How to Exploit NOD32 V4 32 bit XP sp3

Discussion in 'ESET NOD32 Antivirus' started by Escalader, Oct 26, 2009.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello:

    I like this product! But I have some simple questions (to some) as to how to mximize my security using this product.

    1) Can I effectively create a country blocking table in web access management using the list of blocked addresses? I think that this is possible

    I entered *.cn, BUT with no examples to copy I'm unsure if this is a correct entry. The software accepted the entry but again I have doubts.

    If this works I can enter ALL countries I wish to avoid on the www, no insult intended to any individual. I'm just trying to exploit the features.


    2) Reading the help, V4 seems to do everything a HIPS does am I right about that? If so how does it validate a program is legit to run just by seeing if it is Malware or by checking the file name, digital signature or the MD5 code?

    Again I applogize in advance for asking these questions.
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    This seems to be part of the answer to my own HIPS on V4 question:

    Still don't know what type of validation logic Nod32 V4 imposes on executables.
     
  3. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Your *.cn will block this www.chinadaily.com.cn, but it won't block http://www.chinadaily.com.cn/china/2009-10/27/content_8852346.htm

    I have no idea how to get it to block a top level domain. I thought I'd asked this question before, but searching the forums leads me to believe that I imagined it. o_O

    (Edit: I knew I'd brought it up on the forum before; it was a request in a 'Future changes...' thread.)
     
    Last edited: Oct 26, 2009
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Well V4 did 1/2 of your post. It did block www.chinadaily.com.cn, but it allowed www.cnd.org.

    The * means according to the manual any string of characters. So I think I would need to block the second one some other way. I'm glad I'm not the only user who could benefit from this.
     
  5. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
  6. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    How about adding these 3 filters:
    *.cn
    *.cn.*
    *.cn/*
     
  7. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Nah, they won't work. You can't end with a forwardslash for some reason. o_O
     
  8. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Last edited: Oct 27, 2009
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Thanks to you guys! Before we are done I will have learned how to program masks for V4.

    1) Do we need to put www. in front or does it matter? I've done a few but the SW grays out the www

    2) It would be good if we could load a set of addresses masks in?


    Yes, it worked here as well! When it blocks do you get a pop up or message?
    I'm in FF with pop ups blocked so I think I have to allow V4 to do pops!
    Nope ! I had the notify box unticked! whoa this is great learning! As soon as that was on I got a pop from V4
     
    Last edited: Oct 27, 2009
  10. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    re 1: I'd think generally no.

    re 2: You can export all your addresses and masks with the 'Export...' button.
    You can import them by clicking on the drop down arrow next to 'Add...' and select 'From File'.

    Note: In the case of *.cn/\* it will be exported as *.cn/*, so you'd need to manually edit that entry in the saved export file to *.cn/\*


    :argh:
     
  11. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
Thread Status:
Not open for further replies.