Future Changes to EAV

Discussion in 'ESET NOD32 Antivirus' started by Blackspear, Jan 20, 2008.

  1. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    Re: Future Changes to EAV 3.0

    Module updates should be recorded in the event log along with virus signature database updates.
     
  2. hillrb

    hillrb Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    44
    Re: Future Changes to EAV 3.0

    I work in a business. I have desktop and laptop users. I have created a Dual Update profile that I give them all. By default, the clients are scheduled to update from my local server. If my local server is unavailable, the clients have a secondary profile for updating from Eset's servers.

    What if I'm a laptop user (or even desktop user for that matter) and I want to manually update the virus signatures (just because) and the local server is unavailable? Currently, because the default profile directs my clients to the local server, the program will fail the update.

    My request is (when clicking the "Update Virus Signature Database" option) to allow the option for the client to failover to the secondary profile if the first one does not respond. I know I can set my laptop users up to have the secondary profile first, but in my case, it does not suit us.
     
  3. Colditzz

    Colditzz Registered Member

    Joined:
    Mar 19, 2008
    Posts:
    46
    Re: Future Changes to EAV 3.0

    I'll second this - and, in addition, request that the 'use global proxy settings' option actually reads the proxy info and exceptions from IE/the registry. I have - like hillrb - setup fail-over profiles for the automatic update, so if my internal update server(s) go offline, the software fails over to the external link, but when the users are in work, they are behind a proxy, when they are at home, the proxy is unavailable to them, this means three profiles for a guaranteed update - when connected to the i/net. If the proxy settings were read from IE/the registry, the 3rd profile wouldn't be required, and the users would be able to manually update the definitions themselves.
     
  4. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Re: Future Changes to EAV 3.0

    Nod32 3.0.657 just installed. Now it's doing a scan per the GUI. ekrn.exe is running "normal" prioity, and kicks into 100% CPU resulting in a non responsive computer. It takes so much CPU that my autostart tasks are getting ACCESS DENIED from the realtime scanner.

    Fork out the schedule scans to a separate process. Don't run them under ekrn.exe My scans all have the check box to run background scans with low priority. Make this actually work, please. If you have to, use sleep() events between files to give up some resources when "low priority" is set. You could even query the CPU utilization and if > X% back off for Y seconds.
     
  5. sangam

    sangam Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    49
    Location:
    ahmedabad, india
    Re: Future Changes to EAV 3.0

    ability to clean the registry of problems leftover by malware, such as disabled folder options, restrictions etc. why do i have to edit registry, or use some other (free) tools to do such simple things ?

    lock USB ports, just like lock web browsing. organisations may be able to use this to implement policy not to allow USB pen drives.

    option to disable autorun on all removable media and hard drives. this is a simple registry setting, but if implemented, will save so many Pcs going down due to malware.

    option should be offered to delete suspicious autorun ini entries in writable removable media such as pen drives.

    i thought these are very ordinary, but essential requirements for AV software.
     
  6. kevin009

    kevin009 Registered Member

    Joined:
    Sep 11, 2007
    Posts:
    32
    Re: Future Changes to EAV 3.0

    Also look at my last post here: (posted on May 15th, 2008, 09:19 AM)

    https://www.wilderssecurity.com/showthread.php?t=207474


    For you, Sangam...

    lock USB ports, just like lock web browsing. organisations may be able to use this to implement policy not to allow USB pen drives.

    Answer : Log in as admin, then go to Hardware manager/wizard and disable all USB drives at the bottom or uninstall them...
    Or use a software like Drive Blocker or CD/DVD lock

    option to disable autorun on all removable media and hard drives. this is a simple registry setting, but if implemented, will save so many Pcs going down due to malware)

    Answer ... http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/
     
    Last edited: May 30, 2008
  7. DR NO

    DR NO Registered Member

    Joined:
    Jun 2, 2008
    Posts:
    2
    Re: Future Changes to EAV 3.0

    better active rootkit and keyloggers detection.
    rootkit detection is worse it missed some stealth rootkits on my pc that is found with some other programs.
     
  8. Zeyi

    Zeyi Registered Member

    Joined:
    Jun 5, 2008
    Posts:
    3
    Re: Future Changes to EAV 3.0

    It would be nice to see a summary of the scan once it is complete, just confirming the locations of the infected files and whether they were or wern't dealt with.

    The scrolling log which occurs during the scan itself always seems to get filled with bad archives and all kinds of other stuff which isn't dangerous. Sifting through it to infections is incredibly time consuming, so a summary window at the end would be marvelous.
     
