Future Changes to EAV

Discussion in 'ESET NOD32 Antivirus' started by Blackspear, Jan 20, 2008.

  1. plx

    plx Registered Member

    Joined:
    Aug 8, 2009
    Posts:
    9
    hmm, today i had to cure the computer with recently updated NOD32 with undetected winlocker, and it was started through that key and NOD had nothing against.
    that's the file:
    ~~ removed link to malware file ~~
     
    Last edited by a moderator: Jun 28, 2010
  2. Matthijs5nl

    Matthijs5nl Guest

    How about a proper program updater?
    I don't have problems with manually updating to the newest major version.
    So 4 to 5. Or 4 to 4.5.
    But a minor update should just be done through a proper updater.
     
  3. buckZor

    buckZor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    15
    Location:
    Peoples Republic of Oregon
    A configuration choice to allow non-administrative users temporarily disable NOD32. Other AV companies call this "gaming mode". I operate my system as a least priveleged user, and I run games. When I am gaming I want full performance from my system.
     
  4. Matthijs5nl

    Matthijs5nl Guest

    You are not really true there.
    Gaming mode is not the same as temporarily disable. Gaming mode means it runs at lowest priority and it doesn't pop any popups it's while you are in full screen also scheduled actions are delayed untill you exit gaming mode.
    ESET NOD32 actually automatically enters a sort of gaming mode while you are in fullscreen, it for example doesn't pop up any update popups.
     
  5. buckZor

    buckZor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    15
    Location:
    Peoples Republic of Oregon
    The point is I am unable to Disable NOD as a least priveleged user. If ESET would give a configuration option to ALLOW non-admins to disable NOD I'd be happy. I personally feel the password protection would be enough for me to feel comfortable enabling this option.

    Alternatively, ESET could add a "Gaming Mode" option, where non-admins could temporarily disable NOD for a set time period (by the Admin).. say 4 hours. After 4 hours, NOD would re-enable.
     
  6. Matthijs5nl

    Matthijs5nl Guest

    I understand your point, but I will repeat my point again: disabling temporarily and Gaming Mode is not the same.
     
  7. buckZor

    buckZor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    15
    Location:
    Peoples Republic of Oregon
    grrr, the "gaming mode" suggestion is a marketing spin on this. I don't care what its called, or even how its done. I want max performance when I game. I want max protection from my NOD (advanced heuristics, real-time all files, etc). I dont want to run as an admin on my box. Let me disable when I game. Simple math.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,432
    I'm able to disable protection in the account of a limited user after elevating rights when prompted for admin credentials.
     
  9. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    what operating system do you use?
    with vista and 7 you should be able to disable nod from a limited user account. you will get a uac prompt.
    you shouldnt disable your av while you game. the av shouldnt slow down game, if it does then you -probably have a compatibility problem and should report it.

    the best solution is to simply turn off the notifications while gaming.
     
  10. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    'Block removable media' mostly useless to me as currently implemented...

    First...

    Posting Feature Requests to a single thread is silly - they all simply get lost in the maze.

    There should be a dedicated forum for feature requests, so that each request is its own thread.

    That said...

    The 'Block removable media' feature is mostly useless (to me at least) as it is currently implemented.

    There needs to be more fine-grained control. Most importantly, there needs to be a way to treat *storage* - ie, floppy/CD/DVD drives - media differently from *non*-storage media - ie, USB keyboards, mice, printers...

    Something like:

    For all removable storage media:

    [x] Block all access [x] Allow read-only access

    [x] Always allow access to USB keyboards, mice and printers

    The last item is very important - there should be a very easy way to block all removable devices while allowing minor USB devices like keyboards/mice, expecially now that PS/2 ports are going away...
     
  11. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    279
    Location:
    Philippines
    I just want more modularity in the NOD32 AV. This might add complexity to some options/checkboxes within the "Advanced Setup" tree. However, at least we could turn off some options we like/don't like.

    Options like below:
    E-mail scanning, File scanning, Web scanning, Document protection, Simple/Awesome GUI, Removable Media protection, Memory protection, Registry check, Hidden/corrupted files check, etc.

    This way, all of the ESET NOD32 users would be able to customize their own preferences on their AV. We could shift towards a lean and light setup, or a full featured AV product, which may use a little bit more resource, but offers more protection/effectivity.

    I think no other AV company has offered this much modularity within an AV product. At least, power users and people who like tweaking their own software would be happy playing around with the new EAV settings.

    And for good measure, during installation, there should be an option presented to the user which AV setting they like -- "simple" or "power user" mode. Simple mode is for your average Joe and the power user mode would be like the suggestion above.

    Cheers! :)
     
  12. kbaue

    kbaue Registered Member

    Joined:
    Aug 17, 2010
    Posts:
    2
    I'm just playing with Intel AMT and Eset'S Rescu Disk.
    This is working almost pefect, but I would require to change the windows\system32\startnet.cmd.
    In this special case to include vnc (required to autoboot an INTEL AMT pc with ESET.ISO and have a view what's going on)..

