Excluding directories

Discussion in 'NOD32 version 2 Forum' started by Mike_Healan, Nov 26, 2003.

Thread Status:
Not open for further replies.
  1. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    Hey guys.

    Just installed Nod32 and I have two questions.

    1.) How do I exclude files/directories from the scanner?

    2.) What's the purpose of the AMON > setup > exclusion list? I put a directory in there, but the scanner still scanned what I excluded, so I assume that's for something else.
     
  2. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Hi Mike

    Both questions answered (I hope) together:

    Since NOD32 V2 was released (as far as I can recall), the exlude feature does not always work as intended. A little sleuthing & manual input by the user is required to get the feature to work, as documented here:
    http://www.wilderssecurity.com/showthread.php?t=13536

    To paraphrase another member, the issue is that NOD32 may require any of the following path types to exclude properly:

    - a short names path (DOS 8.3 format)
    - a long names path
    - a combination of these paths

    Regards
    Optigrab
     
  3. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    That's not going to help in my case. The paths to what I want to exclude are already short
    Oops..... no they're not. That's 9 letters, not 8. Let me try it.
    D:\Documents\documents.zip and D:\Documents\website\adware\

    Is the AMON exclusion where it *should* exclude directories from the scanner? That looks like it's just for the resident module.

    I don't want it triggering on my local copy of my spyware collection and that zip file is very large and doesn't need to be scanned.
     
  4. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    Nope, didn't work for the scanner or the resident monitor. Tried it with both long and short paths.

    That bug is kinda old .... they are working on that right?
     
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Mike, Amon doesn't scan compressed files by default in the first place.

    Did you make alterations there?
     
  6. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Amen. :mad:

    Acadia
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Mike,

    what system do you use and what version of program components you have installed (this info can be found in CC-NOD32 System Tools-Information)? On my computer, it works flawlessly.
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Marcos (this is not Mike speaking), here it is on my system:

    NOD32 Antivirus System information
    Virus signature database version:   1.563 (20031125)
    Dated:   Tuesday, November 25, 2003
    Virus signature database build:   4057

    Information on other scanner support parts
    Advanced heuristics module version:   1.004 (2003102:cool:
    Advanced heuristics module build:   1037
    Archive support module version:   1.007 (20031104)
    Archive support module build version:   1074

    Information on installed components
    NOD32 For Windows 95/98[me=Acadia]- Base[/me]
    Version:   2.000.6
    NOD32 for Windows 95/98[me=Acadia]- Standard component[/me]
    Version:   2.000.6
    NOD32 For Windows 95/98[me=Acadia]- Internet support[/me]
    Version:   2.000.6

    Operating system information
    Platform:   Windows 98
    Version:   4.10.2222 A
    Version of common control components:   5.81.4916
    RAM:   384 MB
    Processor:   Pentium(r) III Processor

    Thank you,
    Acadia

    (don't know why my handle appears with the information or why it turned red in color, I didn't do anything more than copy/paste)
     
  9. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    Marco,

    latest version ( I assume ) bought last night.

    NOD32 Antivirus System information
    Virus signature database version:   1.563 (20031125)
    Dated:   Tuesday, November 25, 2003
    Virus signature database build:   4057

    Information on other scanner support parts
    Advanced heuristics module version:   1.004 (2003102:cool:
    Advanced heuristics module build:   1037
    Archive support module version:   1.003 (20030903)
    Archive support module build version:   1056

    Information on installed components
    NOD32 For Windows NT/2000/XP - Base
    Version:   2.000.6
    NOD32 For Windows NT/2000/XP - Internet support
    Version:   2.000.6
    NOD32 for Windows NT/2000/XP - Standard component
    Version:   2.000.6

    Operating system information
    Platform:   Windows 2000
    Version:   5.0.2195 Service Pack 4
    Version of common control components:   5.81.4916
    RAM:   512 MB
    Processor:   AMD Athlon(tm) XP 1700+ (1460 MHz)

    Tony,

    Yeah, I played around in the settings a bit.
     
  10. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    LOL :D

    An old, OLD YabbSE bug. it's the / me that does that
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Mike,

    That´s not a bug, that´s a feature. :D

    Pieter
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Mike and Acadia,

    does the problem occur also on directories with their names shorter than (or equal to) 8 characters?
     
  13. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    Seems to be. I put a virus in my c:\upx\ folder after excluding it and AMON caught it when I tried to unzip it. I'm looking now to see if the scanner catches it.
     
  14. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    C:\upx\WBECHE.EXE - Win32/PSW.WbeCheck.A trojan

    Didn't work. Less than 8 characters and exclude didn't work when I scanned the whole C: drive.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Mike, just 2 remarks:

    1.) Exluding files/directories in AMON setup does not make these objects exluded from being scanned by NOD32 scanner

    2.) It's not clear whether you unzipped the file to the directory excluded from scanning (would you please post the exact path to the infected file detected by AMON?)
     
  16. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    1.) Ok, so how do I do that? Exclude something from the scanner?

    2.) The zip is at C:\upx\adbreak.zip. When I extracted wbecheck.exe from it to c:\upx\webcheck.exe that set off AMON even though I have c:\upx\ excluded.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Mike,

    unfortunately, particular files/directories cannot be excluded in NOD32 scanner. You can only select what directories/drives you wish to scan.

    As to the second point, it really seems there is some problem with exluding files in AMON. I can't tell you for sure if something will change in the next program comp. update, but let's see.
     
Thread Status:
Not open for further replies.