBX files because it's an undocumented file format. If a virus is found in a dbx file, it must have gotten there before you installed NOD32 as IMON would have remove the infectyed attachments otherwise. Another possibility is that IMON does not check incoming emails for some reason (e.g. you use a different protocol than POP3 or HTTP).

 

Re: Is NOD32 supposed to clean .DBX files?

Hi Pepito, in this case, just open up Outlook Express and go to the infected file and delete it, then empty your "Deleted Items" folder.

Hope this helps...

Cheers

 

I totally agree with you, we must be related, I have the same relatives

Cheers

 

I don't second that, it would be like a suicide to delete files automatically without user's knowledge. Imagine you had your system files infected with a virus...

 

My thoughts are based on the following;

1) I have used Nod32 for 3 years with everything set to the maximum, everything on Clean (and quarantine) and if uncleanable, Delete (and quarantine), I have never seen such an instance with Nod32.

2) Having set these same settings on hundreds of computers and never seeing such an instance it has given me great faith in Nod32.

3) With such settings I also have “Quarantine” ticked as a backup, enabling restore in most conceivable instances.

4) My belief in a Layered Defence, such as Imaging, Registry Protection and most important of all Backing up my Data to multiple forms of Media (external Hard Disk Drive and DVD).

5) Last but not least, if it gets past IMON and AMON, then it deserves to be on my system and as such I’ll shout the guy a steak for his efforts, and I don’t give up steaks to just anyone

Cheers

 

I have the same problem, as I figured out `NOD32' do not have this feature... hope they add it in the next versions soon

 

Eset will not do anything that might potentially cause serious data loss to clients.

 

I do not have any blond relatives - no truly, I don't - and I do not like the idea of any a-v programme deleting files without first securing my permission. NOD32 is wonderfully configurable and anyone who wishes to change the default configuration can do so. I fully support the cautious approach of Eset in this respect. And I also like the idea of having a choice of preconfigured settings available, something along the lines of low, medium, strong, paranoid

 

I did not expect this much attention to my post but apparently it is an issue for more than a few people. If ESET is trying to avoid data loss to clients, then perhaps a compromise. Run the current type scheduled scan but if any suspected files are found put a BIG pop up window stating a potential problem that needs attention. IMON puts up a nice warning if a web page has a potential threat and the window will stay there until some action is taken.

The way things are now, a customer can configure the scheduled scan to run daily and have infected files on their computer but unless they try to access the file or read the log file they will never know it is there.

 

I as a Network Admin would like to have every thing automatically done on my clients systems, I would like to force my network policies to my clients so I install NOD32 on clients systems in password protected mode and set the actions as I wish, and do not let my clients change the rules I have set... This is because Im the responsible man in our network and I have to answer the boss and the clients about the network performance and...
I have clients that will interrupt the NOD32 cleaning job if they see its scanning their system, I dont like they see even one small popup... we have a big network and many kinds of users...

I think NOD32 should have all the features ( as it has many many good features now ) and let the users or Admins use the features at their own risk

 

We were talking about the on-demand scanner. AMON in the new beta can move infected files to quarantine to prevent execution of heuristically detected files.