    AT the moment I can manage it copying fast enough the correct startnet.cmd into the temp during Eset's creation process...

    Another methode would it be to halt the iso creation process after the system is built in the temp directory - and allow manual changes... and to resume ..
     
  13. twichert

    twichert Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    14
    Location:
    Lansing, MI
    My wishlist:

    1) Better exclusions support:
    a) Exclude specific processes (eg. DFS Replication Service)
    b) Exclude specific drivers and all files/paths they touch (eg. 3rdpartyISCSI.sys)
    c) Exclude based on internal paths (eg. \\?\Volume{GUID}\*.*)
    d) Partial-path/Pattern exclusion support (eg. *\inetpub\vhosts\*.* to exclude the pattern)
    e) REGEX exclusion support. I don't care which flavor, as long as it's a well-documented standard.​

    2) Ability to request ERA clients to execute of arbitrary commands and ERA packages (eg. "Pull Install", autoupgrade from 4.0 to 4.2, reinstall, reboot, ...).
    a) I'll qualify this with the fact that "push install" cannot work in the kind of environments I'm using NOD32 and ERA. My ERA clients are not in a single, homogenized, corporate IT plant. My ERA clients are members of many different AD domains, with some not attached to any AD domain. I have to do a lot with hacky scheduled-task VBScripts, duct tape, and bubble gum. I'd rather this feature would be available in ERA than rely on an icky mashup.
    b) I would like to be able to run packages with the NT AUTHORITY\SYSTEM user rather than having to provide AD or local admin credentials, as it is neither necessary nor desired for all the personnel managing our ERA to have a complete list of all administrator credentials.​

    3) Better handling of high disk IO scenarios with warnings sent to the user and logged in ERA about possible system instability of the symptom continues.

    4) A script-friendly API. Preferably synchronous.
     
    Last edited: Aug 20, 2010
  14. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Yes, yes and yes. I agree with all of those. Most of those are high on my wishlist too. Nice post :)
     
  15. JokaG

    JokaG Guest

    When is version 5 of Nod32 arriving? Is there any sings of it?
     
  16. PhoenixUA

    PhoenixUA Registered Member

    Joined:
    Jul 16, 2008
    Posts:
    13
    Definitions rollback - must have feature! :mad:
     
  17. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    I agree on this as well, it must be possible to roll back to a definition un-affected by any problems.
    The Update mirror folder should have a cache of old updates we can use to roll back to all server/client machines.
     
  18. DonSrbin

    DonSrbin Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    1
    Improvement suggestion :)

    It's actually a quite simple thing:

    Add a check box called "shutdown after the job is done" in window of computer scan, virus signature update, submitting file for analysis...

    You know, people just don't want to (and usually can't, too) waste time sitting in front of the computer, waiting for NOD32 to complete in depth scan, which can take quite a while on mass computers...

    Such an option already exists in a lot of other programs, and it might just solve the problems to a lot of people...
     
  19. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    I just want to correct the translation in the Spanish version for something less confusing for the user.
    Currently the string "no se ha podido desinfectar" is misinterpreted by many users as a failure of antivirus.
     
  20. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92
    I'd like to see a rollback to the old NOD32 2.0 interface :)
     
  21. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Re: Future Changes to EAV 3.0

    This function would show the power of detection of NOD32, not only malware but also to PUwA and PUsA.

    There are many users saying that NOD32 does not detect some samples because they have disabled this options.

    It would be great to add this configuration (for these categories) in the NOD32 installation.
     
  22. Prime2515102

    Prime2515102 Registered Member

    Joined:
    May 5, 2009
    Posts:
    3
    Location:
    Michigan
    The part of NOD32 that decompresses archives for scanning needs to be multithreaded. It makes me sick to see a scan take 2 hours while my dual-core CPU is pinned at only 50%.

    I don't know if the rest of it is multithreaded but as much multithreading that can be done, should be. Do they even make single-core CPU's anymore?
     
  23. scockman

    scockman Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    1
    I have done a search of this thread and did not see any mention about Windows Home Server, so my apologies up front if I am suggesting something that has already been mentioned.

    I would like to see an Add-In incorporated so that we have access to EAV via the Windows Home Server console.
     
    Last edited: Sep 18, 2010
  24. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    PLEASE PLEASE PLEASE, the ability to exclude a process from scanning.

    We need to exclude C:\Users\<username>\AppData\Local\(applciation name goes here) from all rpocessing, but becuase ESET doesn't support environment variables (%USERNAME%), we have no possible way to exclude this folder without manually adding a few hundred users to the exclusion list.....

    Excluding a process, like almost all other AV solutions, would do it nicely.


    Jim
     
  25. AJStevens

    AJStevens Registered Member

    Joined:
    Aug 27, 2008
    Posts:
    97
    Location:
    Surrey, UK
    In EAV, ESS and any other ERA compatible ESET products, a "report" button to force it to report into ERA immediately on the update page if an ERA server has been set.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.