Future Changes to EAV

Discussion in 'ESET NOD32 Antivirus' started by Blackspear, Jan 20, 2008.

  1. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    EAV4 USER GUIDE: MINOR RE-ORGANIZATION TO FIX TWO ANOMALIES

    In EAV4 User Guide Rev 20090520-005 (no longer available online) and in Rev 20090213-002 (an older version, available at http://www.eset.com/download/manuals.php), the Content list for Chapter 4.1 is given below. The asterisks indicate topics that match the Entire Advanced Setup tree's main entries. But there are two anomalies:

    a) The Entire Advanced Setup tree includes "Document protection," but the User Guide Rev 20090520-005 includes it only in "What's New," and Rev 20090213-002 does not include it at all. For both User Guide versions, instead of Document Protection, the Content list includes the Host Intrusion Prevention System, which in the online Help file is described in a Note for Antivirus and antispyware protection.
    Apparently the Host Intrusion Prevention System is a basic feature of Antivirus and antispyware protection, and ought to come much earlier in the User Guide, as section 4.1.0.
    Then section 4.1.2 could be used for Document protection.

    b) The User Guide Content does not include Exclusions. To include them (in a location that matches the Entire Advanced Setup tree), use section 4.1.6 for Exclusions, and renumber Protocol filtering as 4.1.7, ThreatSense engine parameters setup as 4.1.8, and An infiltration is detected as 4.1.9.

    Roger Folsom

    ----------------------------------------------------------------

    4. Work with ESET NOD32 Antivirus
    * 4.1 Antivirus and antispyware protection ...................12
    * 4.1.1 Real-time file system protection .....................12
    4.1.1.1 Control setup ......................................12
    4.1.1.1.1 Media to scan ....................................12
    4.1.1.1.2 Scan on (Event?triggered scanning) ..............12
    4.1.1.1.3 Advanced scan options ............................12
    4.1.1.2 Cleaning levels ....................................12
    4.1.1.3 When to modify real?time protection confguration ...13
    4.1.1.4 Checking real?time protection ......................13
    4.1.1.5 What to do if real?time protection does not work ...13
    [Document protection, not listed in User Guide Content]
    * 4.1.2 Host Intrusion Prevention System (HIPS) ..............13
    * 4.1.3 Email client protection ..............................13
    4.1.3.1 POP3 checking ......................................13
    4.1.3.1.1 Compatibility ....................................14
    4.1.3.2 Integration with email clients .....................14
    4.1.3.2.1 Appending tag messages to email body .............14
    4.1.3.3 Removing infiltrations .............................15
    * 4.1.4 Web access protection ................................15
    4.1.4.1 HTTP, HTTPs ........................................15
    4.1.4.1.1 Address management ...............................15
    4.1.4.1.2 Web browsers .....................................15
    * 4.1.5 On-demand computer scan ..............................16
    4.1.5.1 Type of scan .......................................16
    4.1.5.1.1 Smart scan .......................................16
    4.1.5.1.2 Custom scan ......................................16
    4.1.5.2 Scan targets .......................................16
    4.1.5.3 Scan profiles ..................................... 17
    * [Exclusions, not listed in User Guide Content]
    * 4.1.6 Protocol filtering .................................. 17
    4.1.6.1 SSL ............................................... 17
    4.1.6.1.1 Trusted certificates ............................ 17
    4.1.6.1.2 Excluded certificates ........................... 17
    4.1.7 ThreatSense engine parameters setup ..................18
    4.1.7.1 Objects setup ......................................18
    4.1.7.2 Options ............................................18
    4.1.7.3 Cleaning ...........................................19
    4.1.7.4 Extensions .........................................19
    4.1.7.5 Limits .............................................19
    4.1.7.6 Other ..............................................19
    4.1.8 An infiltration is detected ..........................20

    ________________________________________________________________

    BACKGROUND - ADDITIONAL INFORMATION

    The User Guide's Host Intrusion Prevention System (HIPS) description, now in section 4.1.2 on page 13, is the following:

    "Host Intrusion Prevention System (HIPS) protects your system from malware or any unwanted activity attempting to negatively affect the security of your computer. It utilizes advanced behavioral analysis coupled with the detection capabilities of network filter to monitor running processes, files and registry keys, actively blocking and preventing any such attempts."
    This description matches the Antivirus and antispyware protection online Help file's Note.

    ----------------------------------------------------------------

    The User Guide's (Rev 20090520-005) Document protection description, in What's New, section 1.1, page 4, is the following:

    "The document protection feature scans Microsoft Office documents before they are opened, as well as files downloaded automatically by Internet Explorer, such as Microsoft ActiveX elements.
    "The feature is activated by applications which use the Microsoft Antivirus API (e.g., Microsoft Office 2000 and higher, or Microsoft Internet Explorer 5.0 and higher)."
    This description matches the Document protection online Help file's help.

