Discussion in 'ESET NOD32 v3 Beta Forum' started by sir_carew, Jul 24, 2004.
Why is the most feature to add to the beta version?
I choose the AMON installation as a suggestion that can be considered.
It's very dangerous. Many friend who has choose to evaluate NOD, has choose Next, next and next and AMON disabled due to default settings. It's a reality that most users doesn't read setup's and doesn't select others settings than the default. AMON is the first line of defense against virus. If ESET do this to avoid conflict with others AV, why not setup check if in this system exist other AV and warn the user of this and not to choose amon disabled as default option.
I also chose for AMON settings on installation.
I've chosen the memory process protection.
The process protection is already encorporated - try to stop or kill nod32krn and you'll see.
You've reason, nod32krn.exe can't be terminated from Task manager in my 2k pro machine under a Administrator account. Great news, however I've somes ideas to implement to NOD regarding processes protection:
- Why NOD doesn't log in its event log that for example aplicattion called gift.exe has tried to kill nod32krn.exe process? so We can know which aplicattions is trying yo kill NOD.
- I know that protect nod32kui.exe process isn't necessary, because it's the GUI. but nod32.exe is also important, because it's the process that scan the disks and many malware try to kill process like that. Marcos, what do you think about those suggestions? I wish that those will be implemented in next beta
Enable AMON by default.
The best idea is to make the installer not to allow the user to click through all the options, but force him to select / leave unselected the automatic AMON startup option.
It's a quite big technical problem to make separate settings for the POP3 and HTTP scanner - we'll move the scanner setup onto the advanced tab.
At present it is too easy to click "next" and go straight past "install resident protection to start automatically".
Why not default it to be installed, and if you want to turn it off, then you have the choice to go to the Control Centre and disable it; after you have installed the entire program. It makes no sense to install half a program by default, it is just annoying to the consumer...
Microsoft SP2 will treat everything as hostile, setting everything to its maximum by default (according to the local MS rep), and this is how it should be with any form of protection. If you want less protection, then it is your choice to lower it, and the risk is all yours...
Most definitely still need to be able to NOT have AMON enabled if user so choses I think. No clue why anyone would want the best AV as on demand only, but some will choose to do that.
Blackspear, it's so simply because you might not be able to get to that option after reboot unless you restarted Windows in safe mode.
My thoughts exactly. Some AV will cause just that scenerio I have found out personally.
Have you tested any trojans with NOD?
No, I tested 2 things:
- Task manager normal: nodkrn.exe can't be terminated.
- Task manager with DiamondCS: nod32krn.exe can't be terminated
- Process Kill Demo built in Process Guard paid 2.0: nod32krn.exe can be killed, however nod32 restart its service again when it's killed.
All above tests were realised in Windows 2000 Professional SP4 under a Administrator account.
The reason I ask, is I have been reading here and there that NOD is catching more trojans than some of the trojan programs. Have you heard this?
Yes, is true. I collect malware and NOD pick up most of RAT (Remote Trojan Access) without Signatures using AH. I think that NOD is one of the best detecting RAT.
Sir Carew, hopefully you'll submit them to email@example.com so that we can add detection :-]
I submit about 3 samples per day.
It still makes no sense to me, you are not going to find out if you have a conflict with AMON unless you install it and reboot your PC, so why not install it in the first place as a default setting?
In the extreme unlikely event that you are unable to have AMON running, then yes, you may have to go into safe mode and uninstall AMON. Not a single one of my customers has ever had this problem. I myself have never encountered it.
I have been asked on a reinstall, "do I need this?" (install resident protection to start automatically), there should be no question, a customer should not need to query this, it should just install, and like I said, if you want to lower your protection then it is at your risk in doing so...
Process protection is my choice. I have had NOD 32 wiped as recently as two days ago. I got some trojans on my machine and NOD32 popped up a box but I think some got thru because a few minutes later when I rebooted and tried to open NOD to do a scan I got a message 'file not found'. Then I clicked on the icon in the systray and it opened but would you believe it was completely BLANK!! No writing , no name just an empty NOD interface with green around the edges. Other programs were intact but NOD was just completely destroyed. Took me 2 days to get online. Just taking a break now. Might give the beta a go because this one is taking a beating.
This has happened to me about 3-4 times with NOD and using Process guard makes my PC unstable so I keep away from it now until they iron out a few bugs. Having NOD broken into and destroyed was just the beginning. Afterwards my system became corrupted and my hard drive unuseable. So there are things out there that attack NOD and they are getting better at it everyday.
Separate names with a comma.