Congratulations again!!!!!!!

CONGRATULATIONS TO ESET!!!!
NOD has pick up heuristically Win32/Bagle.AF and Win32/Atak.A malware. This demostrate again how important is the heuristic role.
Regards.

 

It wasn't heuristics. Bagle.AF was added to the definitions yesterday, Atak the day before.

 

No, I'm not speaking about signatures. Indeed if you disable signature method and try to analyze using AH, NOD will detect both as Probably NewHeur_PE Virus. That's not signature, that's heuristic.

 

I had asked about Bagle.AF on 7/16.

Here is the reply I received from ESET support.

-------
"we have the Win32/Bagle.AF in the 1.812 as you can see at :
http://www.nod32.com/support/info.htm#CurVersion

It was detected by the NOD advanced heuristics - so from the beginning.

Best regards,"
-------

That is why I have used NOD32 for three years and will continue to use it. It was detecting Bagle.AF before some other AVs.

 

Which is why I recommend it to all my clients. Sure lets me rest easier at night.

 

How do you recommend something to your clients that has false positives so frequently and such poor response from the company. There are currently three threads concerning false positives with IRC/SdBot.AIG trojan messing up more than a few customers, some including myself quite seriously, and there is no response from Eset since around noon on Friday. This follows the netapi.dll fiasco of earlier in the week and the Win32/Ralpha.A trojan false positives last month. Seems like a trend here. I don't have the time to try and restore functionality of programs because needed dll's or exe's are in quarantine due to false positives, this is beoming absurd.

 

Sorry you're having problems, FF. Perhaps most Eset employees are taking the weekend off, I have no idea. I do know that if there are issues with fp's, they will be addressed. False positives are the exception with NOD32, not the rule.

To answer your questions--which were OT, but obviously are concerning you:

1. My clients haven't had any problems with false positives up to now--including the fp you mention. In fact, IMO, NOD32 has fewer fp's than any other av I've ever used--which is another reason I recommend it.

2. I provide service to my clients as part of the yearly package--which is Eset policy--and make sure the AV is optimized for my clients. In addition, I make sure my clients can't make changes to these settings--which saves us all headaches.

Hang in there. I'm sure the fp problem will be resolved shortly.

 

I am not sure why you are taking this thread off topic?

But to reply, over the 3 years I have used NOD32 I have seen very few false positives. A number of AV's have false positives from time to time. NOD32 seems to have had very few over that time period even scanning with AH. My ISP provides F-Secure fee of charge for 3 PCs. So I use F-Secure on two other machines. However, I still prefer and use NOD32 on a high end game machine even though I could use a free F-Secure. I also recommend NOD32 highly to others.

 

I started this thread because I want to congratulate ESET for the excellent work.
Many others AVs have much more false positive than NOD. If you want to complain again ESET, please make another thread, indeed you've one, so please post FPs question in your thread.
Anybody can recommend a AV, and I personally recommend NOD to my family and friend and I'll keep recommending this.
Please stay on-topic. All congratulations to ESET are welcome in this post

 

Congrats NOD32. I also recommend to NOD32 to everyone, including work. Now almost 700 pcs later we are happy.

 

Good Job Eset

 

Sir Carew, I am sorry for offending you with my earlier post, and I also apoligize for taking it OT. I am just very frustrated with Eset right now, between the current problem I am having with this IRC/SdBot.AIG FP and the netapi problem earlier in the week ( I didnt post then because plenty of other people already did also) and an additional FP back in June, my experience with NOD has been quite a bit less than stellar, just venting some frustration since Eset isn't answering emails or fixing the problem either. Again, sorry for disrupting your thread. You have made quite a few decent posts that have been very informative to me and in no way did I mean to upset or anger you.

 

Hello,
No problem
Please try to have more patience with NOD. NOD is a great AV. I wish that your issue will fixed soon.

 

IF there is no answer to your post, bump it up.

Have you tried sending a PM to Marcos?

Cheers

 

Maybe I don't expect much but I thought the netapi.dll issue was handled ok by eset. We reported it, they fixed it, done like dinner.

Personally, I'd prefer the odd fp over the odd missed detection any day of the week; but that is just me.

One thing to remember about that though is that you can't be deleting every detection as soon as it gets detected. DON'T set Nod32 to automatically do anything.

If it is a system file you have had for a while or part of a service pack, just don't run the file, and come here and post possible fp topic. AMON will look after you while you do this. When you download a service pack you should scan it with your security programs BEFORE you try to install it. if a fp is going to rear its ugly head, it is best to know that BEFORE you are half way through the update and smoke your install.

If you just downloaded some crack tool advertising "satan inside" and it gets flagged, then it probably does have a trojan in it. Atleast deleting it isn't going to smoke your install.

having security tools doesn't help much if they aren't used properly.

 

flyrfan111,

It's a game of low probability chance here. When detections are ramped up, false positives are expected to increase immediately afterwards until the detection schemes are refined. In most cases, no further refinements are needed and false positive issues never emerges.

Unfortunately, I really don't see a decent way out of it aside from being cautious and a little conservative in deleting files that have been flagged. That's true of any AV/AT product.

As you point out, the road may be a little bumpy for a bit. Which means that all users have to be as vigilant as you and others have been at identifying potential false positives.

And let me add my congratulations to Eset for continually and quickly improving an already excellent product!

Blue

 

I have a false positive and it was detected on May 29 and has never been fixed (unless very recently while I have not had NOD32 on the box that this program is on). It is the exe file for a fairly popular program that I have had for six months. I reported it and was told by Eset support that it would be fixed with the next update but it wasn't. Then I was told it was complicated to fix so it would take longer. I can accept that. I excluded it from scanning.

My concern though is that this sudden eruption of fp's appears directly related to the increase in use of adv. heuristics. This bothers and worries me. My ultimate response to these problems that I am seeing constantly now regarding IMON (which I would not touch with a ten foot pole) and adv. heuristics (plus curiosity) has been to trial another av which I currently have on my XP box. I haven't gotten any false positives with it, but then it is a signature based AV which I prefer. However, I'm not going to keep it because it is not the current version and I don't want to purchase an old version however excellent (current version is terrible) plus I still like NOD32 warts and all and am willing to work with it at least until my renewal license comes due and maybe for a lot longer than that. A lot rides on this beta which I have an early version of but I am eager to see the public beta whenever that is released.

 

Way off topic.

Can anyone tell me why this thread activated my pop-up blocker and bounced me right out of inernet explorer?

 

Anyway , NOD32 is the best !!