Cannot install NOD32; want to use it w/ ZoneAlarm Security Suite

Discussion in 'NOD32 version 2 Forum' started by chileverde, Apr 14, 2005.

Thread Status:
Not open for further replies.
  1. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    I have been using ZoneAlarm Security Suite as firewall and AV. I would like to now use it only as firewall and install NOD32 as antivirus program. First I tried disabling AV (then also disabling e-mail scanning) in ZASS, but NOD32 would not install. Then I uninstalled ZASS completely, verified with Zone Labs' LSPVIEW utility that there were no remaining LSP entries; NOD32 still would not install. I get error message: "(121) NOD32MOD_WINNT_ENGLISH_STANDARD".

    1. Is there any way to install NOD32? Eset tech support suggested I search for any remaining ZA files.I cannot find any. There are 3 registry entries under Zone Labs, but I hesitate to delete these.

    2. Is it possible to use ZASS and NOD32 as I proposed? Or do I have to downgrade (and pay more?) to a ZA product without AV?

    Will appreciate any help. Fortunately, I am using NOD32 on a trial basis. Have lost nothing yet but lots of time!

    BTW I am running XP Pro SP2, ZASS 5.5. Downloaded latest NOD32 yesterday.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please make sure the "documents and settings/all users/desktop" folder actually exists on your disk. If it does and the problem persists though, please drop an email to support@eset.com with a link to this thread.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Chileverde, welcome to Wilders.

    Do the following files exist?

    C Drive> Windows> Temp

    C Drive> Documents and Settings> (User Name) XXXXXX> Local Settings> Temp

    Cheers :D
     
  4. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    The folders Blackspear referenced do exist. However, I did not have the folder Marcos cited: "documents and settings/all users/desktop" . I have just created that, so it will be there if I try again. In the meantime, Eset tech support now has a new suggestion, that I try installing in safe mode.

    I have already spent a good half day or more and now need to get back to my real work. At some time, when I have another half day, I may try these. What worries me about investing more time is that even if I get NOD32 installed, it seems like a gamble whether it will work with ZoneAlarm Security Suite.

    I am assuming both Marcos and Blackspear would have me uninstall ZASS before I try installing NOD32 again.

    Thanks for the suggestions. :doubt:
     
  5. CyberMew

    CyberMew Guest

    I am using NOD32 and ZoneAlarm Security Suite right now, works fine! I just disabled the on-access scanning on ZASS.

    By the way, does anyone knows whether if NOD32 will block virus from auto installing into your computer? Because 1-2 days ago, two of my friends on MSN Messenger send me the same link, http://h*dr0.net/pictures.php?email=myemailaddress.com. I wanted to try if the advanced heuristics(or if there are signatures for it already) will block it, but I didn't for fear of NOD32 not blocking the virus from auto download the virus. The name of virus is Kelvir.N, as stated here: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KELVIR.N. Also, NOD32 really needs to update their knowledge base. The information there is really little!
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's interesting - I'm using the beta 2.50 and all about 4-6 recent variants of the Kelvir worm were detected by AH as "a variant of Kelvir worm".
     
  7. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus

    Nod32 Beta detected the same threat on my PC 2 days ago also, it was detected as "Multiple infections", with one of them being the Kelvir worm.

    I use MSN 7 beta and have set all incomming files to be scanned by Nod32 with advanced settings on.
     
  8. CyberMew

    CyberMew Guest

    Wow that is really cool. Is there any way for me to set MSN6/7 to get NOD32 to scan incoming files too? Or with Winzip.
     
  9. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    I am not sure what you mean by disabling on-access scanning. Could you please be more specific about which control that is?

    Are you sure NOD32 is actually monitoring your incoming e-mail? Here is what I have discovered since my last post. I was able to install NOD32 in Safe Mode. I had uninstalled ZASS first; I did not try installing in Safe Mode with ZASS also installed. As Eset tech support suggested, I initially did not activate IMON or DMON. (They also suggested not activating AMON, but I did--no point in running AV without that feature!) NOD32 seemed to work! I reinstalled ZASS with AV deactivated (but ZASS still installs same LSP's). NOD32 still seemed to work! Then I activated IMON and DMON. NOD32 still seemed to work!.

