Future Changes to EAV

Discussion in 'ESET NOD32 Antivirus' started by Blackspear, Jan 20, 2008.

  1. spelunk

    spelunk Registered Member

    Joined:
    May 19, 2008
    Posts:
    15
    Re: Future Changes to EAV 3.0

    With the 100% CPU thread and the discussion that NOD32 appears to have issues with items like HTML log files that are always updated, could NOD32 "detect" this situation and warn the user that scans of a given file (or files) are adversely affecting performance.
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Future Changes to EAV 3.0

    Hello, Marcos said about this thing few weeks ago. ;)
     
  3. Lusitano

    Lusitano Registered Member

    Joined:
    Jun 17, 2008
    Posts:
    20
    Re: Future Changes to EAV 3.0

    Why not an online virus submission form like Avira or F-Prot use? It's quite obvious that the e-mail method is not working for ESET at all. Weeks after submission and still no detection added.
     
  4. dorgane

    dorgane Guest

  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Future Changes to EAV 3.0

    When using Undll, there's a risk that the computer will restart itself. We cannot afford such a risk in the program as it's used on servers as well.
     
  6. ASpace

    ASpace Guest

    Re: Future Changes to EAV 3.0


    Ammmm , can't you make it (change UnDll) in a way so that it doesn't restart the machine until user confirms reboot , or integrate UnDll in the program itself.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Future Changes to EAV 3.0

    Generally removing already injected dlls from running processes is unsafe and may lead to a computer restart. The next version should bring some improvemnts in this regard.
     
  8. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    Re: Future Changes to EAV 3.0

    In ThreatSense.Net Warning System add more extensions in default exclusion filter for sending suspicious files.

    Eset NOD32 Antivirus 3.0 User Guide says the following in chapter "4.7 ThreatSense.Net":

    Exclusion filter
    Not all files have to be submitted for analysis. The Exclusion filter allows you to exclude certain files/folders from submission. For example, it may be useful to exclude files which may carry potentially confidential information, such as documents or spreadsheets. The most common file types are excluded by default (Microsoft Office, OpenOffice). The list of excluded files can be expanded if desired.​

    By default the following file extensions are excluded:
    *.doc|*.rtf|*.xl?|*.dbf|*.mdb|*.sxw|*.sxc

    This is a rather small list as there are many other document formats that may contain potentially confidential information.

    Add more file types of Microsoft Office until ver. 2003:
    *.ppt|*.pps

    Add more file types of StarOffice and OpenOffice.org ver. 1.x.:
    *.sxi|*.sxd

    Add some ODF file types that can be created by components of OpenOffice.org ver. 2.x and StarOffice ver. 8:
    *.odt|*.ods|*.odp|*.odg|*.odb

    Add some file types of Microsoft Office 2007 (aka Open XML file types):
    *.docx|*.docm|*.xlsx|*.xlsm|*.pptx|*.pptm|*.ppsx|*.ppsm|*.sldx|*.sldm
    (see http://office.microsoft.com/en-us/help/HA100069351033.aspx#3 )

    -- rpr.
     
  9. Phenom

    Phenom Registered Member

    Joined:
    Sep 23, 2008
    Posts:
    61
    Location:
    United States
    Re: Future Changes to EAV 3.0

    Provide better protection like it did in the past, I been seeing tests and NOD32 has gone worse with their protection.

    Improve on antispyware too.
     
  10. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Future Changes to EAV 3.0

    Yes, this happend when I tested KIS v8. Suddenly avp.exe fell down and restart followed.
     
  11. Gaz25

    Gaz25 Registered Member

    Joined:
    Nov 9, 2008
    Posts:
    9
    Re: Future Changes to EAV 3.0

    NOD32 needs it's detection improving further, G-data Antivirus and Avira are getting better...

    I have high expectations for the much-loved ESET products... keep em' coming...
     
  12. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    Re: Future Changes to EAV 3.0



    Hello,

    Version beta coming soon Q4= October, November and December



    cumps
     
  13. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Future Changes to EAV 3.0

    I would prefer waiting before talking about 100% sure dates. When beta will be, then will be released.
     
  14. JustinMP91

    JustinMP91 Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    1
    Re: Future Changes to EAV 3.0

    I wouldn't mind the option to DELETE malware when detected... instead of quarantining it. When I discover malware.. I want it off my computer ASAP, I don't want it sitting around in some quarantine area, even if it is "harmless" there.
     
  15. ASpace

    ASpace Guest

    Re: Future Changes to EAV 3.0


    The purpose of the quarantine is not made for trojans but for files , detected as threats , that are not real threats - a.k.a. false positives . If , in case of false positive , a legitimate file is permanenly deleted , nothing fill be able to recover it
     
  16. Chai

    Chai Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    7
    Re: Future Changes to EAV 3.0

    I second this. Let the prime focus always be in improving and maintaining NOD32 Antivirus's reputation for top detections and advanced heuristics with lightweight resource consumption.

