Hello folk, Sorry if I bother you, but I consider that the 2 polls that I've made are important for Eset's guys, because they can know what thing the clients. I consider that the more important feature to add is AH in AMON, I know that AH can have side effects, for this, it can be added as a not default option in AMON. Thanks
Sir Carew, No offense intended - but your first poll has been moved to the Polls Forum, since it's general by nature. This one is specificly aimed at NOD32 features, and therefore will stay up over here regards. paul
[glow=red,2,300]Behaviour blocking?[/glow] I took it for granted that Nod already had such a feature!!! Otherwise, how is it supposed to have stopped the "ILoveYou" worm & other script sh*t ? Anyways, Super-heuristics would be good for Nod, but care must be taken not to slow it down - that's the prob. And you left out an EXTREMELY important feature, which apparently no AV yet has: a memory scanner for AMON. Some ATs such as TH (Trojan Hunter) have that, but of course for trojans, not virii/worms. Normally, all memory-resident guards just reside in memory, but don't scan it: they're just on-(HDD)access scanners, only scanning accessed files. A memory scanner for AMON would give it a definite headstart over its competitors as that is the ONLY solution against a virus packed in any runtime packer (even custom-made)! And I'm sure such a feature wouldn't even slow down the AV noticeably - look at TH for example: it's lightning fast..
No, no, no ALL decent AVs, like Nod32, Dr Web, F-secure, etc.. have a memory scanning for their ON-DEMAND scanners. But I was talking about a memory scanner for the memory-resident module (ie. AMON in the case of Nod32) - so far, no AV to my knowledge has that, and only a few ATs such as TH, TDS and maybe BoClean..
Hello, NOD don't have a Behaviour blocker, however it can detect many VBS, JS scripts and macro virus. NOD detect many of them via heuristic engine or pattern engine like others, but a behaviour blocker work use another method that heuristic and pattern. For example, you or Internet Explorer open a VBS Script, the behaviour blocker will find in this script malicious codes or typical code of viruses/worms/trojans, if find in the code that certain string is used for delete .doc documents, it will stop the script and will show options for stop and delete the script or allow it. Note: KAV Script checker isn't a behaviour blocker, it use a heuristic engine apart of the heuristic engine that use KAV Scanner or others, however KAV Office guard is a behaviour blocker. A behaviour blocker can be implement for stop scripts of all type, macro viruses and bath scripts (Intructions) (Including ABAP, however exist few ABAP, corel, etc scripts viruses and isn't necessary)
Well you might want to do a little more research on memory scanning. I don't particularly like quick heal but it scans the memory with the on access scanner and so does mcafee These two I am sure about And I am sure there are more. Panda titanium and panda platinum also use the resident on access scanner to scan the memory I would have to do a little research but I am sure I can find that info again.
Hello everyone I consider very important that Eset add AH in AMON in the next release. AH not only is effective detecting mass mailing worms, it's also effective detecting new P2P worms and Trojans, so it's very important that on-access scanner like AMON include such feature and not only IMON. I know that the argue of Eset is that this will slow-down the computer, it's a good argue , however Eset can made such option as not default and if you enable it, an alert will appear saying that this option can slow-down the computer... I've scanned my Hdd with AH and without AH, and the time that take with AH in comparison without AH is insificant. I'm posting this, because I personally think that and is the more voted feature
What the heck is "snooze" AMON? I am in a minority. I voted to see improvements in quarantine. NOD handles that poorly and that needs fixing immediately because most of us assume that NOD MOVES the infected file to quarantine like every other av I have ever used does. Instead NOD COPIES the infected file to quarantine and leaves the infected file where it found it! That is awful and dangerous and should have been fixed a long time ago. I came to NOD from NAV and before that PCC and McAfee and Panda and they all properly quarantine the file. I thought that was what NOD was doing...stunned me to learn it wasn't! Also, the on demand scanner should not stop and sit on a an infected file and wait for you to notice...I can't run a sheduled scan as NOD stops everytime it gets to an infected file. It copies to quarantine but then just sits. It should automatically MOVE not COPY the file to quarantine and then go on scanning and at the end give me a report. Then I can go to quarantine and decide what I want to do. That is how every other av handles it. NOD should also. I do NOT want AMON to use AH. It is sufficient to have AH as command line scanning. If it is made optional then that is ok with me IF Eset fixes other things first such as the quarantine confusion. I would also like to see "Add behaviour blockers like script checker of NAV" although I use Script Sentry so it really isn't that important, but for those not using Script Sentry I can see where this would be a good thing. I don't use IMON so I could less about scanning outgoing mail...talk about overkill!
