Auto protect in nod32

Discussion in 'NOD32 version 2 Forum' started by kumarprabhatn, May 1, 2006.

Thread Status:
Not open for further replies.
  1. kumarprabhatn

    kumarprabhatn Registered Member

    Joined:
    May 1, 2006
    Posts:
    32
    Hi.. I have nod 32 v2.51.8 fully updated with zonealarm pro v6.1.744.. I have followed all the settings prescribed in this forum for nod32.. In order to test its auto protect capabilities i downloaded a virus using limewire (a p2p download client) but nod32 was not able to detect the virus :( !! When I scanned it manually the virus was detected as Win32/VB.D worm.. Now my question is, why wasn't the virus detected when I was downloading it or atleast when I just finished downloading it o_O ?? Which component of nod32 handles p2p downloads (IMON, DMON, EMON, AMON) ??
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    AMON handles realtime disk checking. Best bet would be that file was compressed in SFX archive (which are checked only by IMON HTTP when downloaded from webapages or by context scan). Content should be detected on extraction.
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Do yourself a favor and test with Eicar instead, it's alot safer.
     
  4. kumarprabhatn

    kumarprabhatn Registered Member

    Joined:
    May 1, 2006
    Posts:
    32
    May be you are right RejZoR, but the file was detected as virus while downloading in similiar way by norton antivirus 2006, bitdefender 9 build 9.5.. Now why can't nod32 detect it :mad: o_O
     
  5. kumarprabhatn

    kumarprabhatn Registered Member

    Joined:
    May 1, 2006
    Posts:
    32
    I am using zonealarm pro 6.1.744 for firewall. Which is the antivirus that gives the best security combination? Please help ;) !!
     
  6. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Didn't you say that NOD32 did detect it when you checked?
    p2p uses multiple seperate connections to download a file in parts and then re-assembles the file later. Since IMON has no way of knowing all the connections are parts of the same file or even how the parts go back together, it is entirely possible that IMON would be none the wiser. That said, IMON only checks pop3 and http traffic so any other data streams are not checked by it. (I think limewire uses some udp streams in addition to http doesn't it?)

    AMON doesn't scan inside archives, it scans them on unpacking since they must be unpacked to run and if a threat is detected at this point it takes the appropriate action as you have selected - before you get infected.

    Good advice from Brian N - use either eicar or runme.bat for testing regardless of whether NOD32 detects the file you've downloaded. Using live stuff for testing is like putting your hand on a rat trap just to see if it either a)goes off or b)if your heavy duty gloves save you from the sting.
    Why don't you take a look at www.av-comparatives.org or www.virusbtn.com and compare the detection capabilities and track records for some of the products they independently review :)

    Cheers :)
     
    Last edited: May 1, 2006
  7. ASpace

    ASpace Guest


    Your NOD32 version is old , I think.

    The latest is 2.51.26

    Remove your current version using Add/Remove programs in Control Panel and then after restart manually delete the ESET folder in C:\Program files

    Download and install the latest NOD32 version from here:
    http://www.eset.com/download/registered_software.php

    Update NOD32

    Configure AMON , EMON , DMON , IMON . Configure other settings
    This may help:
    https://www.wilderssecurity.com/showthread.php?p=266653#post266653

    Learn more about NOD32's abilities:
    http://www.eset.com/products/windows.php
    http://www.eset.com/products/compare.php
    http://www.eset.com/products/compare_heuristic_detection.php
    http://www.eset.com/products/compare-NOD32-vs-competition.php

    [MOVE] NOD32 [/MOVE]

    Test AMON and IMON with EICAR test file here
    http://www.eicar.org

    Microsoft Protect your PC
    http://www.microsoft.com/protect

    Enjoy your day ! ;)
     
  8. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    What would be gained by installing the newer version in terms of protection?
     
    Last edited: May 1, 2006
  9. ASpace

    ASpace Guest

    You must be joking , right ?!

    kumarprabhatn's version is too old .

    Q: What would be gained by installing the newer version in terms of protection?

    A: Q: Why then ESET make new versions
     
  10. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    Nothing in terms of protection are gained in the update. The newer version added a fix for updating through a proxy and unified the installer for 32 and 64 bit versions.
    And with this new version one can install the new version "on top" of the old and preserve one's settings.
    Please note Blackspear's and Marcus' post in the linked thread.
    hey for 2.50 to 2.51 do I have to reinstall from scratch?
     
  11. ASpace

    ASpace Guest

    The point is that we should always keep our software and Windows updated and current . No matter what is fixed or not fixed . I still state that if there wasn't need of update/upgrade , ESET and other vendors wouldn't make new versions .

    :)
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A newer version is made even if one string has changed in the Thai version. Of course, this "newer" version would not go to the web.
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Needed program updates have always been supplied via the update process.
     
  14. kumarprabhatn

    kumarprabhatn Registered Member

    Joined:
    May 1, 2006
    Posts:
    32
    I agree with all.. But whats the bottom line !! Nod32 wasn't able to detect a virus transmitted through p2p while bitdefender 9 and even norton antivirus 2006 detected.. I m downloading the new version of nod32.. But will it make any good?? Any comments??
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    NOD32 does not scan files transmitted by P2P programs as each uses its own protocol for transferring files. If your P2P client supports an option to scan received files by an external scanners, you can set it the way that NOD32.exe, along with the desired parameters, is called whenever a file has been received. Otherwise AMON will check it on save to the disk, but this won't work if the file is an archive (in this case it'd be picked up upon extraction).
     
  16. Patrician

    Patrician Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    132

    And here we see NOD's weakness in not scanning inside archives. I really hope an option to do this is integrated into NOD version 3.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Heh, NOD32 actually scans inside archives if you enable this option. What's the sense in scanning archives on the fly, rendering the computer unusable o_O?
     
  18. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Marcos, on the other hand i don't think it would slow down that much. At least not with NOD32. Using scan only archives smaller than XX MB could do the job pretty well. Though you need archive cleaning capability in the first place to have such feature...
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's actually a pain in the neck to unpack a relatively small archive with a lot of files inside. Also, there are small archives which grow to several GB after unpacking.
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    DeBombs? :D
     
  21. kumarprabhatn

    kumarprabhatn Registered Member

    Joined:
    May 1, 2006
    Posts:
    32

    What do you mean "ENABLE THIS OPTION" ?? I followed all the settings prescribed in this forum but it still did not auto detect.. Is there any other settings o_O ? Please tell !!
     
  22. kumarprabhatn

    kumarprabhatn Registered Member

    Joined:
    May 1, 2006
    Posts:
    32
    YO yo yo everybody... Who says nod32 doesn't detect viruses in p2p downloads automatically ;) ;) ?After i started using the latest nod32, its detecting even if the virus is inside an archive !! Nod32 is the best :D !!
    Thanks for all your help :) !!
     
  23. ASpace

    ASpace Guest


    Let everybody see it is absolutely necessary to ALWAYS use the latest version ! Yes !:D The latest version is GREAT !!!
     
  24. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Thanks for posting back to let us all know your issue is resolved :D!!

    Cheers :)
     
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I'm using 2.50.25 I would expect the latest version to have no descernable increase in protection. As I'm sure I would have received program updates due to my licence being less than a year old.
     
Thread Status:
Not open for further replies.