    I consider this a secondary consideration for NOD32 Antivirus. I say let ESET focus on the thing they do best: antivirus. We have a host of other effective security utilities to cover NOD32's relative weakness with spyware and adware.

    On that note, the one other thing I wish ESET would continue to do is keep developing Antivirus as a separate program. The trend in this industry is to throw together security suites and abandon individual security apps. This only leads to poor quality security since nobody does all security features great. ESET's firewall has done poorly in reviews, I would not like to be forced to use it in order to use their antivirus program. Further, I prefer to mix and match so that I have the best of all worlds. Keep promoting and selling both the suite and the antivirus separately; when the firewall matures I'll give it another look.
     
  17. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Re: Future Changes to EAV 3.0

    One thing I would like to see is the ability of NOD32 to accumulate e-mail alerts and send them together.

    I have received over 65,000* e-mail alerts from NOD32 today alone. 99% which are false positives or "error is:" with no error. This gets very old very quick. MRTG HTML output is constantly a cause for false positives. I've submitted several, but never a reply. Almost all other cases are .log files, or false positives on other files which I've submitted yet remain false positives.

    Why do I need 1000 e-mails separate e-mails from a single server about a (false positive) virus in one minute? Can't we accumulate them and maybe just send out one e-mail per ~5 minutes?

    I'd also like to see some money spent on fixing these bugs mentioned over and over in the forums. When renewal times come up I must ask myself if I should trust a product with soooo many bugs to protect my 600+ machines. The number of infections with Nod32 have gone up significantly in the last year. My impression is that 2.7 was built with a very thorough technical staff, but that 3.0 had a completely other staff which is not so thorough. I am seeing things like XP Antivirus, Agent, virus toolbars, and other malware which I'm alerted by Nod32 that the system is infected (Files in system32, or c:\ or in %temp%) but locked and can't be cleaned. Sometimes Microsoft's antimalware released each month cleans these up, other times I have to nuke the laptop when it comes in for maintenance.

    I'm not trying to flame, just stating how I feel. We still have 9 months before our license 675 user license expires. I'm hoping effort is spent in making 3 or version 4 as good as my impression of 2.7 was.

    * By the end of the day there were over 770,000 e-mail alerts from Nod32. 99.9% being false positives on a log file. I'm still trying to clean those up.
     
    Last edited: Jan 5, 2009
  18. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Re: Future Changes to EAV 3.0

    I agree an email "summary" would be pretty awesome.

    I'm not sure about your FP's, but response rate this week has been rubbish because of holidays. Give it until Monday and try sending them again. Remember to entitle your email with "False Positive" only. If there's still no response send a PM to Macros he should be able to assist you.

    v4 boasts superior cleaning capabilities, especially in places where v3 had to reboot, v4 does not. I'm hoping we have a stable v4 release before 9 months time... I should think so anyway.
     
  19. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Re: Future Changes to EAV 3.0

    One thing i'd like to see is if you password protect the settings when you go to make a change that requires a password you have a grace period where the password doesn't need to be entered again which could be user configurable and manually closed (right click Tray Icon - "End Password Grace Period").

    It's annoying to want to make several chnages and clean up the logs and quarentine and have to enter the password over and over every 15 seconds.
     
  20. Marv Gordon

    Marv Gordon Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    59
    Re: Future Changes to EAV 3.0

    For the Enterprise crowd.

    A multi-threaded installer so you can "push install" multiple workstations more quickly....
     
  21. lumpeh

    lumpeh Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    13
    Re: Future Changes to EAV 3.0

    Additionally have it push out with the latest definitions available. This would be great for unattended installs with SMS/SCCM.
     
  22. apache

    apache Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    26
    Re: Future Changes to EAV 3.0

    my suggestion comes under item 2, not sure if it is the same idea, but when the anti virus is on a scheduled scan of my hard drive , that the icon in the bottom left taskbar [ by the clock] spins or something to let me know that a scan of my system is in progress, currently the only way I know is if I open up the programme itself.
     
  23. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    Re: Future Changes to EAV 3.0

    I would like to see the right click scan option to be able to scan more than the first volume of a full archive of let's say for instance, RAR files. I've been constantly getting the message when I right click to scan an individual file or folder made up of RAR files that the scanner cannot find the next volume. I've contacted ESET tech support and all they can say is be sure that all the files are being scanned one way or another and not to worry about it. I was also told that no other right click scanner scans all the volumes in an archive, which isn't true. I use Malwarebytes Anti Malware right click scanner to scan RAR files and it always tells you that it's scanned said amount of files.
     
  24. chrizio

    chrizio Guest

    Re: Future Changes to EAV 3.0

    I wish to be able to disable the on-demand scan report window
    if the scan didn't result in any findings. Like in Avast.
     
  25. MarcR

    MarcR Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    60
    Re: Future Changes to EAV 3.0

    This may already be on the list, but it's important.

    When a possible infection dialog appear, the option to "ADD TO EXCLUSION LIST".

    Manually adding is a pain in the ass...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.