Congratulations again!!!!!!!

Discussion in 'NOD32 version 2 Forum' started by sir_carew, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    CONGRATULATIONS TO ESET!!!!
    NOD has pick up heuristically Win32/Bagle.AF and Win32/Atak.A malware. This demostrate again how important is the heuristic role.
    Regards.
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    It wasn't heuristics. Bagle.AF was added to the definitions yesterday, Atak the day before.
     
  3. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    No, I'm not speaking about signatures. Indeed if you disable signature method and try to analyze using AH, NOD will detect both as Probably NewHeur_PE Virus. That's not signature, that's heuristic.

     
  4. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I had asked about Bagle.AF on 7/16.

    Here is the reply I received from ESET support.

    -------
    "we have the Win32/Bagle.AF in the 1.812 as you can see at :
    http://www.nod32.com/support/info.htm#CurVersion

    It was detected by the NOD advanced heuristics - so from the beginning.

    Best regards,"
    -------

    That is why I have used NOD32 for three years and will continue to use it. It was detecting Bagle.AF before some other AVs.
     
  5. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Which is why I recommend it to all my clients. Sure lets me rest easier at night.


    ;)
     
  6. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    How do you recommend something to your clients that has false positives so frequently and such poor response from the company. There are currently three threads concerning false positives with IRC/SdBot.AIG trojan messing up more than a few customers, some including myself quite seriously, and there is no response from Eset since around noon on Friday. This follows the netapi.dll fiasco of earlier in the week and the Win32/Ralpha.A trojan false positives last month. Seems like a trend here. I don't have the time to try and restore functionality of programs because needed dll's or exe's are in quarantine due to false positives, this is beoming absurd.
     
  7. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Sorry you're having problems, FF. Perhaps most Eset employees are taking the weekend off, I have no idea. I do know that if there are issues with fp's, they will be addressed. False positives are the exception with NOD32, not the rule.

    To answer your questions--which were OT, but obviously are concerning you:

    1. My clients haven't had any problems with false positives up to now--including the fp you mention. In fact, IMO, NOD32 has fewer fp's than any other av I've ever used--which is another reason I recommend it.

    2. I provide service to my clients as part of the yearly package--which is Eset policy--and make sure the AV is optimized for my clients. In addition, I make sure my clients can't make changes to these settings--which saves us all headaches.

    Hang in there. I'm sure the fp problem will be resolved shortly.
     
  8. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I am not sure why you are taking this thread off topic?

    But to reply, over the 3 years I have used NOD32 I have seen very few false positives. A number of AV's have false positives from time to time. NOD32 seems to have had very few over that time period even scanning with AH. My ISP provides F-Secure fee of charge for 3 PCs. So I use F-Secure on two other machines. However, I still prefer and use NOD32 on a high end game machine even though I could use a free F-Secure. I also recommend NOD32 highly to others.
     
  9. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I started this thread because I want to congratulate ESET for the excellent work.
    Many others AVs have much more false positive than NOD. If you want to complain again ESET, please make another thread, indeed you've one, so please post FPs question in your thread.
    Anybody can recommend a AV, and I personally recommend NOD to my family and friend and I'll keep recommending this.
    Please stay on-topic. All congratulations to ESET are welcome in this post ;)


     
  10. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    Congrats NOD32. I also recommend to NOD32 to everyone, including work. Now almost 700 pcs later we are happy. :)
     
  11. Azn_Tweaker

    Azn_Tweaker Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    120
    Location:
    Canada, Toronto
    Good Job Eset :D
     
  12. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Sir Carew, I am sorry for offending you with my earlier post, and I also apoligize for taking it OT. I am just very frustrated with Eset right now, between the current problem I am having with this IRC/SdBot.AIG FP and the netapi problem earlier in the week ( I didnt post then because plenty of other people already did also) and an additional FP back in June, my experience with NOD has been quite a bit less than stellar, just venting some frustration since Eset isn't answering emails or fixing the problem either. Again, sorry for disrupting your thread. You have made quite a few decent posts that have been very informative to me and in no way did I mean to upset or anger you.
     
  13. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    No problem ;)
    Please try to have more patience with NOD. NOD is a great AV. I wish that your issue will fixed soon.

     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    IF there is no answer to your post, bump it up.

    Have you tried sending a PM to Marcos?

    Cheers :D
     
  15. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Maybe I don't expect much but I thought the netapi.dll issue was handled ok by eset. We reported it, they fixed it, done like dinner.

    Personally, I'd prefer the odd fp over the odd missed detection any day of the week; but that is just me.

    One thing to remember about that though is that you can't be deleting every detection as soon as it gets detected. DON'T set Nod32 to automatically do anything.

    If it is a system file you have had for a while or part of a service pack, just don't run the file, and come here and post possible fp topic. AMON will look after you while you do this. When you download a service pack you should scan it with your security programs BEFORE you try to install it. if a fp is going to rear its ugly head, it is best to know that BEFORE you are half way through the update and smoke your install.

    If you just downloaded some crack tool advertising "satan inside" and it gets flagged, then it probably does have a trojan in it. Atleast deleting it isn't going to smoke your install.

    having security tools doesn't help much if they aren't used properly.
     
  16. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    flyrfan111,

    It's a game of low probability chance here. When detections are ramped up, false positives are expected to increase immediately afterwards until the detection schemes are refined. In most cases, no further refinements are needed and false positive issues never emerges.

    Unfortunately, I really don't see a decent way out of it aside from being cautious and a little conservative in deleting files that have been flagged. That's true of any AV/AT product.

    As you point out, the road may be a little bumpy for a bit. Which means that all users have to be as vigilant as you and others have been at identifying potential false positives.

    And let me add my congratulations to Eset for continually and quickly improving an already excellent product!

    Blue
     
  18. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I have a false positive and it was detected on May 29 and has never been fixed (unless very recently while I have not had NOD32 on the box that this program is on). It is the exe file for a fairly popular program that I have had for six months. I reported it and was told by Eset support that it would be fixed with the next update but it wasn't. Then I was told it was complicated to fix so it would take longer. I can accept that. I excluded it from scanning.

    My concern though is that this sudden eruption of fp's appears directly related to the increase in use of adv. heuristics. This bothers and worries me. My ultimate response to these problems that I am seeing constantly now regarding IMON (which I would not touch with a ten foot pole) and adv. heuristics (plus curiosity) has been to trial another av which I currently have on my XP box. I haven't gotten any false positives with it, but then it is a signature based AV which I prefer. However, I'm not going to keep it because it is not the current version and I don't want to purchase an old version however excellent (current version is terrible) plus I still like NOD32 warts and all and am willing to work with it at least until my renewal license comes due and maybe for a lot longer than that. :) A lot rides on this beta which I have an early version of but I am eager to see the public beta whenever that is released.
     
  19. gberns

    gberns Registered Member

    Joined:
    May 2, 2004
    Posts:
    131
    Way off topic.

    Can anyone tell me why this thread activated my pop-up blocker and bounced me right out of inernet explorer?
     
  20. robin051

    robin051 Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    1
    Anyway , NOD32 is the best !! :D
     
  21. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    I'm afraid I don't see anything different in this thread then in any other thread here. If you can recreate this then please report exactly what popup your blocker is showing, as there must be some reference or triggering event. It'd be best to do so in a new thread so as to not take this one off topic.
     
Thread Status:
Not open for further replies.