    ________________________________________________________________

    In the Entire Advanced Setup tree, Exclusions, the online Help file states the following:
    "This section enables you to exclude files and folders from scanning. We do not recommend that you alter these options, to ensure that all objects are scanned for threats. . . ." plus instructions about how to exclude folders and files.
    In the User Guide (Rev 20090520-005 or Rev 20090213-002), I cannot find an equivalent statement.

    However, the User Guide (Rev 20090520-005 and Rev 20090213-002) does include the following information about exclusions.

    4.1.6.1, SSL [page 17:] "Ask about non-visited sites (exclusions can be set) - If you enter a new SSL protected site (with an unknown certificate), an action selection dialog is displayed. This mode enables you to create a list of SSL certificates that will be excluded from scanning."

    4.1.6.1.2 [SSL Continued, pages 17-18] Excluded certificates
    "The Excluded certificates section contains certificates that are considered to be safe. The program will not check the content of encrypted communications utilizing certificates in this list. We recommend installing only those web certificates which are guaranteed to be safe and have no need for content filtering."

    4.7.1 ThreatSense.Net, Suspicious Files [page 28]
    "Exclusion filter – The Exclusion filter allows you to exclude certain files/folders from submission. For example, it may be useful to exclude files which may carry confdential information, such as documents or spreadsheets. The most common file types are excluded by default (.doc, etc.). You can add to the list of excluded files if desired."
     
  2. nopieees

    nopieees Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    13
    i think it will be great if nod32 blocked the access to the usb flash till an automatic scan finishes.

    some times there is some undetected threats especially the new threats.
    so we go to remove the virus manually so

    why do not we create a new feature in nod32 to deal with the virus's file to delete them automatically by giving nod32 the paths to the virus files.

    so i can make a configuration file with the virus's file paths to be captured by nod32 as threats.

    this really will be amazing , till the update comes from ESET.
     
  3. joe123

    joe123 Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    14
    Use Multiple cores.

    New systems now have multiple cores (2 or more CPUs). I have a AMD 4 core system (4 CPUs).

    It would be nice to have NOD32 use threads and utilize all cores (let you select how many cores to run on) for faster scanning.

    Also, make NOD32 catch viruses like this one which it recently missed on my system.
     
  4. hclarkjr

    hclarkjr Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    66
    I just checked the affinity settings for the service under task manager and it says that NOD is set to all 4 of my cores.
     
  5. The Chez

    The Chez Registered Member

    Joined:
    Aug 8, 2009
    Posts:
    32
    I really think the web protection site advisory, with an option to submit unsafe sites such as scam scanners etc, would be fantastic. I miss this from AVG, it would be brilliant to see it in ESET programs.
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    I believe you will find Intel certifications for ESET NOD32 Antivirus and ESET Smart Security here and here, respectively, on Intel's web site.

    Regards,

    Aryeh Goretsky

     
  7. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    The ability to import a configuration (.xml) file with the command line on a already installed client.
     
  8. singonn2

    singonn2 Registered Member

    Joined:
    Jul 12, 2009
    Posts:
    1
    Improve : anti-stealth ,anti-hack/hijack/phishing, overall scanning spd/info, update and user interface(statistics)make it easier/predigest + accuracy , more intellectuality overall settings especially scanning settings and network control /firewall.Of course put on steam about the idea of eset : a briefness , small and exquisite ,efficiency+stable , high performance and lowest usage antiv/ssc.:D i lik it :thumb:

    *notice : accelerate update overall antivirus/smrt antivirus program and advertisement at official website , at website aspect particularly the virus encyclopedia hope it get up to date and better than other company.My opinion now Eset tardiness about improve overall program/v.encyclopedia , hope eset may pay more attention to tis.

    New functions : site advisor , parent control(briefness) , secure file protection :ninja:

    :) Hope Eset attention it.
     
    Last edited: Aug 31, 2009
  9. DGMurdockIII

    DGMurdockIII Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    51
    add anti spam to the basic anti virus not just the one with firewall
     
  10. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I agree NOD32 AV should have Anti Spam!

    TH
     
  11. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    I disagree... no bloatware :cautious:
     
  12. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    I would be nice to have the choice :-

    I would love the antispam element, as I get quite a lot of spam (even though I run my own mailserver with SpamAssassin). The reason I have EAV and not ESS is that I do NOT want the firewall part of ESS. I already have the Windows firewall, I have a Cisco router, and I'm using NAT, so my PC defences are fairly strong. But spam can bypass all these defences.


    Jim
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Simply change the type of firewall integration with the system to "Only scan application protocols" in the main ESS setup -> Personal firewall -> System integration and ESS will work like EAV with antispam.
     
  14. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    • Remove splash screen

    • detect single or multi core processor, speed scan and emulate code AH

    • Design futuristic - optimize space and clear access

    • better detection real time and proactive

    • feedback samples send

    • option - mode game and mode netbook

    • better firewall

    • continue to preserve their good points

    • I wish that ESET continue to be the Yin & Yang of AV's, this is a balanced program
     
  15. eezdva

    eezdva Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    179
    HIPS please.
     
