Managing NOD32 | How can we see things improved?

Discussion in 'NOD32 version 2 Forum' started by vincent_vh, Sep 8, 2005.

Thread Status:
Not open for further replies.
  1. vincent_vh

    vincent_vh Registered Member

    Joined:
    Sep 8, 2005
    Posts:
    6
    Managing NOD32 | Discussing the (ideal?) architecture.

    Hello there.

    First things first. I'm a network administrator looking for a way to improve sollutions for managing antivirussoftware. I'm starting a discussion in this forum because I think NOD32 is a good piece of software. It works well and it's pretty easy to understand, or at least, the options are well spread out.

    The discussion I want to start is NOT about the NOD32 scanner itself. Nor IMON, AMON,... but about the managing of multiple nodes. At this moment Eset uses the RAS(/RAC) combination for this matter, but I believe there are ways to improve this. Logically, this post is mainly ment for network administrators, and maybe also for NOD32 software developpers. I just want to spread some ideas about how thing can be done (better).
    Don't be affraid to compare functionality's from other antivirussoftware as there may be idea's in that.

    Before I post my idea's, I would like to know if you think this post is usefull. If I don't get some positive respons on that, I'm probably better of not starting this.
    So now it's your turn... go ahead...
     
    Last edited: Sep 12, 2005
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi vincent_vh, welcome to Wilders.

    I think your thread is a very good idea, post away :D

    Cheers :D
     
  3. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Any idea which improves nod32 is welcomed
     
  4. Happy Bytes

    Happy Bytes Guest

    Wrong.
    Any idea which improves nod32 is highly welcomed. :D
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Any idea which improves NOD32 is accustomed, acknowledged, allowed, approved, arrived, authorized, chosen, confirmed, conventional, credited, current, endorsed, established, fashionable, in, in vogue, kosher, legit, normal, okayed, orthodox, popular, preferred, received, recognized, regular, sanctioned, standard, straight, time-honored, touted, universal, unopposed, usual, Welcomed

    :D:D:D
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Oh boy the peanut gallery has arrived :rolleyes: ;) :D :ninja:
     
  7. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    You do mean firecat right? :)
     
  8. Happy Bytes

    Happy Bytes Guest

    You know that firecat always completes my unfinished sentences 'coz lack of time :D
     
  9. Yoshman

    Yoshman Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    44
    Hi,

    i think this thread could be very interesting and useful :) i have some ideas/ problems in my head, too. but the are not ready to be written yet :)

    regards
    steffen
     
  10. anotherjack

    anotherjack Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    224
    Location:
    Louisiana
    I have some problems in my head as well. At least that's what my wife tells me. And the little voices... :)

    Vincent - You have looked at the RA Console improvement list that's in the first post here, right?

    Jack
     
  11. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Some points I mentioned in that other thread....because I spent many years deploying/supporting Symantec Corp Edition setups. I have fully come aboard with NOD32 and only resell that, but I'll still state that I feel the install and deployment of the NOD32 Enterprise Edition still has some maturing to do, something with Symantecs CE with management console is quite ahead in.

    Symantecs MMC would show you the IP address, and most importantly, the currently logged in user of that workstations. This was key, since many times some network computers are labeled in a non-descriptive way, such as ws-1, ws-2, ms-1, etc etc. So if you see a red flag in the management console, it was nice to see Sym CE MMC show you the logged in user, instead of trying to figure out where in the building ws-3 is.

    By default setup a directory with a client install pre-packaged with the remote admin settings intact, that is shared. Much like Sym CE does with the VPHome share that has the clt-inst folder with a setup package ready to rock and roll right away.
     
  12. anotherjack

    anotherjack Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    224
    Location:
    Louisiana

    I've got a few items in that list as well. We also used to run NAVCE before the switch. The RA Console already shows the IP address, and suggestion #27 under Remote Console asks for user id, for the same reason you mention. We have some machines named with the serial number, so you can only imagine what a pain in the rear that is... My PRIMARY request is listed as #2 under Remote Console - the assignment of a unique identifier (preferably MAC address) to all entries in the RA Console (and a way to clean the darn listing!) as detailed in post #27 of that thread. As to the default setup, we use a batch file to run the setup.exe file from a shared location, with it pointing to the XML file with the settings we want. About as close to a "canned custom install" as we could come up with, and it works well for us.

