Re: Future Changes to EAV 3.0 It would be good to add the Access file formats in to this. In this case: *.mdb|*.ldb|*.accdb|*.laccdb
Re: Future Changes to EAV 3.0 Rewrite the saved email scan log Threat Found! message for a Trojan (or other threats non-deletable from within the scan log) Suggested wording (based on a NOD32 2.70.32 user's experience): "This archive cannot be cleaned now, because of the type of infection it contains [or because it contains a Trojan, if that's the only infection that prevents cleaning an archive]. And the entire archive cannot be deleted, because it includes non-infected content. But the infected file within the archive probably can be removed later, from within [or, by using] the appropriate application. For example, an infected email message in an email archive probably can be removed later, from within the email program. But before you open 'the appropriate application' to attempt to remove an infected file from an archive, first back up the archive, for example by copying it or copying a folder containing it." The rationale and background for this suggestion is in a Wilders NOD32 forum thread, "Saved Email 'Threat Found!' Suggestion for NOD32 3.0 and 4.0," at https://www.wilderssecurity.com/showthread.php?p=1402804#post1402804 Roger Folsom
Re: Future Changes to EAV 3.0 is there anyway to make the new nod32 3.0 have the interface that 2.7 does? i looked at the help files with the screen shots but i think the 2.7 is nicer looking
Re: Future Changes to EAV 3.0 1. Understand Windows variables in exclusions paths. This means things like %windir%, %systemroot% etc. 2. Have a tick box which implements the Microsoft recommended exclusions for Windows: http://support.microsoft.com/kb/822158 From my understanding of the article they would like as follows: Windows XP/2003 %windir%\SoftwareDistribution\Datastore\Datastore.edb %windir%\SoftwareDistribution\Datastore\Logs\edb*.log %windir%\SoftwareDistribution\Datastore\Logs\Res1.log %windir%\SoftwareDistribution\Datastore\Logs\Res2.log %windir%\SoftwareDistribution\Datastore\Logs\Edb.chk %windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb %windir%\security\edb.chk %windir%\security\edb.log %windir%\security\res1.log %windir%\security\res2.log %windir%\security\tmp.edb %windir%\security\database\Secedit.sdb %windir%\security\logs\*.log %allusersprofile%\NTUser.pol %Systemroot%\system32\GroupPolicy\registry.pol Windows Vista/2008 %windir%\SoftwareDistribution\Datastore\Datastore.edb %windir%\SoftwareDistribution\Datastore\Logs\edb*.log %windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs %windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs %windir%\SoftwareDistribution\Datastore\Logs\Edb.chk %windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb %windir%\security\database\edb.chk %windir%\security\database\edb.log %windir%\security\database\edbres00001.jrs %windir%\security\database\edbres00002.jrs %windir%\security\database\tmp.edb %windir%\security\database\Secedit.sdb %windir%\security\logs\*.log %allusersprofile%\NTUser.pol %Systemroot%\system32\GroupPolicy\registry.pol 3. Global toggle for Potentially Unsafe Applications, perhaps during setup as is already done for Potentially Unwanted Applications.
Re: Future Changes to EAV 3.0 I agree with Quitch on points 1 and 2 - this would make it much easier to set up.
Have a desktop notification to show that NOD32 AV has scanned incoming email (in Outlook 2003 in my case)...say, at the end of every POP3 session where one or more emails have been received. This way I can be assured that NOD32 is always scanning email as it should (per my settings), without having to either allow email tags, or having to keep checking the stats. Thanks. New to the product, really impressed thus far. EDIT: Meant "desktop notification," had said "balloon tip."
Double-agree with Quitch on both points... in fact, I'd go so far as to make #2 enabled by default (auto-detecting which version of Windows it is being installed on of course)...
1) Provide a means in the CURRENT product to be able to tell us about a NEW major upgrade. My 3.x version should be able to alert me to such major news so that I know I should look to upgrade. It'd be even better if it could, with my okay, perform this upgrade seamlessly (without my having to go initiate a download and go find it and run it). 2) It'd be great to have a search function in the product to search for things like, "Conficker" and see that I'm okay. I watched 60 Minutes last night and wondered if NOD32 new about this and if I was fully covered. It'd be nice to have that extra layer of comfort. I type "Conficker" and NOD32 tells me all it knows about it and assures me that I've been scanned and seem to be clean. Or I see nothing and ask support about it.
Yeah, honestly when I found out NOD32 didn't it was a real WTF moment. I can understand delaying the auto rollout, but never?!
ESS *BUG* - to be solved, priority #1 Eset Smart Security v3 & v4. If the Advanced Heuristics option is turned ON at Realtime Protection Module sometimes it will smather menus in "start" all programs tree (taskbar). Also some DIRs with mixed contents (different size and type) will block all system resources for dozens of second due to program code gap which utilizes this option rather dissapointing. There is a leakage in that peace of the code! NOD32 2.70.39 also had the same option with primitives and coroutines in heuristics but it didn't bug at all !!! If it bugs in start menus on QuadCore machines @3GHz with 4GB of RAM DDR3 @1600MHz and RAID striped disks @10K 32MB buffer it is not good at all, it is pretty bad !!! It is stupid enough, so rewrite that segment of code (to Eset experts)!!! MOST IMPORTANT is THIS: if it's bugging dll, exe, com, sfx...WHY is Advanced Heuristics bugging START MENU tree and all SUBMENUS when it should open in a few msecs, it needs 10-20s to show! Thats only shortcuts to programs, not files at all. Best regards from Serbia
Turn all Adcanced Heuristics in Realtime module for all types of file. All options must be set to ON (max. protection), Then play with menus oftenly. You will seee that bugging, not often but sometimes it will bug in menu and not show for seconds. On all machines at that settings, about 20 PCs had the same issue. I say not always, but every 10-20 times of menu searching and submenus listing...try, and you will se...it is very irritating. That vanishes if AdvHeur is OFF.