  9. sangam

    sangam Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    49
    Location:
    ahmedabad, india
    Re: Future Changes to EAV 3.0

    thank you for your response, kevin. i am talking about easily implementing USB drive restrictions, and disabling autorun across all OS..., the user of a standalone machine or the network administrator should be able to implement restrictions or disable autorun, from inside the security software, those settings that are relevant, to increased risks of virus ourbreaks. further the software can prompt the user to delete autorun.ini entries if found in devices like pendrives.

    a user need not have to go to control panel, or gpedit.msc and search where to make the required change, or use tweak UI, on 98 or xp home machines.
     
  10. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Re: Future Changes to EAV 3.0

    URL/keyword filtering subscription as an optional component, like XMON was, for both EAV and ESS. I would love to have this with EAV, without the antispam nor firewall options.

    You have 90% of what is needed already. I'm using the limited list to block some porn (searches, keywords, non safesearch searches) but it's limited to 64k?

    SquidGuard has a list of some URL lists, of which some are free to use;
    http://www.squidguard.org/blacklists.html

    Then you have the Cobian list aka ISS/IBM list which is used by a lot of other products. And you have Secure Computing & WebWasher which also sell lists.

    Anyway, partner with someone and offer me, as an admin with a password protected EAV setup, to do some URL filtering via Nod. That would really give Nod a edge over the competition.

    I mention it as an optional paid component because I'm sure 90% of your home users would not want it. However, parents might opt for it for parental controls.

    My two cents.
     
  11. jaseinatl

    jaseinatl Registered Member

    Joined:
    Nov 3, 2007
    Posts:
    12
    Re: NOD32 signatures on e-mail in v.3

    Although this is a little off-topic, I thought it might be a good place to post a comment about the NOD32 signature.

    I have given it a lot of thought and here is what SHOULD happen:
    • The virus-safe warning appended to e-mail (signature) should be wrapped in HTML with text alternative and should contain special formatting that facilitates recognition of the signature by Eset's scanners.
    • The signature should be updateable by Eset's scanners so that a message sent between two users that both have Eset installed will only have one signature, in a block that makes it obviously separate from the content. Right now, appending the signature each time a message changes hands has resulted in more than one message at my office that contains two lines of reply-text and 5 pages of e-mail signatures.
    • The signature should be customizable, not just removable. In other words, embeded into the antivirus software should be a simple editor that lets you define what goes in the signature. It would provide "keys" to be replaced when scanned and it would allow businesses and/or users to attach custom information like confidentiality links or acceptable use summaries. Consider the text below (but imagine it in a box with a 1 pt rule around it) (also, this is an extreme example to demonstrate a point):
    Disclosures and Notices
    %policyDisclosure%

    e-mail security:
    checked by: %productName%, vers. %productVers%
    date/time: %datetime% updated: %productUpdate%
    definitions: %productDef%

    e-mail policies:
    usage: %policyUsage%
    confidentialy: %policyConfidentiality%

    contact information:
    %policyContact%
    contact: %company%
    : %user%
    : %phone%

    %policyClosure%



    would look something like this:


    Disclosures and Notices

    As a testament to our persistent commitment to the safety and privacy of our users, please read the following information as it pertains to this message, it's receipients and senders, as well as the content conveyed in this message.

    e-mail security:
    checked by: ESET, Smart Security Suite, vers. 3.0167
    date/time: 06/06/08 updated: 06/06/08
    definitions: eavss-060608v1

    e-mail policies:
    usage: Any dissemination or disclosure of any part of the content of this message without prior written permission of those persons to whom this message was conveyed, from whom this message was delivered or concerning the contents of this message is a violation of law persuant to some legal clause. This is a private, confidential correspondence.

    confidentialy: If you are not the intended recipient of this message, please contact our office immediately and destroy this message, any copies (printed or electronic) immediately. Please know that you will be held accountable for any harm or damages caused by the unlawful dissemination of information to, from, or contained within this correspondence, even if received inadvertently.
    contact information:
    WhirledOrder
    jaseinatl
    (404) 444-4444

    Thank you for your time and consideration and for helping us to ensure the continued safety and security of priviledged communication on the web.
     
  12. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: NOD32 signatures on e-mail in v.3

    Hi!

    How do you think this sentence? Because between sending and opening message can be time, when could have been released update, which includes signature with eg. worm, which hasn't been cauht before.

    Your suggestion is very long, I think.
     
  13. jaseinatl

    jaseinatl Registered Member

    Joined:
    Nov 3, 2007
    Posts:
    12
    Re: NOD32 signatures on e-mail in v.3

    I do a lot of work for small law firms that require the inclusion of a non-disclosure agreement on every e-mail. I encase the signature in a custom DIV wrapper and every message sent from one of my offices is scanned for virii (using ESET) and for the custom div. If it exists, it is stripped from the message and the new signature is added.

    This ensures that the message has the latest updated virus information and the latest version of the security statement. It's really easy to do and doesn't take half the overhead that the virus scanner does. In fact, it takes less than a second to locate the div and replace it with the updated div.

