Another Question

Discussion in 'ESET NOD32 v3 Beta Forum' started by mikel108, May 2, 2005.

Thread Status:
Not open for further replies.
  1. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    Hi again folks,

    After taking NOD32 2.5 Beta out for a spin for the last few days I wanted to do a scan. I scanned with NOD and it found nothing. Then I scanned with Bitdefender online. There where 3 instances where NOD popped up with virus alerts (1 is attached) while BD was scanning. NOD said that it quarantined them, but when I opened up the quarantine file there was nothing there. The log lists the 3 viruses, but it says after they were quarantined they were deleted (why even quarantine then??).

    I wonder why these where not picked up in the first place?? They were all in the Temp folder. I have the default settings. Have I missed something?? I am still learning about AV's that have more than 2 setting (start and stop LOL) so if this is a basic question, sorry.
     

    Attached Files:

  2. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    OK No takers so far. Is it just that basic of a question that you do not want to waste your time on it :rolleyes:

    Anyways I posted the log. I still don't know why it deleted them. I looked through the settings and it says to quarantine, not delete. The previous sceenshot even says that it will only quarantine, but it did not. Not trying to be a pain, just getting my education.
     

    Attached Files:

  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I think we'll have to wait for Marcos to wander along on this one. In the mean time can you please send an email to beta25@eset.sk with a link to this thread.

    Let us know how you go…

    Cheers :D
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sorry guys, but I don't understand what the problem is. AMON picked up a threat in a temporary folder and deleted it automatically. As of version 2.50, AMON makes a copy of any infected file in quarantine before the file is deleted. You can turn off this feature in the AMON setup - Actions and untick the "Move newly created files to Quarantine" checkbox (not recommended).
     
  5. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    From mikel108
    From Marcos
    NOD32 didn't pick up the files until they were being scanned by BitDefender. I think that's what one of his problem is.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    And the other part was it is NOT in Quarantine.

    Cheers :D
     
  7. Georgio

    Georgio Guest

    The infiltration was detected on newly created file, so it is logical, that this file was not there at the time when NOD32 scanner performed scan of the disk.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I for one see those files in quarantine. Am I missing something?
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It's this part that there is an issue with Marcos:
    Cheers :D
     
  10. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    I think so, Marcos. :D

    The window shown by mikel is the log, not the quarantine folder itself.

    The question seems to be:
    -Why did the warnings pop-up during the Bitdefender web-scan and not during the NOD32 full scan? --> My guess, FP's from Bitdefender operations? (after all, the warnings are heuristic detections, right?).

    -Why are the files not quarantined (even though NOD says it did)?
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Mikel108, can you please confirm that you looked for your Quarantine files in the location seen in the following screenshot.

    Cheers :D
     

    Attached Files:

  12. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    If I uderstand Marcos right the files were detected, the deleted and a backup copy made that was supposed to be sent to Quarantine.

    When I went to look in Quarantine in the GUI there was nothing, which is why I asked about this.
     

    Attached Files:

    Last edited: May 3, 2005
  13. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    Blackspear,
    Thanks for the great picture tutorial. I think I found the problem with the files not being listed in the Quarintine GUI. I do not have an infected files folder o_O
     

    Attached Files:

  14. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    Well, hows this for a twist. I have added no new programs(except NOD) nor have I run any system cleaners since NOD was put on.

    However today I decided it was time to clean my registry. Guess what the cleaner found?? I can find it no where on the system so I am going to reinstall NOD and see if that brings it up. The quaratine may have installed bad (yes/no?).

    --------------------------------------------------------------------------
    Quote from SSK
    The question seems to be:
    -Why did the warnings pop-up during the Bitdefender web-scan and not during the NOD32 full scan? --> My guess, FP's from Bitdefender operations? (after all, the warnings are heuristic detections, right?).
    --------------------------------------------------------------------------
    I think that you are probably right SSK
     

    Attached Files:

  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This is created when something is first sent to Quarantine.

    This being the case, can you please check settings for AMON, as per screenshot.

    Cheers :D
     

    Attached Files:

  16. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    I have all of that checked Blackspear. I guess it did not get sent to quarantine. Thanks
     
  17. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada

    I scanned with Bitdefender again today. NOD popped up again. It still did not send them to quarantine like they said. I do believe that SSK is positively right though. I rescanned with BD, only this time I turned off AMON. BD came back with no infections. Must be FP's from AH.
     
Thread Status:
Not open for further replies.