Beta: Amon cannot be disabled?

What is this message that says I cannot disable AMON? HUH?! I am not about to have an AV that I have to reboot the computer before I can install anything. GEEZ!

How do I get around this? If not possible then I will definitely not renew my license and I will be going back immediately to the release version. I will never put up with an AV that is not under my control.

 

Just untick the box "Resident Module (AMON) enabled".

 

No, I am talking about when you go into Amon and uncheck the box so that it stops running until you recheck the box. Now that box is greyed out and you get a pop up that says you cannot disable AMON. You are told to disable NOD32 control center and then reboot the computer so that NOD does not load as this is now the only way to disable AMON! Then when you want NOD32 to run again you have to enable the Control Center and then reboot again.

Well, after making the post, I decided to see what happened if I did the three finger salute. I tried killing nod32.kui that way and I got several screens saying I couldn't do this and one saying the process wasn't responding, but eventually NOD32 disappeared from the systray.

Next, I went to start/programs and clicked on it and started it. Then I went to AMON again and this time the box to uncheck to stop resident monitor protection was not greyed out and when I unchecked the box, I got the usual warning about did I really want to turn off resident protection. I said yes and NOD32 control center in the systray turned red as it should with AMON off.

I then rebooted hoping to be able to reproduce that weird message I got the first time about how I was prohibited from disabling AMON. I could not get that message to appear again. Instead, I can disable AMON just like I can in the release version.

I sure wish I had thought to get a screen shot of that message. The message was from NOD32 so why did I get it? And why after doing c/a/d and killing the process that way do I no longer get it?

Well, I hope Eset is not planning on implementing this "protection" for AMON. That would really bug me and I would not put up with it. I'm glad things are back to normal...but that was sure weird.

 

I thought I had read something about that! Well, how was I able to kill it then? I just killed it again very easily. So, this has not been implemented but somehow I got the warnings that first time?

I don't agree with this decision at all. I want my computer, including my AV, under my control. If I can't kill a process using task manager then that is a rogue, run away process IMO. I won't put up with that.

 

I can close AMON in latest beta without problems.
Regarding nod32krn.exe protection, it's for protect nod process against trojans and others malware, it doesn't mean that you can't disable them.

 

Well, for whatever reason it is supposed to be there....it is not working on W98SE and I'm glad it is not.

As for XP, I have no intention of installing SP2 so if the feature is only on computers that have SP2 that is another reason to never install SP2. Microsoft is getting way too much control and I won't allow that. I suppose KAV 4.5 won't work at all on XP SP2 because you can kill it very easily right from the systray. Not disable...kill. So, I guess that will be incompatible with SP2. So, folks who like KAV 4.5 and hate 5.0 will, I guess, be staying with SP1.

 

This talk of WinXP SP2 is a red-herring. Apart from SP2 being a very welcome step in the right direction for overall security, the ability of AMON and/or the NOD32 kernel to be stopped is an entirely separate issue.

I am all for Eset building termination protection into NOD32, but at the same time it is important they retain the user's ability to start/stop AMON and the NOD32 kernel manually when desired. The two aims are not contradictory or incompatible, and termination protection against rogue processes can be achieved while still offering manual termination via the NOD32 tray icon.

 

Agreed, good post.

Cheers

 

I second spm's comment. IMO there's greater control in making it so that ONLY I can disable protection, preferably with a simplified way of doing so. Even without, however, I would rather open up the services console and stop the service manually than allow malware to terminate protection without my consent, simply for the sake of convenience.