Again, that's normal. Advanced heuristics scan all files the shortcuts refer to in real time which has an adverse impact on system performance (you were warned of this fact when enabling AH on file access). It all depends on the files you have, I barely see any delay (I guess the delay is 250-500 ms at most on my system).
Hello. I posted this in another thread (https://www.wilderssecurity.com/showthread.php?t=233781), but I believe I should have posted it here and not there. I didn't see this thread before. I apologize for the double post. I have a suggestion. It would be nice if the message that Nod32 attaches to e-mails could be in two languages, the language version of Nod32 installed and in English. It would be a nice optional feature. Thanks, Danny Azevedo-Hawkins
Add Outlook data file (pst) scanning capability, or failing that at least log the fact that pst files haven't actually been scanned. Background and details: I posted a separate question about pst scanning capability. While there were no replies, further research seems to indicate that while NOD32 does scan Outlook Express data files (dbx files -- as confirmed in Help), it does not scan Outlook data files (pst). (I ran across some older threads which suggest that pst scanning *may* have been included in previous versions, but it's clearly not a current capability.) Even with NOD32 integration into Outlook, this would be useful for evaluating whether an archived or backup pst is infected in advance of reattaching it, so that the user can locate and delete/disinfect the offending email(s) promptly upon reattachment. The current shortfall is compounded by the fact that NOD32 does not properly list the pst files as exceptions in the scan log. But now that I have discovered that they aren't really being scanned, I will know to use an alternative such as the free online BitDefender scanner to evaluate whether a pst is clean.
I agree with the .pst scanning. When one has a network drive full of 600 PST files, it is nice to be able to scan them at night and clean out any viruses. Outlook Integration conflicts with Kerio connectors, so we have to have that off globally, since we can't tell if a particular user is IMAP or POP3. RAV had this option and I was able to clean up many PSTs using it. I also second the %dir% in the exceptions. As it is, I have to specify c:\winnt c:\windows d:\winnt d:\winnt.1 and so forth.
They should return to NOD32 2.70.39 Advanced Heuristics Options...on ESS 3 and 4 nobody is using AdvHeur because it is stupidly serching for files on disk even if you walk through menus!!! Double doing the same job, cause if you open some shortcut it either will be scaned!!! Option that is not used is not an option. Just return to NOD32 2.70.39 setting for this!
As a user of the Business Edition with the RA, something I would like to see on the client is a check box on each of the "lists." On the exclusion list, the check box would be "Enforce only these exceptions" and on the URL Filter list it would be "Enforce only these blocks" as well as "Enforce only these exceptions." Users end up with exceptions or whitelist entries that I don't approve of as the person in charge of antivirus. Stupid things like c:\*.*. I have no way of knowing this without going through 675 client configs. I'd like to have the option to set in my policies at the RA that the exclusions I create are the only permitted ones, and the clients enforce that. I'd also like to see you partner with someone like Websense or Bluecoat and offer an add on service of URL Filtering. Bluecoat doesn't require a database download, so that might make more sense. You've got 95% of the puzzle to do URL Filtering. Just need a database instead of a list file which you have now.
NOD 32 is not capable of performing boot-time scans, right? I think it would be a good idea to implement this feature...
One stupid thing about engine update is that I must to wownload whole setup @#$&^&* Why cannot be done from within update module It can simply repair engine with new version and make restart...also Eset needs much stronger realtime scanner in a sense of removing residues of virus body that can be cleaned off only with automatic restart and wipeing before Win startup. Eset rearly do restarts and viruses stay in highmem!
Probably all been said before but what i'd like to see is. 1) Better detection of smitfraud/zlob, virtuamonde and their ilk. 2) System Updates = No Updates by default install. local drives and memory by default install. 3) Ability to take ownership/permissions of files that are locked by rootkits, so nod can actually scan them and not give a [4]. ...Especially when added as a second drive in a clean system. 4) Setting all the settings with a script after install using 1 script on totally different pcs. (dunno if it can do it now or not) 5) Easier to navigate gui. I know checkboxes and sliders are cool but pick one or the other please. 6) Get rid of the scary robot from the "irobot" movie in the spashscreen before you get sued by wil smith. 7) Faster load time on boot. Fix the "Importing badly messed with xml file crashes nod" error. 9) Auto Delete quarantined files after so many days. 10) Some kinda registry cleaner to at least remove services if not all the crud that trojans add, for a more complete removal.
I know there have been several posts about software updates already, but would like to add to them here... Currently I run ESET on both XP and VISTA (as well as 2000, but that is being retired)... If there is a major Microsoft update that I have missed, the tray icon turns yellow/orange... If ESET puts out a new version, it sits there green and happy... Shouldn't the ESET ICON at least turn yellow/orange if there is a new release that you are licensed for Also, the update page allows the check and download for a new definition file but not a new version... If you are licensed, shouldn't you also have the option to download the latest version of ESET from the update page Currently I am finding about about the new versions from STUMBLING on them while viewing other software threads... and so I finally signed up here only to find yet ANOTHER version available... means I am way behind times on the new versions... Yes, I should probably visit the ESET site more often, but each time I move to download a new version I have to remember which system it is for and what the username and password for that particular license is... so if the software had the check embedded inside itself, I wouldn't have to open text files stored on a USB stick or on a desktop to determine what the login access was to download the new version... the update page would hopefully fill that information in as it brought down the new version for me to install... I can understand if there are issues with an automatic install... but if the option to download a new version to a folder on our PC was available, then we could install it after the internet connection disappeared... Thanks for providing this location where we can provide feedback of things we would like to see with ESET... Regards - -Bob
