NOD32, automatically clean infections?

Discussion in 'NOD32 version 2 Forum' started by Ahamay17, May 22, 2004.

Thread Status:
Not open for further replies.
  1. Ahamay17

    Ahamay17 Registered Member

    Joined:
    May 13, 2004
    Posts:
    21
    Location:
    Broken Arrow, Oklahoma
    Currently I have a scheduled scan every night, then every few days I open the scan logs and look to see if anything was infected. If it was I then run NOD32 on demand scanner in clean mode. Is there a way to set up to clean automatically during my nightly scheduled scans, eliminating have to go back and do it manually?

    TIA,
    Ray
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,730
    Location:
    Texas
    In my opinion, you are are doing the scan the right way.

    From the NOD help file "The default selection is recommended. In some special cases of a false alarm, immediate deletion of the supposedly infected file might lead to loss of data."

    I would never have my antivirus delete anything until I was sure it wasn't a false positive. :)
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, you can schedule a task that will run nod32.exe with the desired parameters (the recommended ones are /clean /delete /arch+ /pack+ /ah /quit)
     
  4. TC88Rider

    TC88Rider Registered Member

    Joined:
    May 25, 2004
    Posts:
    5
    Location:
    Sarasota, Florida
    Marcos, you state that you can run the desired parameters "/clean /delete /arch+ /pack+ /ah /quit". How are these entered? I setup my weekly scan in NOD32 in NOD32 System Tools, Scheduler/Planner, but did not see where these parameters could be entered?
    Okay, so now you know, I am fairly new with NOD. Actually purchased it for my office and home computers back in November 2003 after reading info on this site. Have been very pleased with it so far. Just don't know some of the cutomizable items like the above. Thanks
     
  5. Ahamay17

    Ahamay17 Registered Member

    Joined:
    May 13, 2004
    Posts:
    21
    Location:
    Broken Arrow, Oklahoma
    Ditto . . .

    Ray
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    When scheduling a task that triggers an external application, the last setup screen allows you to specify the desired parameters:
     

    Attached Files:

    • task.jpg
      task.jpg
      File size:
      19.3 KB
      Views:
      5,177
  7. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    You have to set it up on your NOD32 control center. If you run NOD32 and then change the settings, that if finds the an infected file to clean it and if it can't to delete it or quarantine it (setup tab). You can name the profile what you want to. Then under tasks you would schedule the task and use the profile that you created it.

    Never thought of doint it that way. Thanks Marcos.
     
  8. Ahamay17

    Ahamay17 Registered Member

    Joined:
    May 13, 2004
    Posts:
    21
    Location:
    Broken Arrow, Oklahoma
    Thanks for the replies. . . :D

    Ray
     
  9. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Marcos,

    I entered the same parameters that you have displayed above. All that happens is the NOD32 scanner screen opens, but scanning does not start. Am I missing a parameter that starts the scan? Also, what goes into the "working directory" dialog box, if anything?
     
  10. TC88Rider

    TC88Rider Registered Member

    Joined:
    May 25, 2004
    Posts:
    5
    Location:
    Sarasota, Florida
    Your not alone Dazed. I have the same issue? We must have missed something...
     
  11. Ahamay17

    Ahamay17 Registered Member

    Joined:
    May 13, 2004
    Posts:
    21
    Location:
    Broken Arrow, Oklahoma
    Same as Dazed and TC88 for me also, it scans memory then goes to "Scanning targets" tab and appears to be waiting for a selection of either scan, clean quit, or help. . .

    Ray
     
  12. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Hello folks,

    I just checked and ran the scheduled task all OK. This is what I entered in the Command Line... "c:\ /clean /delete /arch+ /pack+ /ah /quit" ...without the speech marks of course.

    Regards,
    Bandicoot. :)
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Bandicoot, I'll try that when I get home tonight :D

    Cheers :D
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The scheduled task will only run AFTER I have clicked on the standard Outlook Error Message...

    I know there is a manuel fix for this, however, surely there must be a fix that Eset can place within Nod to stop this, I have NEVER had this error with any other anti-virus program...

    Do I have to find the thread and manuelly fix this error, or is there another way to tell Nod to just do the job I am asking it to do o_O

    Cheers :D
     

    Attached Files:

  15. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Hi Blackspear,

    Do you use another email client then? If you set Outlook as your default client but use another one of your choice for day to day use, you shouldn't get that warning message. (I use Mozilla and I don't get this warning). Or you can alter the Command Line to this....
    "c:\ /clean /delete /mapi- /arch+ /pack+ /ah /quit"
    ...and again, you shouldn't get that warning message.

    This warning is obviously generated by Outlook so is not directly NOD's fault, however, the developers at Eset are working on a way to fix this.

    Can I add one more point please.... as Ronjor said earlier...
    ... I agree totally. I'm not sure that it's a good idea to automatically delete anything without checking what exactly it is, IMHO.

    Regards,
    Bandicoot. :)
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I know what you are saying, especially using the /ah switch, so I have just added the following to a schedule;

    c:\ /clean /mapi- /arch+ /pack+ /ah

    and it has just kicked into place without the error message and seems to be working perfectly :D I removed the /quit switch so I can see the results. I really think this will be a great function for clients and will look at offering it LESS the /ah switch - I don't want extra phone calls :rolleyes: It will force a weekly scan on those that want the additional security of knowing that no matter if they remember or not, Nod will remember for them and run a weekly scan :D

    Cheers :D
     
    Last edited: May 27, 2004
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The scan resulted in Sober.G being found in system restore, the scan being done used Advanced Heuristics, I am just wondering why these files were not picked up with a standard scan using "Deep Heuristics" o_O

    Cheers :D
     

    Attached Files:

  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    For those that are unsure of where or what to do, see the following screen shots...

