Differences between AMON and IMON

Discussion in 'NOD32 version 2 Forum' started by Yoshman, Oct 12, 2005.

Thread Status:
Not open for further replies.
  1. Yoshman

    Yoshman Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    44
    Hi,

    today i want to make a little test with my configuration of nod32 and i'm a little bit confused about that :(
    I have two sites which try to install some kind of virus, IMON said "Connection refused" but still let me download the file. I thought that while saving it AMON screams and delete it, but nothin' happens :( A manual scan of these two files with the nod32 scanner says "No infection found" !?
    Any ideaso_O

    regards
    steffen
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Ain't the file a kinda archive? This would explain it, maybe you didn't set the on-demand scanner to scan inside archives. Anyway, if you choose to terminate connection in the IMON alert window, there's no chance a file would make it to the disk.
     
  3. Yoshman

    Yoshman Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    44
    Hi,

    one of them is executable file and the other one is an self extracting archiv...
    on demand scanner is configured to scan all things he can :) but he said damaged archiv file... extracting the file with winrar and IMON deletes the extracted infected file (Win32/Parity.B)
    And i am to frightened to check if AMON get the second file when i execut it (Win32/Litmus.203.Trojaner) :)
    I also thought that if IMON is configured to disconnect, that there is no chance for this file to get on my harddisk, but ever it get then i thought AMON will get it?
    Or is there something wrong with my Nod32 Installation? Is it possible to delete just the config and create a clear new one? Because it seems IMON uses other settings then configured by me!?

    PS: Is it better to block connections or delete the fileo_O
     
  4. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Blocking the connection stops the download, deleting allows the download and then deletes the file, which would seem to be a waste of bandwidth in my opinion. Why download something you are going to delete immediately?
     
  5. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    I have run into something similar to Yoshman's problem. Usually, IMON catches everything and terminates the connection, but sometimes a file will slip through. However, AMON always catches the files that slip through for me.

    I do have IMON set to "Higher Compatability". I am guessing this is why some of the files slip through.

    It seems to happen on sites that bombard the computer with files. I could give a particular example, but I do not want to post links against forum policy.
     
  6. Yoshman

    Yoshman Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    44
    Re,

    i divide my post into two problems :)
    first one is the thing with imon, it seems to be like alglove said - if two many infected files goes to IMON, it could be that one of them gets to harddisk... BUT with Internet Explorer not one files goes through, sometimes he downloads the file, but it is not on harddisk, sometimes there is an error ;) connection refused :)
    with firefox it is "easier" that one file goes through... the download seems to be broken in the download manager from firefix, but if u retry to download, the file goes through everytime...
    BUT if i set imon to "display warning..." instead of "automatically deny..." - it asks me for every file, i deny and now file will be downloaded :)

    now to the second one :)
    why didn't AMON or the on demand scanner didn't get these files?

    btw. i can live with this, it is just for my understanding and to configure nod32 for customers/ friends/ family as save as i can :)
     
    Last edited: Oct 12, 2005
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
Thread Status:
Not open for further replies.