no AMON alert window (non-Administrator)

Hi, guys. I have been trying out NOD32. I like much of what I see, but it is not perfect.

I am running on Windows 2000 as a non-Administrator. One problem I have run into is that when an infiltration occurs, AMON will pick it up, but it does not show me the alert window with the action selection (rename, delete, quarantine, etc.). Note that this works fine when I am logged in as Administrator.

AMON does prohibit access to the file, but the file is still sitting there. Choosing "Clean automatically" in the AMON options does not help when the file is a worm like Bagle, because the file itself is the infection. It does not delete the file. Once again, I am left with an intact file sitting on my hard drive.

Am I missing something, or is this a shortcoming of the program, as it stands now? Thanks.

 

I'd check whether the NOD32 Control Center is running (the white-green CC icon by the clock in the lower-right corner of your screen).

 

Hi, Marcos. Thanks for the fast response!

Yes, the NOD32 Control Center is running. I can even take a look at the Virus Log in the Control Center and see that AMON has detected the virus, though no action is shown.

As this same non-Administrator user, IMON alert windows *do* show up just fine. It is just the AMON alerts that do not work for me. Any ideas?

 

Here is an example of what seems to "jam" the AMON message window (for me, at least). I have a saved e-mail in Thunderbird 0.8 with the attachment "MoreInfo.scr" (Win32/Bagle.X worm). I use this for testing purposes. I tell Thunderbird to save the attachment to a folder (the Desktop, for instance). Boom, there is MoreInfo.scr on my Desktop.

I never do see the big red message windows. I take a look at the NOD32 virus log. I see that it detects the virus, but the Action field is blank. If I try to copy the file, the system tells me that access is denied. However, I am able to rename the file. When I rename it, another "no action" detection of the virus appears in the log.

 

Please check whether you have AMON set to display the warning window and prompt for an action (AMON's setup - Actions tab). If it's set to Clean automatically or Prohibit access, the warning window will not pop up, only access to infected files will be blocked. The question is whether Moreinfo.scr is a good example (e.g. it might be packed with a runtime packer) so I would test it with eicar (http:\\www.nod32.com/eicar.com) first.

 

So when "clean automatically" is selected im not even notified that i have for instance downloaded an infected file - if the cleaning was successfull that is?

Thats not good.


/DaK/

 

I checked the AMON Actions tab, and it is set to "Prohibit access and display alert window with action selection."

Using Opera, I right-clicked the http://www.nod32.com/eicar.com link and told it to save it to the Desktop. A big IMON alert window popped up, and I terminated the connection. I went into the IMON settings to disable HTTP scanning. At this point, I was able to save eicar.com to the Desktop. No AMON window, though it did show up in the Virus Log. If I try to copy it, I get a Windows "Access is denied." message. I am able to move it to a different folder, though.

Get this, though. If I log in as Administrator, the AMON alert windows do appear. After this, logging in as a non-Administrator, the AMON alert windows start to appear. It is as if the AMON alert must be activated through Admnistrator before it will appear for a non-Administrator.