Upgraded to v4 A-V: 3 Challenges

On an XP Pro system, I am using:

NOD32 v4.0.437.0
Online Armor 3.5.0.32
Spysweeper 5.5.7.103 (not with A-V)

Thunderbird 2.0.0.23 with Cloudmark Desktop 1.0 (spam blocker)


A. In the Threat Sense Engine default "options" in Thunderbird's setup, everything is checked except "potentially unsafe applications". That seems more of a threat than "potentially unwanted applications" (which is checked.) Why is the default set up that way? Isn't unsafe worse than unwanted?

B. Are there other "consensus best settings" to adjust?

C. Cloudmark identifies spam upon arrival, moves it from the inbox to the junk folder. Every time it is moving an email from the inbox to the junk folder, I get this message:
"An error occurred communicating with the Cloudmark Service".

I also have this in the Scanner Setup (not sure which of these I should check):
http://screencast.com/t/aVEgGKTFbxLR

What do I need to do to allow Cloudmark to work right?

 

Hello Chamlin,

The default settings should be ideal for most setups. If you have any backup software, you will want to exclude it from the real-time scanner.

You should uncheck Cloudmark from the email clients list since it is not the actual client, thunderbird is. This should fix the communication error.

 

Thanks Wayne.

1. I've unchecked everything in the email clients except thunderbird, but the cloudmark error is still occurring. It has to be something with NOD32 because it only started happening once v4 got installed. What else can I try?

2. When you say exclude backup software from the real-time scanner:
A. Is that the Smart Scan, Custom Scan or both?

B. Do I exclude FDISR and Acronis? And if so, how/where do I exclude them?

Thanks!
Chamlin

 

Excluding back-up software from the real-time scanner might decrease the time making the backup. If you are fine with the time it takes for scheduled back-ups you don't need to exclude them really.. (Except if you get errors at copying)

Here is a KB article how to exclude items. I believe that exclusion list is for both the real-time and all on-demand scans.

Personally I haven't set exclusions for FD-ISR, when I copy a new snapshot I just temporary disable real-time monitoring from the NOD32 tray icon. I always manual make/update new snapshots, if you schedule (and like to speed it up) you need to exclude whole c:\$ISR\ directory I guess. (see below)

I don't know if NOD32 supports excluding executables so it wont monitor what files that executable uses (to copy, in this example). Cant find a answer for that atm. If so, you just have to exclude the executables from Acronis and FD-ISR.

 

You can exclude executable files like you are talking about. This is the best option for backup software so you only exclude the executable and all the other files still get scanned.


Chamlin,

The interruption or difficulty you described may be a result of the Web Access Protection feature.

1. Open the main program window by clicking the ESET icon next to the system clock or by clicking 'Start' -> 'All Programs' -> 'ESET' -> 'ESET Smart Security' or 'ESET NOD32 Antivirus'.

2. Press the F5 key to display the Advanced Setup window.

3. From the Advanced Setup tree, click 'Antivirus and antispyware' -> 'Protocol Filtering'.

For ESET Smart Security users, click 'Personal Firewall' -> 'Protocol Filtering'.

4. Select the 'Applications marked as Internet browsers or e-mail clients' option.

5. Click 'OK' to save your changes and then restart your computer.

 

Thanks Wayne, am trying this now.

 

Wayne, unfortunately, that didn't work either. What next, please?
(Here is the error message: http://screencast.com/t/aP0ANmmHOq )

 

Chamlin,

Does it work if you disable web access protection? Also, does the software communicate to the internet or locally to a service for what it is trying to do?

 

Rather than disabling web protection try disabling HTTP checking in the main setup tree just to see if it makes a difference.

 

Cloudmark has a database of Spam that its community deemed as Spam collectively, so I'm pretty sure it communicates with the Internet.

 

Trying this at Noon on Sunday.

 

Unfortunately, that didn't do it.

By the way, I can't disable web protection as it appears to be already disabled and I can't enable it.

Also, just reverted the "Applications marked as Internet browsers or e-mail clients" back to the "Ports and Applications" option that was set as default since it didn't seem to change anything.

Oh, and now it appears the "Disable Web Access Protection" is re-enabled. Hmmm....

Guidance please?

 

Chamlin,

Make sure that Cloudmark is not checked in the Email clients section of POP3, POP3S as well.

 

Guys, I've resolved the problem by making a change in Cloudmark. So....

I've made a number of changes. What is the best thing to do now? Is it most wise to click on a "global default" to get the program back to how it was installed?

Thanks,
Chamlin

 

Are you using any web filters like K9 or any other parental web filters? Somtimes they can read the communication of some programs as being malicious or belonging to an unknown domain. They then block the communication silently without the user knowing. I had this happen with K9 webfilter blocking Prevx's webserver once. I was so baffled as to why i couldn't activate my Prevx key. I would have never figured it out if Prevx had not came through with such good support.

 

That would be the fastest and most complete way of doing it. However, if you lose any connectivity after restoring the defaults, you will need to go through the steps again to find which change is the solution.

 

Where do I find this setting with NOD32 Antivirus 4.0.467 x64?
For some reason it doesn't exist at all when running Windows 7 Pro x64.

Wanted:
http://img35.imageshack.us/img35/7229/nodsetting2.png

Actually displayed:
http://img690.imageshack.us/img690/2268/nod324.jpg

I'm asking for this because NOD32 tends to interfere with/slow down some programs.

Additionaly for some reason NOD32 creates an extraordinary amount of temporary files during a day (although they disappear after a shutdown) with
filenames like HTTA45B.tmp (usually 30-50MB each, currently I have 1GB worth) etc.

 

I sort of found the answer to the main question myself.. although it makes NOD32 somewhat useless with all OS versions newer than unpatched Vista in the cases mentioned:
http://kb.eset.com/esetkb/index?page=content&id=SOLN2132

Useless because if NOD32 interferes, there is no way to exclude that application from scanning.