IMON...Client compatability

There is something really strange going on with Nod32 and I have no idea what it may be other then perhaps a VIRUS.

I have always used the higher efficiency mode for all programs listed in the HTTP compatability mode. But lately I have noticed that every time I open the HTTP window, I see a lot of red entries, meaning higher compatability. I then change them to higher efficiency, hit OK and then hit OK again. 5 mins later when I open the same window, the entries are back to red.....AARrgghhh!!! What could be the problem?

I have run a complete scan and the system is showing clean. SAS found Adware - Lop-Gen which it promptly cleaned. But Nod32 is not finding anything and it is loading fine too.

So what you do you guys think might be the problem? I am using 2.7.32 with the latest virus defs.

 

It is definitely not a malicious code (a.k.a. virus) .

It might be because you use a registry cleaner and it removes the appropriate registry key(s).

 

Well thank God it is not a malicious code. How can I be sure that Nod ain't broken? And how do i fix the harm a registry cleaner may have done?

 

Do you use a Registry cleaner ? Have you run it soon ?

 

Since it needs to write to the HKEY_LOCAL_MACHINE portion of the registry....does this signed on user have Admin rights ?

Since Nod adds only the higher efficiency item to the below string value entry....when this happens again....take a look at that below entry and see if the higher efficiency entries are actually still there. That would help confirm if they are not being displayed properly in the HTTP compatibility setup section or in actuallity they are indeed being changed back to Higher compatability which would remove them from the active_ua_list string value.

HKEY_LOCAL_MACHINE\SOFTWARE\Eset\Nod\CurrentVersion\Modules\Imon\Settings\Config000\Settings... active_ua_list

 

See the funny part is that 50% of the entries are set to higher efficiency and the rest keep reseting to higher compatability.

I even reinstalled Nod but the same thing is happening. I really do not want to uninstall, clean up all nod entries and then reinstall as I would hate to lose all my settings.

Is there anyway I can delete all the entries in the setup and then start fresh?

 

Bubba...you got me thinking now. Would you happen to know how many entries can be held in the above string. Maybe I have exceeded this limit, and the excess keeps reseting to higher compatability.

which leads me to the questions....how do i remove every entry from the client compatability setup??

 

Here is a thread which discusses removing single or a few items.
client compatibility list
An easier way is to clear the entire list and allow NOD32 to refill it with only the current versions.The contents of the key can be deleted. When applications are run again, NOD32 will replace the entries as needed.
The compatibility can be changed then.

 

I do not want this question to go un-answered because of it's importance...."does this signed on user have Admin rights ?".

I have never seen a particular number mentioned but I would think it would have to be more of a Windows registry limit of how long a string value can be versus a limit imposed by Nod....but I honestly have no clue as I have never had a need nor desire to change to higher efficiency meanig I would never approach a limit for the active_ua_list entry.

Just curious....how many do you think you have

I'll also ask if you don't mind and I'll attempt to merge the active_ua_list portion into my Nod32 when I have access later this evening to see if I can dupplicate this.

Can you click Start > Run > and copy the below bold command in the window:

regedit /e c:\activeua.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Eset\Nod\CurrentVersion\Modules\Imon\Settings\Config000\Settings"
click OK to execute the command.

This will export that key to a newly created file c:\activeua.txt.
Can you then find that file and upload that file as an attachment to a post Please.

Thanks,
Bubba

 

Yes, the signed user has admin rights.

Taking a very rough guess, I would say over 200. It seems to get longer and longer. That is why I want to get rid of it all and start from scratch.

I will try and PM you the file.

Thanks for all your help and hoping we can resolve this.

 

I did what you suggested but all it did was get rid of my higher efficiency entries and all the red higher compatability entries are still there. And they still will not turn to green...meaning higher efficiency. Aarrrgghhh

Thank god I backed up the reg entry.

 

Any helpers?

 

Having taken a look at your active_ua_list that you sent me I have a few questions\comments.

The vast majority of those entries are either Microsoft-CryptoAPI/5.131.2600.2180 or Mozilla/3.0 & 4.0

1) Are those the entries that seem to change back to passive (higher compatibility) ?

2) What type settings do you have in the HTTP tab section down in the Larger file download settings area and are the boxes checked ?

Perhaps your own setting in that area is causing certain UserAgent entries to revert back to Higher compatibility

 

Am away for a week from the computer in question. Will respond as soon as I get a chance. Thanks again for all your suggestions/help.

 

Hello,
I have a similar problem when I view web pages containing large size pictures or when I download large WMV files.
*Note :[I translate from french]*
For HTTP tab, I have manually set everything to "higher efficiency". These 2 boxes are checked : "switch to passive mode for files larger than : 2048 kb" ; "switch to passive mode when the download exceeds : 55 seconds".
Here what happens : in the lower right corner, I see the green arrows from Nod32 staying on the screen even when I abort the download then close Firefox and then disconnect from internet. The only way I found to get rid of these "green arrows" is to restart my computer. I have made the activeua.txt file from the above reading.
Can you help me please ?

 

This is quite normal.In higher efficency mode IMON first downloads everything , scans the file and then it is bypassed to the original application . In this case you will see this icon of the IMON downloading the file instead of the original application itself . For larger files when it takes more time to scan , the original application may not like the fact that the file is first downloaded by something else . Moreover you intentionally crash the programs by stopping the internet , closing ...

The solution -> switch to Higher compatibility mode and your issues will be gone . 100% guarantee that Higher compatibility will not reduce your overall level of security . AMON is the most important protection module of NOD32 which will be there to pick-up everything IMON possibly misses because of its structure.

Enjoy your NOD32 !

From the NOD32's help file:

 

Thank you, I put everything in "best compatibility" and these issues have gone away. One last question, may I safely remove the content of HKEY_LOCAL_MACHINE\SOFTWARE\Eset\Nod\CurrentVersion\Modules\Imon\Settings\Config000\Settings
in order to to make it clean and then let choose which application will be either in passive or active mode ?

 

You are welcome.

No , don't do it . This key doesn't respond to what you think . If you delete it you may corrupt IMON .

Once again , you really don't need any application in Higher efficency

P.S. the key which stores information about what is in the compatibility list is
HKLM-Software-ESET-NOD32-Modules-IMON-Settings
Using regedit.exe , in the right you'll see UserAgentList which you can edit but not delete .
If you are unsure how to do it , simply don't do it ! If there it won't do any bad to your computer.