    But then I noticed that NOD32 did not tag my incoming e-mail as scanned. (I had selected the option to tag all e-mail. When it works, there is a notice at the end of each message.) I think that if you activate IMON and there is a conflict, NOD32 should warn you! Anyway, CyberMew, if you have not already checked this, you should verify that NOD32 is actually scanning incoming e-mail with ZASS installed.

    I wonder if perhaps, if I had activated IMON before reinstalling ZASS, NOD32 would have taken precedence over ZASS. (Activating IMON causes NOD32 to install its only LSP.) Anyway, my next step is to try downgrading to ZoneAlarm Pro to see if NOD32 likes that better. o_O

    BTW the other IMON function, scanning files I view or download with my browser (Opera), seems to work, as there is a window you can open that lists the last file scanned. CyberMew, do you have IMON activated at all? That is how you would set up NOD32 to monitor files as you download them.
     
    Last edited: Apr 16, 2005
  10. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    NOD32 works OK w/ ZoneAlarm Pro

    Just installed ZoneAlarm Pro. NOD32 appears to work OK, including scanning incoming e-mail. It seems like the important feature I am missing by downgrading from ZASS (and not getting from another program) is instant messaging security.
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: NOD32 works OK w/ ZoneAlarm Pro

    This can be set up with Nod32, if you are not sure how to do so Sweetie(*)(*) I'm sure would be happy to advise.

    Cheers :D
     
  12. CyberMew

    CyberMew Guest

    Ok. First, i just found out that NOD32 1.064 signature contains Kelvir.N. FINALLY it did.

    Secondly, I would like to know how to configure my NOD32 to scan files in Winzip and files my friends send me through MSN7.0.

    Thirdly, the on-access scanning that I had mentioned earlier on is found under 'Antivirus' tab. In fact, I just click on 'off' instead of disabling On-Access Scan, just in case it conflicts with NOD32 AMON.

    Forth, I did not see any kind of tag relavant to NOD32 under ANY of my email messeges. I hope someone can enlighten me on this. If I did not remember wrongly, AMON told me that a file someone sent me contains virus with the red window.

    Fifth, I have activated IMON. I am actually seeing it scan the files that I am downloading now. In fact, I enabled all 4 of them just to be safe :)
     
  13. CyberMew

    CyberMew Guest

    Sorry to double post, but it seems that I was wrong about AMON detecting a virus in my email. It was actually ZoneAlarm Security Suite.
     
  14. Gauthreau

    Gauthreau Guest

    In MSN 7.0 go to Tools -> Options -> File Transfer. Check the box that says "Scan files for viruses using:" Then click the browse button. You want to go to: "C:\Program Files\ESET\nod32.exe"

    Conversely, if you have Nod32 installed to the same above directory, you can just copy and past the above directory to the MSN window (quotes included) then OK your way out. I don't use winzip so I can't help you there.


    Tags on e-mails that come through Outlook on my machine look like this:

    __________ NOD32 1.1065 (20050416) Information __________

    This message was checked by NOD32 antivirus system.
    http://www.nod32.com


    You have to have to have the option enabled in Nod32. To check this, open up the Nod32 control center, select IMON -> Setup -> POP3 tab. Here you will see three radio buttons under "Checked e-mail adjustments". Select the radio button that says "all e-mail". Ok your way out. Send yourself an email and see if it attaches the tag.


    Neil
     
  15. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    How to set up IM security with NOD32?

    I looked on the NOD32 web site and in Help and could not find any reference to instant messenging. If there is a way to configure NOD32 to scan IM, I would like to know how.

    As noted above, after Eset tech support suggested it, I used Safe Mode to install NOD32; I then reinstalled ZASS and activated NOD32 IMON, but NOD32 would not monitor incoming e-mail. I have since found a way to get it running while also running ZASS with ZASS IM security enabled (but, of course, ZASS AV is disabled): I have sent an e-mail to Zone Labs asking if they think it is OK or if they expect conflicts. If they say OK, I will post it here to possibly save someone else all the trouble I had.
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: How to set up IM security with NOD32?

