Best configuration for V4?

Discussion in 'ESET NOD32 Antivirus' started by GrammatonCleric, Mar 2, 2009.

Thread Status:
Not open for further replies.
  1. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    What is the best configuration for full V4 AV?
    I want the best security setup (Advanced Heuristic) but also want it to be as light as version 2.7 was.

    My beta time with V4 was horrid, with AH turned on the system was extremely sluggish when opening new files or browsing files etc, that being said to a 4GB Dual Core 3.2 Ghz Core2Duo.

    So now, I know that V4 has about 3 Places where I can tick AH on (for RealTime scan), so I know that I don't want it everywhere. That being said, what is the most logical and most economical place to turn on Advanced Heuristic.
     
  2. bodean

    bodean Registered Member

    Joined:
    Jun 22, 2007
    Posts:
    76
    wait for blackspear to post his guide.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    V4's default settings are actually pretty perfect. (assuming you completely uninstalled the old version before updating so the default settings would be applied)
     
  4. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    What exactly does the Advanced Heuristics do that makes opening/browsing files slow? Is it the feature that executes a file in a protected virtual environment to look for malicious pattern(s)?
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Yes, the slowdown isn't really noticeable on today's computers. If a slowdown is noted it's usually a problem with a file on the system that AH doesn't like, but this is fixable when the file is found and reported.
     
  6. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    Have a look in the help files !

    IMO, Adv heur is usually not necessary in real time protection and it will, for sure, slow down your pc.
     
  7. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372

    Understood, but wasn't such a case in 2.7...in terms of performance.

    Reason why I want RT protection with AH is:
    What if I open a file given to me on a DVD?
    That's when RT kicks in.
    What if the download was encrypted and not seen by the web scanner, only when I double click on the file, does it unpack and infect....that's when RT kicks in...etc.
    So yeah for today's fast mutating/polymorphic viruses AH in RT.
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    In 2.7 AH was not used in real-time.

    Which is why it's off by default.
     
  9. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    All that the help file says is that it is a unique heuristic algorithm that significantly increases the detection capabilities of ESET. It doesn't say whether it emulates a file or not.
     
  10. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    "What's new (in v4) ?

    Smarter Scanner — Threats don't always enter your network in ways you expect. ESET NOD32 Antivirus inspects SSL-encrypted communication channels like HTTPS and POP3S and intelligently scans compressed files to find hidden threats other products miss. Proactive protection begins at the earliest point in system startup to ensure your computer is always secure.

    Removable Media Security — Threats can enter your PC from removable media such as USB thumb drives. For self-running media, ESET NOD32 Antivirus scans autorun.inf and associated files when the medium is inserted, in addition to scanning any file on any removable device when it is accessed, or during a full-scan of the media. Power users can adjust ESET NOD32 Antivirus to perform additional levels of scanning on removable media.
    "

    and more..... http://www.eset.com/products/nod32.php

    About AH, have a look in v3 BlackSpear tutorial here (post no 48 and more...)

    AH is for special case not real time. More, if "Optimized scanning" (in advanced setup at bottom of the windows) is enabled, known clean files are not scan again and again, by AH or not, unless being changed by user or...

    In english user guide for v4, you can read...

    "4.1.1.1.3 Checking of newly created files
    The probability of infection in newly‑created files is comparatively higher than in existing files. This is why the program checks these files with additional scanning parameters. Along with common signature‑based scanning methods, advanced heuristics are used, which greatly improves detection rates. In addition to newly‑created files, scanning is also performed on self‑extracting files (SFX) and runtime packers (internally compressed executable files)."


    In french canadian version, they say much more... (automatic translation from french to english) => By default, archives are analysed up to the tenth level of interlocking and proved independently of their real size.

    To conclude, take time to read the user's guide, you will find answer to some of your questions or concerns there. Just do a search in the guide with the words "advanced heuristic".
     
    Last edited: Mar 2, 2009
  11. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    yes AH emulates the files

    "4. What is ThreatSense® and how does it work?

    ThreatSense is ESET's award-winning scanning engine. It combines multiple layers of detection technologies to ensure new and known threats are detected with high degree of accuracy and low false positive rates.

    ThreatSense uses traditional and generic signatures to detect known threats and their variants. Passive heuristics finds patterns that indicate the presence of a malicious application. For applications that use encryption or compression to hide their true intentions, active heuristics employs emulation/sandboxing technologies to run the application in an isolated environment, then intelligently weigh a variety of observed behaviors to determine whether the application in question is malicious.

    These layers of detection capabilities allow ThreatSense to proactively stop variants of known threats and even new threats well before other products realize they exist."


    http://www.eset.com/media/faq.php
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I think the world would be 1 notch dumber without people like you piranha *puppy*
     
  13. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
  14. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    Hmm... I only read the help file, which clearly did not state that.
     
  15. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    there are many good infos and documentations in the web site too :) :p
     
  16. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Similar to version 3, default settings should be fine for the average user. Adjust other settings accordingly to your needs if you feel.

    Similar to version 3, it won't be as light as 2.7. RAM usage is approx 40 megs with v4.
     
Thread Status:
Not open for further replies.