    The point being that a simple line like:

    ESET NOD32: SCANNED: 06.13.08, DEF:39392

    would only take up one line and would read nicer than the current signature that takes up 1 2/3 lines (per nestled signature).

    And if you are worried about version tracking in case a worm got through because it was new, you would be able to more accurately track the definition number in your history because ONLY the latest definition would appear on each message (instead of how it is now where you have all of the iterations repeated on every message in the thread).

    But regardless, make it customizable. PERIOD. How could anyone argue with that logic?

    btw, I don't use it at all. I do the scan and use a VBScript on my exchange server, so it's no skin off my teeth. I just think it would be common sense for Eset to be a little more adaptable and a lot more professional in this regard.
     
  14. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    Future Changes to EAV 3.0

    Add notification of new NOD32 version through UI / Balloon dialog. Please. :D

    Add animated pupil to NOD32 taskbar icon to show activity - scanning internet traffic etc. :D
     
    Last edited by a moderator: Jun 22, 2008
  15. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Future Changes to EAV 3.0

    No, thanks. Animation and similar things aren't necessary for security software.
     
  16. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    Re: Future Changes to EAV 3.0

    In your humble opinion. You forgot to add.
    So let me reiterate. Notification of new version releases and an animated 'pupil' in the NOD32 taskbar icon to show activity. Thanks
     
  17. totitot

    totitot Registered Member

    Joined:
    May 24, 2008
    Posts:
    5
    Re: Future Changes to EAV 3.0

    this is kinda lame but can nod32 have that logon screen thingy like online armor or kaspersky?? just for aesthetics...
     
  18. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Re: Future Changes to EAV 3.0

    >>this is kinda lame but can nod32 have that logon screen thingy like online armor or kaspersky?? just for aesthetics...

    You mean where they append text onto the logon bitmap which says Protected by Kaspersky?

    In my opinion, I like the fact this is not done. I like the non-animated tray icon as well.

    Nod 2.7 showed in AMON/IMON/... the last file scanned. I'd like a window somewhere which shows that. Perhaps in Advanced mode, one tab which has these on one screen. (I know IMON is gone, but same idea.)
     
  19. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Re: Future Changes to EAV 3.0

    - Option to scan archives in Real-time file sistem protection (not only boot sectors, files and runtime packers).

    - Long time ignored option to scan sent emails...in other word, integration with more email clients, not only Outlook and Outlook express.
     
    Last edited: Jun 24, 2008
  20. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    Re: Future Changes to EAV 3.0

    not really, doesnt show in vista anyway with kaspersky.
    better to get better protection features rather than pointless things that look nice.
     
  21. manney

    manney Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    32
    Re: Future Changes to EAV 3.0

    Program Component Upgrades from RA- to allow an administrator to load program versions (of AV or SS) they want on clients into the RA, and EAV update itself if it is earlier than the version in RA.

    This would get round the issue of waiting for eset to push out a Program Component Upgrade, and allow an administrator to determine what version all his clients need to be on.

    Pushing out newer versions of EAV, every time eset release them when you support 50+ networks is to time consuming and a royal pain
     
    Last edited: Jun 26, 2008
  22. randb85

    randb85 Registered Member

    Joined:
    Jun 26, 2008
    Posts:
    7
    Location:
    Lovech,Bulgaria
    Re: Future Changes to EAV 3.0

    To scan encrypted connections, especially on port https:// 443.

    To scan emails not only POP3, also 443 and 995 - better protection with Gmail and Thunderbird.

    To reduce false positives.
     
  23. jonkoer

    jonkoer Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    30
    Re: Future Changes to EAV 3.0

    1. Do not force Help window to retain focus. When Help is open, it stays on top of main NOD32 window so user cannot do anything in NOD32. Should be able to arrange the Help window side-by-side with NOD32 window so user can simultaneously read the instructions and perform them.

    2. Provide information in Help about error codes (such as the 0x0104 that I'm getting now - no info about what it is).

    3. Extensively expanded Help. At present, troubleshooting suggestions cover only the most basic, obvious possibilities.

    4. Everything Blackbear suggested is right on target.
     
  24. John2222

    John2222 Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    140
    Re: Future Changes to EAV 3.0

    Change the advanced settings so it is clear how ThreatSense options apply to each module. Originally I thought that there was one default/global setting for ThreatSense and then other modules could override the default settings. Now I understand that's not true.

    Here is the thread explaining the problem:

    Understanding Options
    https://www.wilderssecurity.com/showthread.php?p=1271090#post1271090
     
  25. nilupa

    nilupa Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Re: Future Changes to EAV 3.0

    I'm using Nod32 in my pc but it has poor detection of spyware like svichoost.exe and leftovers of new folder.exe. sometimes it will not detect viruses , sometime it do. spyware is the major problem.


    nilupa.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.