    Jack
     
  13. vincent_vh

    vincent_vh Registered Member

    Joined:
    Sep 8, 2005
    Posts:
    6
    Well, glad to hear this is appreciated.
    Let me answer some questions first:

    To anotherjack :
    (1) Yes, I've looked at the other post regarding the future improvements. Even though, I've been looking at 'Remote Admin'. This is what you mean by 'RA Console', right?

    (2) I allready have something to say about your #2 request (UNIQUE identifier for all machines, preferably something like MAC address.)
    Doesn't seem like a good idea, because computers with multiple network-cards would also create multiple entry's. Same thing for computers that would connect trough VPN occasionally.
    It seems to me that a better way would be to create a unique ID on installation (fe calculated upon the MAC address and a random variable). This way you pretty much connect an installation to the used OS. Also usefull when using multiple OS'es on the computer.

    To everyone:
    It's not my goal here to copy the post about the future modifications list. I'm more looking at re-inventing the admin-part of NOD32.
    I've been evaluating different enterprise versions of AV's and I've stumbled on incompactibility's upon our network propreties. To put it shortly, not a lot of enterprise AV's are designed to work on a NAT-environment.
    I must admit NOD32 Administration module's is pretty much the only one that would work over NAT (I still have to do a proof of concept though, if my bosses let me...). Main reason for this is because NOD32 works completely on PULL principle.

    All people can post their ideas of changing the software architecture of NOD32 administration reflecting their own network architecture, to improve things like bandwith controle, functionality's,... . I'll be mainly looking to tune things so it works in a NAT environment as this is where I have to find a solution for personnaly.

    To give you an idea about an improvement:
    Placing a server on each remote site, even for bandwith issues, is still a bit of a mess. A (good?) way to improve this is for computers on the same subnet to update each-other. If you want to know what I mean, look at Mcafee Virusscan ASaP(Rumor technology) and Panda Webadmin(can't find the page, but they have something similar).
    Tell me what you think about this...

    I hope to get some feedback :D
     
  14. illuminati

    illuminati Registered Member

    Joined:
    Mar 23, 2005
    Posts:
    21
    One thing that I would consider helpful, is a tree type view in the RA Console. This would allow you to group computers by configuration, and not have to remember what group they are in if you want to roll out a configuration change. We have machines that need file/directory exclusions, or imon configuration change to make them comaptible with software users are running, but don't want those changes on all machines. It would be easier if they could be permanently grouped in tree structures. Hopefully this makes sense.
     
  15. vincent_vh

    vincent_vh Registered Member

    Joined:
    Sep 8, 2005
    Posts:
    6
    Hmm, I don't get much reply's on my last point...
    Let's get things straight first:
    I'm not talking about a 100% webbased antivirus. I just think the way the agents update themselves is a bandwith-friendly and efficient way.
    Policies and more important the approval to get a certain DAT-file installed SHOULD come from your (RAS) server.

    Maybe I should put it this way:
    Forget about all repository's. There is just one repository and that is the one on the internet from the vendor (Eset in this case).
    For agents to update efficiently, they should try to find the updates on computers from the same subnet.
    Still, I think the agent shouldn't blindly try to get the latest DAT-file available (some enterprises like to test them first). So I think the agent should check a certain (RAS-)server which DAT-file he can download and use.

    This makes things much more simple. There is no hustling with repository's (which are, in my case (but not with Eset software), the place were lot of problems occur).
    The only downside is that each agent should have a port listening (for the update purposes).

    So, I hope I explained things well.
    Now please... some feedback... Do you think this implementation s**ks? Or do you like the concept? This is what this post should be all about.
     
  16. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    Please add license expiration/renewal tracking stats; and display in "Information". It's unbelieveable that this is still lacking!!!!
     
  17. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    if it's not already on the wishlist, you might suggest it here:

    https://www.wilderssecurity.com/showthread.php?t=49674

    hth

    Greg
     
  18. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    Looks like it's there at #50
     
Thread Status:
Not open for further replies.