Can we have prompt without a need for user input??

Discussion in 'ESET NOD32 Antivirus' started by nagan, Jun 16, 2008.

Thread Status:
Not open for further replies.
  1. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    First of all my commendations to ESET for being a virtuoso software.

    I believe ESET has 2 types of alerts.One which it automatically quarantines a infectious files and alerts.The other one asking user a decision..
    I have a zip file having some sample test virus files.Whenever I unzip them ESET comes with an alert and only on input the unzip progresses.This could be annoying when the number of files are huge.

    Can we just have an alert saying this file is infected and the user given an option to go and delete or quarantine at a later date.It is always better if you target the virus alone and leave the parent (in this case zip) operation untouched.Anyway you are only asking for a input.Thats all.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I have no clue as how this could be handled in a safe way. It's the purpose of the real-time scanner to detect and block threats immediately and not to let them carry out malicious actions and prompt the user at a later time.
     
  3. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    Thanks for the fast reply.ESET is anyway not allowing the file to be executed.It wants to know from the user whether to leave or untouched.Just make a warning that abc.exe is infected.Let there be a choice for user input in the main program options.It will just alert .I personally will not feel comfortable unzipping a test file full of virus and inputting my response say 100 times with the whole process choked.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Still, I don't see a sense in the real-time protection merely reporting threats instead of blockimg them. If one encounters a false positive, it can be submitted to the viruslab for a remedy, or if one needs to use a specific piece of adware for some reason, it can be put to the exclusion list. Certainly having the real-time protection just report threats and not block them is not that an antivirus program is made to. If one doesn't want to be protected, automatic real-time protection startup can be disabled, or the AV can be uninstalled completely.
     
  5. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    I think I was not clear with what I was attempting to say.Here I am again.

    Worms ,dangerous trojans etc------ESET response--directly quarantine with no user queries.


    Other virus infested exe------------ESET response---ask user whether to leave or delete.

    So you see leave is already an option.Any way ESET is not allowing to execute the file in future.But the same alerts will be logged for future reference which the user can go to.This option for alerts without user input could be made in the program options.I am using CA etrust with this type of feature.

    By the way if it comes out with the alerts without disturbing the parent process it would be great.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's how it currently works in the normal/strict cleaning modes. When a virus (file infector) or a file evaluated by heuristics is detected, the user is prompted for an action as deleting/quarantining the file automatically might result in system instability or problems with a particular application.
     
  7. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    Thats what I too am suggesting.When leave is an option ,a choice could be given for only alerting without a user input.
     
  8. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    Today I was running the on demand scanner,and after some time there was an alert of a Virus "whether to l;eave or delete".I minimized and observed whether scanning took place.It stopped.After I made the input only it progressed.Imagine if people leave a whole network to be scanned and NOD just waits and waits.Another good reason for my suggestion.
     
  9. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    Sorry for bumping but I think I have made a valuable point here.Baby sitting while running a scan cannot be the best of options!Someone reply?
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Among the various options one could taylor there settings to, there is already the option to adjust the cleaning selections to no clean and turn off Display alerts. One could then view there On-demand computer scan log results to see if it found anything.

    IMHO the Eset programmers gave enough options that the whole spectrum of user knowledge can be covered when it comes to alerts or no alerts, interaction or no interaction, sounds or no sounds....etc
     
  11. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    Yes, but how can you perform cleaning from that log?

    To be clear, I want to launch scan and go to sleep. Then, I want to see a log, right click possible infections and clean or ignore them, as my user knowledge tells me.
    And no, I do not want to see my files deleted to quarantine that I would need to restore them (neither I want them blocked for access, if they are only "possibly" a threat).
    And no, I do not want to read file path in the log and go scan them again manually (which is what I need to do here with my setup, if I choose scan without cleaning).

    Sorry if I have missed something, could you please advise how to set NOD to perform like that?

    Thanks.
     
  12. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    First and foremost the above suggestion given was in response to the threads starters criteria and understanding of such. It's rather apparent one can not "perform cleaning from that log", given that it is a log.

    It's a log, you don't clean from logs.

    As long as one does not have Log all objects selected, they see where the file is and take appropriate action. To be clear, nagan and now you with your criteria are giving scenarios that are not the norm. Meaning, for an unknowledgeable user, suggestions are to leave Nod settings at default and let Nod take care of business one has entrusted it to do. For those that choose to select no cleaning, my opinon would be that they possess the knowledge and wish to make their own decision regarding what is found.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The next major update will bring some new cleaning options for ecls.exe that will clean files automatically regardless of whether they are system files or files detected by heuristics.
     
  14. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    If it's a lesson of English language, thanks - I might need one. Otherwise, you are plain wrong - YES, you do clean from logs, or whatever you will call that list of infected or suspected files. Should I list competitor's products allowing that? Or, should I tell you how many customers after 30 days trial choose competitor's product EXACTLY because of this? (or, should I cite the remarks I usually have to hear regarding this?).

    So WHAT is the norm, sitting hours by the screen and watching NOD scanning, and waiting for the next pop-up, given you need to choose action manually?

    And manually navigate to each file, which may be deep in the subfolders, just to launch NOD again, because "clean" may be the action one wants to perform (or, simply to see the recommended action).
    I am repeating this again - other vendors are dealing with this situation in the logical and natural way (allowing to select action from the list of infections) and potential customers are choosing those over NOD exactly because of this.
    Meaning, this is not me who needs help here but Eset. And, dealing with such attempts to help in not very polite manner is, in my understanding, not a good idea. But, as usual, I might be wrong.
     
  15. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    Well thanks to cerBer for giving a hope that someone understands that this definitely is an issue.What NOD presently offers is between DEVIL (keep ogling at your computer screen till the scan is complete) and DEEP SEA (No alerts at all giving a false pretension that everything's fine).I could run my throat dry trying to explain my point.

    With due respects, the solution offered by the mods are what NOD is presently doing and we are requesting an improvement.

    Here once again.Let us take a virus ABC.exe.The action ON DEMAND SCANNER.

    Present case . NOD will throw an alert that ABC.exe is a virus and wait for user input (leave or delete).If the user is not nearby it could take hours for it to proceed.

    SuggestionNOD will throw an alert that ABC is infected and continue with the scan.At a later date the user goes to the log(intelligent log)
    and decides what to do with the file.This way the scan goes on uninterrupted and the log brings out all the threats one by one.

    The advantage is "ANYWAY NOD WILL NOT ALLOW THE FILE TO BE EXECUTED.ONLY THE USER INPUT ACTION IS DEFEERED"

    I hope I am clear now..................
     
  16. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    The appropriate and dedicated thread for improvements and\or suggestions is the Future Changes to EAV 3.0 thread.
     
  17. nagan

    nagan Registered Member

    Joined:
    Mar 26, 2008
    Posts:
    29
    The information is a little late.I hope the people concerned take up the suggestion.
     
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Better late than never :)

    Also, since you now know where suggestions are to be posted and to keep things somewhat proper, we'll bring this thread to a close. We also ask that you consider posting your suggestion to the appropriate thread for Eset's perusal.
     
Thread Status:
Not open for further replies.