    See post #14, the one above yours shows how to do so. It was as I thought, I just wasn't 100% certain, so in such cases I don't offer advice.

    Cheers :D
     
  17. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    My IM security work-around may not work!

    Blackspear,

    I think I see what you mean. I had expected to find an option within NOD32 itself, just as ZASS as an option to enable IM security. I guess if I want to use NOD32 to scan instant messages, I need to set it up in the IM software, not in NOD32 itself, like this:
    Please understand, I have not used IM, and I was expecting to have to do something within NOD32, so I did not pay attention to the above instructions the first time around. I do plan to participate in an online discussion group that I think uses Yahoo! Messenger. Presumably, Yahoo! would have an option similar to MSN's.

    I am beginning to wonder: Even though I found a way to activate the ZASS IM security without enabling AV, how could ZASS screen instant messages for viruses without access to the AV signature file and scanning engine? My apparent work-around may not actually work.
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: My IM security work-around may not work!

    I would presume as well these days...

    Cheers :D
     
  19. Gauthreau

    Gauthreau Guest

    Re: My IM security work-around may not work!

    There is no option to set within Nod that would scan IM. However, by default, AMON should kick in as soon as a file came through and scan it for you. Anywho, to set up Yahoo! Messenger, follow the directions below.

    Very much so. In Yahoo! messenger:

    Select Messenger on the top toolbar -> Preferences -> File Transfer under "Catagories" on the left hand side. Once selected, you will be presented with a window that has very similar options to MSN. Here you will select the box that states "Check file for viruses after download".

    Select "Browse" and search out the NOD32.exe file. Again, if you have installed Nod32 to the default directory, you can copy and paste the directory below into the box rather than searching for it. Ok your way out.

    C:\Program Files\ESET\nod32.exe

    Neil
     
  20. CyberMew

    CyberMew Guest

    Anyway that I can add any parameters so that scanning will be silent and only tells me there is virus through popup?

    Also, I have already enabled the all e-mail option. But it didn't work :(
    So chileverde, what did you do to enable the scanning of email+attachments?
     
  21. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    How I got NOD32 to work w/ ZoneAlarm Security Suite; limitations of ZASS IM security

    Cybermew,

    Because of the trouble I was having installing NOD32, Eset tech support (finally) told me to uninstall ZASS and install NOD32 in Safe Mode with IMON and the other extra monitoring functions disabled. In that situation (IMON not installed) ZASS installed both ZA LSP's even when I specified that I would not use AV and IM functions. (LSP stands for "layered service provider". An LSP entry registers with Windows that a particular program is performing a particular function, such as scanning incoming e-mail for viruses. It's much more complicated, but that's all I understand about it.) But then I discovered that if I install ZASS when IMON is enabled, ZASS will not let me activate, either during installation or later, AV or IM, and does not install either LSP.

    Let's go back to where I was when NOD32 would not scan incoming e-mail. Both ZA LSP's were installed, as well as the NOD32 LSP, which had been installed later (after ZASS was installed), when I activated IMON. (This LSP for IMON is the only LSP NOD32 installs.) If you already had ZASS installed when you installed NOD32, your situation is probably the same. (I have a utility, LSPVIEW, which allows you to see which LSP's are on your system. I just checked, and it appears that it is no longer available for download from Zone Labs. I needed it to figure this out, but you won't need it to get where I got.) If you uninstall and reinstall ZASS, ZASS should install without either LSP. NOD32 should now scan incoming e-mail.

    In case anyone is interested, I will now describe what I did to enable IM security. Just bear in mind that I am still waiting to hear back from Zone Labs tech support as to whether they think this work-around may cause problems. I "quit" (unloaded) NOD32 IMON, which caused NOD32 to remove its LSP. I then enabled IM security in ZASS. This installed the LSP for IM security (imslsp/1113684330), but not the one for AV. I then reactivated NOD32 IMON. So I now have active that ZA LSP and the NOD32 LSP for e-mail monitoring. I confirmed that NOD32 is monitoring my e-mail. I do not currently do any IM, but I probably will in the future; I thus do not currently have a way to check that IM security is working. I guess that even if I sent/received some instant messages, I would not know if the ZASS monitoring works, since I don't know that it tags the messages the way NOD32 tags incoming e-mail.

