Certain files choke NOD v4?

Discussion in 'ESET NOD32 Antivirus' started by Carbonyl, Feb 25, 2010.

Thread Status:
Not open for further replies.
  1. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Hi everyone. I've been having a fairly peculiar issue for some time now with NOD. It's nothing that breaks the functionality of the software, but I find it befuddling and somewhat mildly annoying at times.

    On certain occasions, some files cause NOD to 'stall' considerably. This manifests itself in a heavy system load on saving, accessing, or scanning these files. Saving files from the web causes my browser (Opera) to hang to the point of 'not responding'. Moving or opening the files causes hanging in the OS (tried this both on Windows 7 and on OS X with the NOD beta). If the files are on the HDD during scheduled full system scans, NOD will hang on that particular file for a long while.

    In all cases, the system will snap back to life if I wait it out - Even Opera will become responsive again if I wait long enough. But this can take 5-10 minutes depending on the file. These files are always clean, which doesn't surprise me given their origin.

    The strange thing is that the files all come from a single location: The Good Old Games website (GOG.com). For some reason their installers just seem to make NOD chug very hard.

    Is this unavoidable? Or is there something I can do about this issue? I only ask because, if I have 3 or 4 GOG installers on a drive (I like to keep them handy), that adds 20 - 40 minutes to my scan times every week. Nothing terrible, but slightly irksome. I'm using the latest NOD 4 on Windows 7 (not the beta) and the latest NOD 4 beta on OS X 10.6.2 and seeing this issue on both. Thanks!
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    exclude them from scanning until Eset fixes the issue
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    You can set a size limit for scanning archives in the web protection and real-time file system protection setup so that larger archives are not scanned internally.

    You can disable advanced heuristics/runtime packers for newly created files and enable these options on file execution.

    Unfortunately there are no games that could be downloaded for free and test so I can only assume that they are reasonably large with a lot of files inside. Setting a size limit for scanning archives would most likely do the trick.
     
  4. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    I certainly shall, thank you. I just wanted to bring it to ESET's attention, since it seems peculiar.

    These files aren't abnormally large by my standards. Some are upward of 500 MB, and I admit those are large enough to raise eyebrows... But some are only ~200 MB. I have archives that trend upward of 400 MB on my hard drive (zipped collections of my own) that don't take nearly as long as the 200 MB file from GOG. This leads me to believe that there's something about the GOG compression that just makes NOD go loopy.

    I realize there's little to no access to their installers without paying, though, so I suppose there's really nothing that can be done. I'll probably just opt to offload the files onto external media for storage, since I prefer to keep maximum security via internal scanning. Thanks for the consideration and the advice, though!
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Actually I consider text files > 1-2 MB large. Parsing of such large files takes time, it's pretty normal. Even if you use another application, it will take dozens of seconds to go through them. If you intentionally need to use such large text files, the best practice would be to exclude them from scanning.
     
  6. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    I agree with the OP.

    nod32 v2 can scan 50 meg files quicker than v4 takes to scan some 1 meg file, this alone proves it can be done faster.

    if nod32 can scan some larger files but not others surely this means it is an algorithm problem.

    If I open a 2 meg file in notepad there is a delay yes but dozens of seconds, is your pc a 386? on mine it is probably 1-2 second delay for a 2meg file in notepad.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    It could be a limitation in v2 due to which such large files were not parsed thoroughly. V3/v4 don't use any limitations but you can configure them your yourself.

    The OP was talking about 200-500 MB files so I was referring to them.
     
Thread Status:
Not open for further replies.