''In-depth analysis'' feature ?

Discussion in 'NOD32 version 2 Forum' started by Riverrun, Feb 22, 2007.

Thread Status:
Not open for further replies.
  1. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Hi all,
    This is my first time posting here. It's a great site and I've been reading here for some time now before I became a member. I'm a fairly new PC user and more mature in years but I'm enthusiastic and willing and able to learn.

    I'm using Nod 32, and thanks to Blackspears extra settings, I had no problems configuring the settings.

    I do have a query, however. It concerns the ''In-depth analysis'' feature. When this particular scanner has finished it's business and I enter the Actions, Setup, Profiles area, I find that the default setting still apply though the Nod 32 scanner indicates that the scanner is cleaning. My question is: should I apply the same configuration, i.e. Blackspears, to the In-depth analysis scanner?

    Thank you all for the interesting and informative forum that we have here.

    Riverrun

    :) :) :)
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The in-depth analysis profile uses factory settings that cannot be altered. You can customize other profiles and save them, personally I have never used the in-depth profile.
     
  3. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    OK Marcus, that settles that. Thanks for the reply.
     
  4. tsherr

    tsherr Registered Member

    Joined:
    Jan 30, 2007
    Posts:
    62
    When I got into Indepth scanning, there appears to be a lot of options I can change (just like a regular scan) and these can be saved to the In Depth profile. Is this profile ignored?

    T
     
  5. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Hi tsher. I'm wondering about the same issue. Is it best to optimse these features in accordance with Blackspear's setting on to leave them as they are? Certainly, when the 'In-depth scan' is finished, the option is there to change them.

    River
     
  6. ASpace

    ASpace Guest

    It is the same . It is important to make sure all options are checked so that all optioned are maxed ;)
     
  7. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    In the past few days Nod 32 has installed a new feature, namely: Update Function: gethostbyname, parameters: , return value: 11001. It seems to act as a pre-downloadmanager, almost. I'm not sure that I like it; sure slows things down!
    I guess that it's an added function of the IMON scanner.

    I'd like to know a bit more about it, what it's purpose is and how it protects.

    These questions are important to me because upon my recommendation we have recently installed Nod 32 on 13 PCs at work.
     
  8. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Cheers HiTech!

    Will do that now.
     
  9. ASpace

    ASpace Guest

    No ! This indicates that NOD32 was unable to connect to ESET update servers.Error 11001 shows no internet connection.


    NOD32 combines all its modules to ensures overall protection . IMON is the internet scanner which scans all HTTP and POP3 traffic (~web and mail~).It works in the early Winsock level protecting you from threats . If something is detected by IMON it will block the connection so that malware will not write itself on the hard drive . You visit malicious site and IMON terminates the connection to it s you are protected ;)

    Glad to read :thumb:
     
  10. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    OK, this makes sense to me as my internet connection is not always on. Thanks again.
     
    Last edited by a moderator: Feb 23, 2007
  11. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I assumed that the ''In-depth analysis" was a complete system scan.o_O I am running it now and it has taken almost 30 minutes so far.

    Best,
    Jerry
     
  12. uc-icq

    uc-icq Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    129
    Hi Jerry,
    Yes it's a complete system scan but with all parameters maxed for best detection rate
     
  13. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    It's a very effective scanner indeed, much more so than the ordinary one in my, admittedly limited, experience. I found a bunch of stuff on one lady's PC in work the other day and at that stage, I hadn't located Blackspear's settings, so the scanner wasn't even optimised. I'll have to tweak Nod 32 for her a la Blackspear when I go to work on Monday and scan again just in case there are more infections hiding in some poke or corner.

    By the way, my firewall is sending me the following persistent message: Someone on address 211.191.232.14 wants to send an ICMP packet to your machine.

    Is this a Microsoft update or something more sinister?

    It goes on to say that it's a tcpip kernal driver. I understand what the acronym means though that's not much help as it doesn't elucidate the provenance of the TCP and that's what concerns me.

    I'm wondering if it's not a security update. So far, I've denied it access in case it's something malicious. Thought I'd check here first.

    Cheers all,

    River
     
    Last edited: Feb 24, 2007
  14. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi uc-icq,
    Thanks for the reply. I was wondering how it differed from scanning the hard drives.

    Riverrun,
    I can really relate to that. It does very little for me since I do not know what the numbers mean specifically. It is too bad that we are not given more info regarding the applications so that we can make a good decision.

    Best,
    Jerry
     
  15. ASpace

    ASpace Guest

    Jerry , the "In-depth analysis" scan is the deepest one from all integrated profiles. The difference between it and the "scan local drives" is the the local drives profile does not scan archives,run-time packs,emails and doesn't use advanced heuristics . The deepest scan uses them all ;)
     
  16. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi HiTech_boy,

    Thanks for the clarification. My last scan with that type took about 32 minutes. That is not a problem, but was much longer than the "scan local drives."

    FWIW I am really liking the performance of NOD on my machine. Thanks for all the help.
    Regards,
    Jerry
     
  17. Togg

    Togg Registered Member

    Joined:
    Jun 24, 2003
    Posts:
    177
    Riverrun,

    The server at the IP Address you posted doesn't seem to be willing to divulge very much information so I would keep blocking it if I were you;

    "Initiating server query ...
    Looking up the domain name for IP: 211.191.232.14
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on standard HTTP port: 80
    No response was received from the machine and port at that IP. The machine may be offline or the connection port may be stealthed.
    Query complete."

    I suppose there could be an 'innocent' explanation for this but there is no point in taking chances.
     
  18. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~

    Good advise Togg. Some friends of mine have since clarified the matter and I've blocked that address for good.

    Thank you for your response.

    River
     
  19. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    Hate to dredge up an old thread but......;)

    ....it doesn't *appear* as if all the options are the same as Blackspear's settings for the "regular" Control Center Profile.

    I noticed, for example, that when I looked at Control Center Profile - In-Depth Analysis, the boxes next to E-mail files and Potentially unsafe applications were not checked. Also, in that same profile under "Actions", all of the items in the dropdown box (e.g. E-mail, Files, Archives) were showing "Prompt for an action". Is this normal or should I change this to conform to Blackspear's settings in the sticky (for the regular Control Center Profile)?

    Thanks!
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi prius04, you can not alter the "In Depth" profile, an changes need to be made to other profiles.

    Cheers :D
     
  21. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    Hi, Blackspear! :) Still a bit confused......sorry.......but I think that might stem from the fact that, under "NOD32", there is an "In-depth analysis" function and a "Run NOD32" function.

    After clicking "Run NOD32" and then the "profiles" tab, there's a profile called "Control Center Profile - In-depth analysis". Is this not the same as the "In-depth analysis" function?

    It's strange because I ran an in-depth analysis on my wife's laptop and it sure seemed to follow the defaults for the "Control Center Profile - In-depth analysis" (e.g. it would prompt me for an action when it found something suspicious).
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It "use" to be that you could not change the default profile of "In-depth analysis", however having tested it again this has now changed :blink:

    Cheers :D
     
  23. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    Uh-Oh! Time to update the Blackspear settings thread!!! :D ;)
     
Thread Status:
Not open for further replies.