Can someone explain to me the benefit of the HTTP scanning in Beta?

Ok I get that HTTP scanning will catch "more trojans".
But how does it catch it? When the trojan is being downloaded or when the trojan is on my system and is trying to com out?
So basically it will be a active download scanner which is also an unpacker and it's using /ah? So it should detect an infection in the file that is being downloaded into the temp folder before it's actually assambled onto my destination folder?
What is the impact on peformance both the overall system resources/performance and the net speed?

 

sorry.. just to ask... is the Beta released..??
where can I download it..
thanks.!!

 

The beta is not released yet. There will be 2 modes supported by the HTTP scanner: active and passive. In active mode, IMON downloads the whole file, checks it and then passes it to the application. In passive mode, IMON continually passes downloaded packets on to the application and, before the last packet is sent, the whole file is scanned for viruses. The new HTTP scanner will not be the only signifficant change in the new version, but I'll leave it unsaid for now.

 

All I can say is "Bring it on!!!" it sounds great

Cheers

 

Well, I disagree...I don't like IMON and don't use it and probably won't like this HTTP scanner. It looks more and more like time for me to trial KAV. If AMON is not going to get proper powers for a long time....I don't know how long I am prepared to wait. (I'm speaking of my XP box...not the 98SE box which needs a lite scanner like NOD32).

 

The sky is not falling, I say wait and see, you never know, you might like it. Defense at arms length is better than up close and personal...

Just my $1.00 worth, 2 cents gets you nothing these days

Cheers

 

I ain't gonna use NOD32 anymore until they get AH for AMON like IMON now has and IMON gets all the bugs wiff Outpost to go bye bye

 

Sorry are there any new options for scan script malicius on internet? thanks..

 

And it slows down your computer too much. At least the HTTP scanner in the beta I have does. This not the final beta that will be released soon publicly so it may be different then. I won't put up with the slow down or the false positives.

 

I haven't found this at all, only a download is slightly slower while it scans the incoming file.

To date I haven't come across a false positive. Only good positives here

Cheers

 

Is the Beta released？
where can I download it？
thanks!!

 

Not released yet, though not too far away from what Marcos was saying...

Cheers

 

As Blackspear says it is not released yet. I have a beta which has the HTTP scanner. It doesn't have everything that the release version beta will contain. I have this beta only because tech support sent it to me because of problems I was having with the release version freezing, causing 100 % CPU usage and then crashing whenever I tried to copy any logs (not just the NOD32 scanner logs). I'm happy to report that the problem is fixed in the beta.

 

That's good for you. I forsee a bunch of problems when users start using AH more both in the HTTP scanner and as some of us have been doing recently by sheduling an on demand scan using all the switches including AH.

AH use in the on demand scanner found several "viruses" that are false positives. I sent them to Eset and the reply was that they are false positives and I must wait for the next version (I assume that means the beta when released to the public) of NOD32 to correct the false positive! That is a big pain in the butt! Everytime I run a scan using AH, it hangs on those "viruses" unless I exclude clean from the scan. I can't see a way to exclude scanning of those files unless I zip and password protect them. I do not want to do a scan and then do a clean scan. I asked in a thread here that only got one reply what to put in the command line so that if NOD32 cannot clean it will "take no action" except quarantine.

I don't see a switch in the list you provided for "take no action". Consequently, NOD32 hangs on these false positives since it can't clean them, it asks me what to do. Because NOD32 does not pop up a window when it hangs (like other AV I have used do) it sits there for ever waiting minimized to the task bar before I think to check it and then I see it is hung. Lovely. It is stupid stuff like this with the GUI that just drives me nuts! Plus, with these false positives hanging it, I cannot run this task while I sleep which was what I intended to do! (Of course, it would hang also on a true virus if it couldn't clean it since I can't see a way to have it do nothing if it can't clean except quarantine and then it doesn't really quarantine anyhow...it would just leave that real virus doing its thing...that is so "smart"..ugh). Plus, a scan using AH will not even put a copy of the "viruses" into what Eset calls "quarantine" even though I choose that. So, I think AH is not ready for the big time at all. I was excited about it until I tried it both in the on demand scanner and now the HTTP scanner. I am not impressed. Then when false positives are found all Eset can say is wait for the next version of NOD32 to have the false positive corrected. GEEEZ. At least give me a method to exclude those files from scanning while I wait.

What is particularly interesting is that these false positives are on applications that were scanned by command line AH before executing and nothing was found. I have had them for many months. Now AH finds viruses...so AH has been made too sensitive or something. I really dislike an AV that finds false positives. That will drive me away faster than anything. I begin to see Randy Bell's argument more clearly.

 

Is AH officially supported for any other module than IMON ? No. So you can't complain.

 

Where can I download the beta version? I have quite of few pc's on my network and would like to start testing it.

 

If you scroll up, it's been said several times that the beta isn't out yet.

Marcos, will there be better unpacking/packed/compressed/archive support in the beta?

 

Ok, then explain what they are testing in this post:
https://www.wilderssecurity.com/showthread.php?t=32505&page=2&pp=25

 

Generally this meens until the next signature update, from what I understand, someone correct me if I'm wrong.

That is a good questions to which I would like to see if there is an answer...

This is a list that ESET provide, on one of their websites. You seemed to keenly want to know how to add switches, run scheduled scans using switches and /ah, if you don't like the results, don't use what you have just learned, go back to what you were doing before, what the general public do; use default settings and scans...

Totally in agreement, as stated several times in various threads, Quarantine needs to be fixed, as in to mean what the dictionary states quarantine is, or change the word to "copy" within Nod32, and it's supporting documentation.

See above.

You are trialing a "Beta" version, remember when you trialed the Beta version of 2.0, the final release fixed vertually everything major, and everything else was/is/has been worked on since..

Cheers `

 

The Beta hasn't been released yet, selected people with certain problems have been given a pre-release copy to see if their problems are addressed...

It shouldn't be long, like the Beta of V2.0 when it was released, there was several updates before it went public...

Cheers

 

That's cool, I can wait. I didn't want to seem impatient, but I would like some time to try it before installing on my other pcs.

One more thing. Is there any thing different with the way they do updates via the remote admin version? You were only allowed one server to update. I was under the assumption that you could have more one server in the next update.

 

It sounds as if there will be a public beta release so you should be able to fully test it while it's still in beta and before the final version is released. Don't know about the admin version although perhaps an ESET mod will provide some info on that.

 

Pardon me, I know I'm not "Mr. Popularity" around here, LOL.. But I would think that an http scanner would be great, would not it be able to find "embedded" trojans in websites, ala NAV and KAV?