All these AVs' on-demand scanners scan the memory, but it is not so for their memory-resident(/i] guards, which onlyscan the HDD. Again, KAV's on-demand scanner scans the memory, but its memory-resident module does NOT..
Ainur, KAV Monitor scan the memory. If you've KAV please follow these steps: Enter to KAV CC, stop KAV Monitor, later turn on KAV Monitor and read the log that appear in the right of the screen. It said: Scanning Memory, scanning MBR and start to scan the files.
PCU (engine) updates without requiring a restart. Don't like having to reboot the servers to get the latest engine revs.
Hmm. That's how NOD does it for me, because I have it configured to copy an infected file to quarantine, and then delete the original file. I don't get a prompt every time it finds an infected file because I've already told NOD exactly what to do with it, and I know if it finds an infected file because it sends me an email! I think NOD only stops if you configure it to by selecting "Notify/offer an action" in the settings. I think the variety of actions you can select with NOD is actually more powerful than some other AV software. I ran McAfee for several years and that would always halt with a prompt requiring user input before a scan would continue.
More option for quarantine are a good suggestion to implement in a next version, more quarantine option for me are: The posibility to delete the file from the original path, submit it to Eset directly without need to write a e-mail message like NAV, and when AMON find a virus, the prompt windows can have a option for quarantine the file too.
Ainur I called the support number for panda and mcafee and they say that their resident on access scanners definatly do scan the memory by default.
sir-carew & bigc> U are BOTH wrong! these AVs' monitors may scan the memory, but ONLY upon startup (like the on-demand scanners), not while running!. Besides, IF they did continuously scan the memory (ie. while running), they would shout about it all over the world, for that would make them impervious to ANY runtime-packed virus/worm, therefore much, MUCH better than Nod32
Yeah, that's what I meant, gthe mem-resident guards don't scan RAM "while running" (unlike what TH and TDS do). Thx for clearing things up
Yeah, that's what I meant, gthe mem-resident guards don't scan RAM "while running" (unlike what TH and TDS do). Thx for clearing things up
Ainur, I thought your description of what you meant was quite clear. I was beginning to think about knockin' my noggin against the wall by the responses you were getting!
OK thx gun - at least 2 other great minds here, U & Morgoth (jus kidding, no offense intended for the others ) Am I 2 gather U also agree with me concerning this necessary feature for Nod32 (memory-scanning ability for the memory-resident guard) ? If so, do you happen 2 know of any AV that works this way against virii/worms just as TH works against trojans?
Isn't necessary that an AV scan the memory when the Monitor is running, it's only necessary when the computer start, because scan the loaded file in the memory, and if block and scan all opened files, isn't necessary that all the time the monitor scan the memory. Read the following scenario: AV start and scan the memory, if it's infected, AV can fix this. If the memory is OK, no problem, however if you open a infected file and AV stop the infected file, no problem, however if AV don't deny the execution of the file, the memory will be infected, however if a certain monitor SCAN THE MEMORY UPON STARTUP, and later SCAN ALL EXECUTED OR OPENED FILE, the "All the time scan of memory" isn't necessary.
A other useful feature to implement is the ability to save the settings in archives like KAV, ZAPRO, Kerio.