Consensus on all files extensions?

Discussion in 'NOD32 version 2 Forum' started by optigrab, Jun 27, 2004.

Thread Status:
Not open for further replies.
  1. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Mele20 recommends setting Amon to scan "all files", while I was under the strong impression that it really didn't afford much (any) better security. Mele20 referenced this thread:

    https://www.wilderssecurity.com/showthread.php?t=37509

    I realize now that a lot of folks here agree with Mele20 - and that's cool - but I want to get a sense if this was debatable. I'm also interested in hearing what the Eset folks currently believe is best practice.

    Another point is that there may be some middle ground - extensions worth scanning beyond the default settings, but short of "all files".

    Thanks in advance for any input.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,772
    Location:
    Texas

    I guess it would depend on what "all" means. Not much sense scanning a text file.
    Since NOD is so fast, I've noticed no difference in scanning speed to speak of scanning either way.

    I guess it depends on your comfort factor.

    I would think if a virus makes it past your realtime scanner for some reason, it might be helpful with the latest update.

    JMO
     
  3. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I'm sort of a NOD32 newbie, I suppose, but I don't really believe in the need for scanning all files in AMON either. Yes, I have my on-demand scanner configured for scanning everything, but I only want my resident scanner checking executables. I don't really see the point in doing otherwise.
     
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I think that scan all files is important. There're some proof-of-concepts that use for example .bmp files, etc. If AMON is configured to scan all extensions, AMON will detect those. Of course that are only proof-of-concept and aren't ITW, however in the future can appear more viruses of such type.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    For my clients I want the maximum strength scan possible, rather be over cautious than under cautious. I prefer defence at arms length than up close and personal, even if it took another 10min to do a scan using "All Files" then I would do it for my customers and myself. If they want to play with the settings after this, then that's fine, I could tell you though, I bet 99.9% of them will leave the settings as they are :D

    Cheers :D
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There are cases when the resident scanner MUST NOT scan all files for the system to work properly (e.g. on Exchange servers, files with the edb and tmp extensions MUST be excluded from scanning if AMON is set to scan all files. This does not go only for NOD32 but also other AV programs)
     
  7. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Hi Blackspear

    I agree with you about being willing to sacrifice a modest amount of scan speed for added security. My concern (maybe too strong a word) is that scanning all file types is a bit like looking for my car keys in the unopened box of breakfast cereal in my cupboard; the chances are so exceedingly small that it really doesn't make any sense to bother.

    Still looking to see if there is a majority position on this issue. In the meantime, I've switched to "all files" as an experiment.

    Best regards,
    - O
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Rodzilla has said stated several times that he thinks NOD32 settings should all be set at maximum by default. I know he has said this here more than once and also said it to me privately. This was the only quote I could quickly find:

    > Usability of the A/V (in this case) software is probably the biggest factor of all: an incorrectly or loosely configured installation is dangerous, and NOD32 IMO fails the test of usability and default installation settings (to be fair KAV 4.5, for instance, is worse in the usability stakes - not so KAV 5.0, though - but its default installation settings are more secure than NOD32's).

    "OK ... I'll grant you that. I would prefer to see NOD32 set at "maximum everything" by default and advise the user of the slight decrease in scanning speed and the slight increase in the possibility of false positives and let him/her shift down a couple of gears if he/she wanted to."

    https://www.wilderssecurity.com/showthread.php?t=29179&page=2&pp=25
     
Thread Status:
Not open for further replies.