    Click on Scheduler/Planner and then "Add"

    Cheers :D
     

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      54.6 KB
      Views:
      5,012
    Last edited: May 27, 2004
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Then...
     

    Attached Files:

    • 2.JPG
      2.JPG
      File size:
      19.5 KB
      Views:
      4,937
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    and enter a name you want to call your task...
     

    Attached Files:

    • 3.JPG
      3.JPG
      File size:
      16.3 KB
      Views:
      4,885
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Browse to where the Eset folder is stored on your system...

    Add the directory you want to scan, and the switches you want to use... and there we have it, you have an automated task.

    Hope this has been of help...

    Cheers :D
     

    Attached Files:

    • 4.JPG
      4.JPG
      File size:
      20.9 KB
      Views:
      4,889
  22. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks. I was missing the "c:\" part of the equation. Now it's running fine. Can anyone explain what the "mapi-" and "/arch+" and "/pack" settings do? I think I understand what "/clean" does. :)
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Last edited: May 27, 2004
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    http://www.nod32.ch/support/ans/comm_switches.htm

    Command Line Switches:

    General

    /help = Display the list of program switches
    /selfcheck+ = Self-test enable
    /selfcheck- = Self-test disable
    /expire+ = Enable the program expiration notice
    /expire- = Disable the program expiration notice
    /subdir+ = Enable the sub-directories scanning
    /subdir- = Disable the sub-directories scanning
    /multi+ = Multiple diskette scanning enable
    /multi- = Multiple diskette scanning disable
    /sound+ = Sound warning enable
    /sound- = Sound warning disable
    /list+ = Create the list of all tested objects in the Log
    /list- = Include in the Log only the objects infected
    /break+ = Enable testing intermission
    /break- = Disable testing intermission
    /scroll+ = Enable scrolling of the Log
    /scroll- = Disable scrolling of the Log
    /quit- = Do not quit the program automatically after scanning
    /quit+ = Quit the program after scanning


    Detection

    /pattern+ = Enable testing using virus signatures/patterns
    /pattern- = Disable testing using virus signatures/patterns
    /heur+ = Enable heuristic analysis
    /heur- = Disable heuristic analysis
    /scanfile+ = Enable scanning of the files
    /scanfile- = Disable scanning of the files
    /scanboot+ = Enable boot sectors scanning
    /scanboot- = Disable boot sectors scanning
    /scanmbr+ = Enable MBS scanning
    /scanmbr- = Disable MBS scanning
    /arch+ = Enable archives (ZIP, ARJ and RAR) scanning
    /arch- = Disable archives scanning
    /pack+ = Enable internal runtime packer files scanning
    /pack- = Disable the runtime packer files scanning
    /local = Scan all local non-removable media
    /network = Scan all network disks
    /ext=<LIST> = Add a new extension into the list of tested files. (Multiple entries permitted, e.g., /ext=EXT1,EXT2
    /all = Scan all files regardless of their extension


    Heuristic analysis

    /heursafe = Set safe heuristic sensitivity (minimize false alarms)
    /heurstd = Set standard heuristic sensitivity
    /heurdeep = Set deep heuristic sensitivity


    Protocol

    /log+ = Enable Log file generation
    /log- = Disable Log file generation
    /wrap+ = Enable text wrapping in the Log file
    /wrap- = Disable text wrapping in the Log file
    /logappend = Enable Log file append option
    /logrewrite = Enable rewriting of the Log file
    /logsize=N = Set Log file to the maximum size of N KB)
    /log=<FILENAME> = Set the Log file name (e.g.: /log=NOD.LOG)


    Cleaning

    /clean = Clean infected objects (if applicable)
    /prompt = Offer an action upon virus detection
    /rename = Rename the infected file
    /delete = Delete the infected file
    /replace = Replace the code within infected boot sectors by an appropriate standard code


    Note: If the switches: /prompt, /rename, /delete/ or /replace are used concurrently with the /clean switch, the corresponding action is carried out only if the virus can be cleaned.

    Test Scheduling

    /daily = Automatic testing on a daily basis
    /weekly = Automatic testing on a weekly basis
    /period=N = Automatic testing once in N days


    Network (Windows versions only)

    /recipient=<LIST> = Specifies the recipients of the network messages (server/s, group or workstation name) Multiple entries are permitted, e.g., /recipient=SERVER1,SERVER2

    /msg="<MESSAGE>" = Specifies the message to be sent upon virus dete
    /centralpath=<PATH> = Specifies the name of the directory for Centralized Update files
     
  25. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Wow! I want to know why command line adv.heuristics could not find the viruses that were found by this scan just now??! I scan everything I download to disk with adv. heuristics before executing. I guess it is because the scanning is not deep enough? Or whato_O

    Well, looks like the bug from NOD32 for W98SE has gotten into the XP version also because I cannot copy/paste the logs! I just had NOD32 crash and actually close out of the systray when I tried to copy the log. I restarted NOD32 and tried again to copy/paste and NOD32 crashed again! It is gone again from the systray. I will restart it but I don't dare go try to copy/paste the logs again or it will crash. Why is is so extremely easy to kill NOD32 anyhow?

    At any rate, these 4 viruses (actually 2 because 2 were in system restore) were unknown. I forgot to check quarantine so I don't have copies there. (Other AV would automatically quarantine and I have trouble remembering that NOD32 doesn't).

    One of the viruses was in a well known program which I have had for several months and there hasn't been a peep out of NOD32 on demand scanner all this time. Of course it has been scanning using deep heuristics not the advanced...I think it may have been a false alarm and I don't think I should have set NOD to delete if it couldn't clean especially since it is using AH. The other virus was from AVtest.
     
Thread Status:
Not open for further replies.