N0d32 and self defence mechanisms.

Is it possible for AV progs like NOD32 to protect themselves against shutdown as a consequence of an attack by trojan/virus/malware? If so does NOD32 do it?
Probably a very naive question but.....

 

You mean like Sygate it does by itself ? I think, it is othe one and only Desktopfirefall with this kind of protection.

That's a very interesting question ! What's about NOD ?

 

ZoneAlarm affords protection against malicious shutdown as does NOD. It is not impossible to shut them down but it is at least difficult.

 

Do you mean to ask whether NOD will not allow unauthorised shutdown from strange applications? I'm not sure, but I think it should be there......

Happy Bytes always has right answer, lets wait for his reply

 

I tried to kill the NOD32 kernel process: nod32krn.exe with DiamonCS APT (click) but no luck, nod32krn.exe kept on running

 

Yes NOD has kill protection. ZoneAlarm does as well, Sygate is not the only firewall with this protection, Outpost and Kerio do as well.

A quote from a PCMag review of ZASS and Panda's IS suite which uses Sygate's firewall. According to the review, Sygate's protection doesn't work very well as, they could shut down the firewall.

Whereas a good firewall stealths all ports but one, ZASuite's firewall actually stealths them all. It restricts Internet access so that only authorized programs can get online, and a large database of known programs helps minimize confirmation pop-ups. Along with NIS and F-Secure, ZASuite blocked all ten leak-test utilities we used to try to trick program control. And all of our Trojan-like attempts to kill the firewall process failed.

and the reviw of Panda;

The firewall successfully stealthed all significant ports, rendering them invisible to hackers. It limits Internet access to authorized programs but doesn't try to block Trojan-like leak-test techniques for circumventing program control. It did, however, recognize four of our ten tests as hacking tools based on signatures. But when we attacked the firewall itself, as a Trojan might, we found two fairly simple ways to disable it.

The Panda review can be found here; http://www.pcmag.com/article2/0,1895,1754437,00.asp

The ZASS review is here;
http://www.pcmag.com/article2/0,1895,1754972,00.asp

 

And that means I made yet another correct guess

 

zone alarm is actually quite cool in this respect as I seem to remember. If it is shut down by a trojan it offers you the option of restarting and if this happens several times it blocks other traffic and takes you to a secure site with a link to an online scan. The language they use is really quite calming as well and helps stop you panicking or doing something impulsive. The trojan I had by the way wouldnt let me install Kaspersky but I managed to install a trial Nod and get it running- the reason I have a paid version today actually

 

Did you read my post above, Palombaro?

 

Sorry you thought I was taking you off topic. I answered your question in post #3, YES NOD has shutdown protection. it is not perfect but it is quite effective. SSK also answered you in post #5 when he stated that he tried using Diamond's Advanced Process Termination, which uses 9 different known trojan techniques to shutdown running processes, and he was unsuccessful. I was also answering post #2 which stated that Sygate was the ONLY firewall that afforded such protection which is incorrect for two reasons, one it isn't true and two Sygate's implementation is not very effective. Sorry for straying from your original question, but again I thought I answered it.

 

I don't think you did stray FF, you answered very well indeed

Cheers