Future Changes to EAV

Discussion in 'ESET NOD32 Antivirus' started by Blackspear, Jan 20, 2008.

  1. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    People (including a mod) were kind enough to explain why that feature is ineffective and pointless, so please stop asking for it.

    The definitions that would be used during a boot scan are the exact same ones that would have been used the last time the system shut down. Because files are automatically scanned when written to the filesystem (and commonly used files are re-scanned after definition updates) there is effectively no chance a boot scan would detect anything that was not already seen and scheduled for removal upon the following system startup. Boot scans make your computer slower to turn on without adding any security.
     
  2. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    enable manually Gamer mode is annoying, user have to go in Advanced setup tree, user interface, Gamer mode.....

    or by main window in the Setup pane on the right side.

    actually, we can only disabled Gamer mode by the icon tray, why not enable it too ??

    it can be easier to make Gamer mode available by right-click on nod32/ESS icon tray (as disabled/enabled av and antispyware protection ) and/or ONLY automatic (enable Gamer mode when running applications in full screen automatically)

    and I why so many alert (notifications, orange icon) when we activate manually Gamer mode and nothing with automatic o_O The risk is the same, both with no notifications and no scheduler task.... ??!! Do Eset think automatic Gamer mode user dont need these informations ?
     
    Last edited: Oct 1, 2011
  3. Try_and_Buy

    Try_and_Buy Registered Member

    Joined:
    Oct 3, 2011
    Posts:
    2
    Updates offline.
    In small networks, it works pretty well.
    In large networks, all computers accessing the Internet at the same time, it crashes. You need a computer to read the updates and the other only access this computer.
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Are you saying the network load from clients updating their definitions is causing bandwidth problems, or that your actual network or clients are crashing just under normal usage? If it's the former, that is what the update mirror functionality is there to address. If it's the latter, then I think you're dealing with some bigger problems than your anti-virus vendor.
     
  5. Try_and_Buy

    Try_and_Buy Registered Member

    Joined:
    Oct 3, 2011
    Posts:
    2
    Yes.
    Many computers using a single link to access the Internet.
    All equipment trying to read the same site, the waste of bandwidth. Will be a single computer to access the site, more efficiently, less waste.

    Nod32 version/release 4.x.x use "Advanced configuration -> update -> (edit) -> server update".

    Nod35 version/release 5.x don´t leaves to edit "server to update", only automatic/standard
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    version 5 is currently only released as a home user version. the version 5 for business will allow updating from mirror server.
     
  7. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    280
    Location:
    Philippines
    Run application as limited user/standard user (like a built in DropMyRights rather than sandbox), probably similar to Run Safer of OnlineArmor/Restricted Applications of SpyShelter and add this feature to the HIPS component to make it more granular -- since not all people run their computers inside LUA.
     
    Last edited: Oct 16, 2011
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    Currently EAV notifys when windows security patches are available but have not been applied. I would like to see the feature extended to third party applications such as adobe reader,flash player,oracle java,itunes etc. I dont want it limited to the small list of programs I have listed thou.
     
    Last edited: Oct 17, 2011
  9. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    :doubt: :blink: :doubt: that means many update notification !!!! but, yes, it could more secure but means AV detect all these apps.... Is there an AV already doing this o_O
     
  10. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    kaspersky have had a similar feature for ages (requires a separate scan). sophos endpoint 10beta detects insecure 3rd party apps as well as windows updates.
     
  11. Oswald2

    Oswald2 Registered Member

    Joined:
    Oct 3, 2006
    Posts:
    63
    Home users can use Secunia's free Personal Software Inspector (PSI). Unfortunately, there's no licensing of PSI for small businesses. You have to use their Online Software Inspector (OSI) which has more limited software detection, or move to their Corporate Software Inspector (CSI) which is way more complicated for most small businesses and way too expensive for a small network. For home users, PSI is a good bet. Frankly, I'd like to see ESET include the feature if only to fill this gap for small businesses. I think it would be considered "bloat" for some users, so it might be something to offer optionally with ESS and skipped on EAV.
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,439
    Location:
    Outer space
    It would be nice if ESET could have a section on their website, or a sticky here in the forum where all new module updates (both on release and pre-release servers) are listed, including notes about what's changed.
     
