How does the firewall and AV work together?

Discussion in 'ESET Smart Security' started by losimagic, May 25, 2011.

Thread Status:
Not open for further replies.
  1. losimagic

    losimagic Registered Member

    Joined:
    May 25, 2011
    Posts:
    6
    Today (overnight) Nod32 found 2 suspected trojans amongst some java files

    C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\61a815d-56e1199e » ZIP » vmain.class - probably a variant of Java/Agent.BR trojan - was a part of the deleted object

    C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\640f9e74-3e5d8961 » ZIP » vmain.class - a variant of Java/Agent.BR trojan - was a part of the deleted object

    Firstly, I thought Nod32 offered realtime protection, how did they get there?

    Secondly, if these are genuinely trojans and not false positives, would the firewall have been triggered if these trojans had tried to phone home with keystroke data (or whatever their purpose was) and blocked them?

    Many thanks
     
  2. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    What firewall do you use

    Hogndog
     
  3. losimagic

    losimagic Registered Member

    Joined:
    May 25, 2011
    Posts:
    6
    Hi, thanks for a quick reply.

    I use the firewall that's built into Eset Smart Security 4, on interactive mode.

    When I got to my system this morning Nod32 was asking me what it should do with them, delete them, or do nothing. I chose to delete them, which I believe places them in quarantine.
     
  4. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    I've tried firewalls built into a suite, spells trouble, for me that is, for now it looks like your O.k. To recommend a firewall at this time is premature, hope this helps
     
  5. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Does that mean that the ESET Firewall is uselsss? Someone please confirm this as I am using ESS too with a 2 year license just purchased :blink:
     
  6. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    No it isn't useless. It's a decent two-way firewall. It doesn't have HIPS in v4.2 but HIPS will be added as a separate additional component in v5, which is currently available as a beta download.
     
  7. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    oh ok, thanks for the info bro
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    You're welcome. :)
     
  9. losimagic

    losimagic Registered Member

    Joined:
    May 25, 2011
    Posts:
    6
    Going back to my original question, if nod32 allowed the (possible) trojan onto my system, how well would the firewall do at blocking any communications that it tried to make?
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Assuming the Firewall is running in Interactive mode, it would depend on what methods the trojan used to try and connect out. If it used the kind of sneaky tricks that leak tests are designed to simulate, it would probably be successful. This is why the ESS firewall performs so poorly in the Matousec tests. This will change in Version 5, which has HIPS (providing the HIPS is also enabled in Interactive mode).
     
  11. losimagic

    losimagic Registered Member

    Joined:
    May 25, 2011
    Posts:
    6
    Thanks for the info. Is it worth upgrading to the beta now, or is it still a little early to be fully trusting it?
     
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I'm running the beta and it's remarkably stable for a beta. I've encountered one or two minor bugs but nothing serious.
     
Thread Status:
Not open for further replies.