  16. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    Hello,


    Tag email:


    After:

    __________ Information from ESET NOD32 Antivirus, version of virus signature database 4518 (20091017) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com



    Before:


    ____________________________________________________________

    The message was checked by ESET NOD32 Antivirus, virus signature database 4518 (20091017)


    http://www.eset.com





    So we are left with a more organized with the end of the email, thereby saving unnecessary space.
     
  17. dalmgren

    dalmgren Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    1
    Location:
    Sweden
    • Support for removing tracking-cookies like Free AVG does.
    • Consider a new pricing model for 5-user licenses. NOD32 may be the best, but I find paying ~239 USD for ESET NOD32 Antivirus (5 users) while I can get a very similar product for 5-users from Symantec for ~89 USD. Loyalty to a good product has its limit, regardless how good is.
     
    Last edited: Oct 24, 2009
  18. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    You can get a 5-pack for ~120 USD here

    Problem is they normally only sell 1, 2, 3 or 4 user pack license. If you need 5 a Business Edition is available at around the same price.
     
  19. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    I've been using NOD32 for over 5 years now and after reading the entire thread and combining it with my personal experiences here is what I have to say:

    1. Stop asking/adding for more eye-candy and functions ==>
    2. Only focus on the antivirus product. The firewall doesn't seem to catch on anyway. TBH it isn't that good...
    3. Get back up to the top with the detection rates. AV-comparatives show Eset is behind the competition ==>
    4. As I found out myself, virusses I encounter are missed regularly. And I know no AV is perfect, but that is no reason to perform worse over time.
    6. Scan speed is not what it used to be. Performance crown has been lost
    7. Don't check whether I have my windows updates installed. Stop bloating NOD32! Focus on the AV part please.
    8. Show your customers that you care. Reply to e-mails regarding samples.
    9. Add samples faster. Most samples I send take days if not more than a week to get added.*

    *I really don't understand the slow adding of samples. Eset does check the jotti.org and virustotal database like any other vendor?

    Overall that are the reasons why I am slowly migrating to Avira (still have running NOD32 licenses). It seems the NOD32-Kaspersky reign is over... for now. May sound funny but I've parted with NOD32 with regret. The product was really appealing back in the days NOD32 had the feel of "the AV for the computer enthousiasts". I feel Eset has lost their focus a bit. Thing are not too late though, many fora are still recommending Eset but word is starting to leak through what is really going on...
     
    Last edited: Oct 28, 2009
  20. dinox

    dinox Registered Member

    Joined:
    May 8, 2008
    Posts:
    10
    RA:
    - Option for description/name of configuration schemas which was was send/configured for clients.
    - Option for updating new login/pass to ESET servers for clients registred in RA (without reinstallation or configuration jobs)

    AV:

    - better known trojan/...ware remover (like Combofix ?)
     
  21. martinrabson

    martinrabson Guest

    Agree.

    Not renewing licenses either.
    But will keep an open mind and watch for future improvements/changes.
     
  22. PCarbonneau

    PCarbonneau Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    1
    Hi,

    I Would like to see this feature in REmote Administrator Console

    Multi-Threaded install..Instead of waiting to install clients one by one. Why install 5 at a time. If Symantec can do it..you can also

    Patrice
     
  23. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    1. Registry scanning to clean traces of malware left behind after the files have been removed.

    2. Lower memory utilization 15-25MB EKRN would be great instead of 45-55 MB. This helps compete against other AV companies who have a smaller memory footprint

    3. Cloud based Reputation system for URLs, and installers that have been seen and reported as malware to stop users from downloading fake malware based on reputation instead of signatures that may not be out yet to clean infection.

    4. Cloud based statistics users can look at and see what may be out there that is being blocked by reputation
     
  24. SideSkroll

    SideSkroll Registered Member

    Joined:
    Nov 23, 2009
    Posts:
    11
    EXACTLY. Although I'm still a proud ESET user. I still use version 2.70 to this day. (Support for Windows 7 on version 2.70 would be nice as well...) Go back to the smaller footprint: Less eye-candy more efficiency. I think a LOT of users would prefer a tiny-simple GUI over hte "new look" anyday... Just my 2 cents...
     
  25. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Nothing wrong that I see with 3.0, I think 3.0 is perfect..4.0 I don't like at all, for various reasons so I agree there, just something about the file system activity being there and I know i'm never going to use it and can't get rid of it from the gui for one thing, plus a double disable antivirus / antispyware on the sys tray icon, among other things.I despised 4.0 so much compared to 3.0, that the few times I installed it, I could only stand to have it on my PC a few minutes each time before removing it... 2.0 just looks too much like windows 3.1, I will stick with 3.0, Eset can learn from 3.0 IMO, it's great.I would wipe 4.0 off the chalk board and be happy with the gui and functions of 3.0 and build on from that with minor improvements, but not add unecessary things people are going to complain about or not even find useful.

    As a side note, mabe they warn you that your system is not up to date in 4.0 because people complain they have problems and blame NOD32 and it could just mean it's a microsoft problem their having from missing a critical update.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.