    After all this work to find a way to use ZASS IM security with NOD32, I discovered this passage hidden on p. 182 of the 255-page ZASS user guide: "The protection features described above apply only to one-on-one conversations. Zone Labs security software does not protect conversations with more than one participant (for example, chat room conversations)." The only way I would contemplate using IM is participating in an online forum of people in my field, i.e., a kind of chat room, so I will get no protection from ZASS IM security, anyway!

    So I am very glad that I learned here that NOD32 can scan instant messages and am particularly grateful to Neil for describing how to set up scanning for Yahoo! Messenger, which I think this group uses.
     
  22. CyberMew

    CyberMew Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    128
    Re: How I got NOD32 to work w/ ZoneAlarm Security Suite; limitations of ZASS IM security

    Wow, that was a long post. Thanks for the information you've provided.

    So are you telling me to:
    1. Uninstall ZASS and NOD32,
    2. Re-Install NOD32 under Safe-Mode
    3. Disable IMON in NOD32
    4. Reinstall ZASS
    5. Activate ZASS's IM Security
    6. Activate IMON in NOD32.

    And now NOD32 should be working full, while ZASS will also work fully except for its AV. Am I right?
     
  23. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    18
    Re: How I got NOD32 to work w/ ZoneAlarm Security Suite; limitations of ZASS IM security

    No, not quite. I guess the post may have been too long...and thus confusing. I wanted to document everything I had done, but you do not need to go through all this. In particular, you do not need to uninstall/reinstall NOD32.

    Here is what you could do:

    1. Uninstall and reinstall ZASS. Now e-mail scanning in NOD32 should work. (Send yourself a test e-mail to be sure the message gets tagged showing NOD32 scanned it.)

    If you want to try to activate ZASS IM security (with the caveat that this is a work-around and I don't know what Zone Labs will say about this):

    2. Disable IMON in NOD32.
    3. Activate ZASS's IM Security.
    4. Activate IMON in NOD32. (Send yourself another test e-mail to verify NOD32 scans it.)

    I think so. Please let us know how this works for you.

    It really is a problem that NOD32 let us both go through the motions of setting up e-mail scanning and did not tell us that it did not work! This probably affects not only ZASS users, but also users of other firewall-AV combinations who hear about NOD32 and think they can just disable the AV in the suite and use NOD32 for AV. It is also a problem that ZASS does not remove the AV LSP when a user disables AV. At least it removes the LSP when the program is uninstalled. When I switched from Panda to ZASS, Panda left its LSP active even when it was uninstalled; I needed to get LSPVIEW to remove it.

    Now that I think I have it running correctly, I am very impressed by NOD32. It has not caught any viruses yet, but I assume I have not received any in the past few days. It scans much faster than ZASS. One thing I really like about NOD32 is that it can be configured to update automatically as soon as I log on. You would think that would be a no-brainer--like many people, the first thing I usually do when logging on is to check e-mail, and, of course, I want to have my AV current for that. But ZASS does not check on its own right away. And a manual check requires many clicks...plus I often get error messages on as many as three attempts before the updater works.
     
  24. Gauthreau

    Gauthreau Guest

    Re: How I got NOD32 to work w/ ZoneAlarm Security Suite; limitations of ZASS IM secur


    Glad I could help :)

    Neil
     
  25. CyberMew

    CyberMew Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    128
    Re: How I got NOD32 to work w/ ZoneAlarm Security Suite; limitations of ZASS IM secur

    It doesn't work for me. I unload IMON and uninstalled/reinstalled ZASS. After that I enabled IMSecurity, and started up IMON. Tried sending email to myself, didn't see anything except for what I typed. Guess they won't work together :(
     
Thread Status:
Not open for further replies.