  13. 22ndcitysaint

    22ndcitysaint Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    62
    Location:
    PH
    1. Cloud protection (like SONAR protection on Norton)

    2. Whitelist for HIPS (interactive mode is a headache)
     
  14. jst3751

    jst3751 Registered Member

    Joined:
    Dec 11, 2009
    Posts:
    21
    Location:
    USA
    Why are you using a Home product for a business? NOD32 v5 is currently only released for HOME, not corporate/business.
     
  15. Pirate_XBT

    Pirate_XBT Registered Member

    Joined:
    Dec 29, 2011
    Posts:
    1
    Location:
    Ukraine
    1. Sandbox.
    2. Self-defense for Registry Key's antivirus ESET.
    3. Downloading most critical files Windows or other OS using cloud technology on the server ESET for scaning and cleaning if need. In the case of infection of critical files, the antivirus will replace the infected file clean.
     
  16. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Better Cleaning
    Proactive protection like BitDefender or Norton.
    Lists for fails(Download inside)
    Better Hips like Comodo or Outpost.
    Better Cloud reputation
    May be Sandbox.
    And finaly good version with no buggs!!!;)

    If for the future Eset think to put gadget...is better small like Norton...or nothing.
     
  17. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Not gonna happen ;)
    Agreed :thumb:
     
  18. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,348
    I agree with almost everything, except the Sandbox and the gadget (I do not want to become ESET bloatware).

    The HIPS I agree, but wish it had an option "automatic" do not want to be bothered by pop-ups.
     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    The HIPS module is constantly improved the last update was on Dec 12. (I am on Pre-release)

    For no pop-ups leave the HIPS in the default Auto-mode, and check the logs for stuff that have been blocked automatically.
     
  20. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    With 5.0.95 i have nothyng in automode.:)
     
  21. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Non the gadget i don't won't to but i'm not Eset constructor...i said IF ...small like Norton(not huge like Kaspersky TV:D )
     
  22. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    i agree with better cleaning, recent bad result in removal test (first std certfication for an av-comp test since 2004)
     
  23. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    As a new NOD32 4.2 Bud Ed user, some observations and suggestions:

    1) add documentation for all the NOD32 policy settings to the ERA console and corresponding ERA User Guide (.pdf). Why should I have to go to a NOD32 client and use its help system to look up what the myriad of policy settings mean? When new settings get added to the product, be sure to add it to the docs as well. e.g. Display only notifications requiring user interaction (under User interfact->Alerts and notifications)

    2) Exclusions: allow us to specify environment variables, such as "%WINDIR%\Windows\SoftwareDistribution\DataStore\Logs\*.*". I want a given policy I create to be able to apply to multiple operating systems.

    3) Exclusions: why not make the default client policy include the standard exclusions that Microsoft recommends in KB822158? You could allow us to enable/disable this auto-exclusion list with a check box in case some folks do not want to do it...

    4) provide a Getting Started Guide for Admins and discuss things like creating your first NOD32 policy. I tried following the ERAC User Guide, but gave up because it never listed definitions for any of the policy settings. I was about to abandon my NOD32 trial until a user in the forums recommended to create policies using the NOD32 client's GUI (Advanced Setup).

    By the way, why are NOD32 and ESET Smart Security lumped together in ERAC? Very confusing for newbies...
     
  24. karlisi

    karlisi Registered Member

    Joined:
    Apr 7, 2011
    Posts:
    68
    Location:
    Latvia
    About exclusions.
    I think ESET is doing right, not including MS recommended exclusions in default policy. If you read MS KB, they warn you: We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk. So, it is by you to decide.
     
  25. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Exclusions (cont'd):

    Karlisi - that's normal Microsoft legalese that their lawyers make them add (much like their hot fixes) :) The same KB article also says:

    When you scan these files, performance and operating system reliability problems may occur because of file locking.


    Again, I suggested this could be added as an optional (check box to enable/disable) policy setting, so that those admins that choose to be blind to potential performance issues can remain so by leaving these MS recommended exclusions disabled...

    Having worked with many AV products, the fact that many of them do exclude certain files tells me there is likely a good reason to do so.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.