Nod32 bad?

Discussion in 'NOD32 version 2 Forum' started by Stephan123, Jun 19, 2004.

Thread Status:
Not open for further replies.
  1. Stephan123

    Stephan123 Registered Member

    Joined:
    May 15, 2004
    Posts:
    135
    Location:
    The netherlands
    Is nod32 bad.I have do a test with 36 infected files and Nod32 can only cover 4 files of the 36.Other scanners can find all the 36 but nod32 4.I have submit what samples but how long does it take before i can delete the other archives
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Well, it's questionable if the samples not detected by NOD32 are actually viruses. Most of other AV companies strive for having the largest database of viruses and it usually happens that the samples they add are actually non-functional. As a result, it may imply that the AV, which do not detect them, are worse in terms of detection capabilities.

    Also please make sure you scanned them with all objects selected in NOD32 scanner setup (e.g. if the file not reported by NOD32 as infected was actually in a zip archive and you didn't have scanning archives enabled, it's obvious that NOD32 could not pick it up). If you did so, I suggest you send them to samples@nod32.com so that we can analyse them and tell why they were not detected.
     
  3. Stephan123

    Stephan123 Registered Member

    Joined:
    May 15, 2004
    Posts:
    135
    Location:
    The netherlands
    Now can Nod32 find 35 of the 36 virusses :) .I have send 1 sample to the adress.The name of the zipfile is phpfaces.zip
     
    Last edited: Jun 19, 2004
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    NOD detect all your viruses. Let me explain:
    PHP.Faces is a highly polymorphic virus. NOD uses a emulator to detect many polymorphic viruses, for this reason the virus need to have the real extension. In this case the extension should be .php and not other as .txt, .doc, etc. I've found this virus in a site renamed as .txt. Please rename it to .php and NOD will detect it without problems.



     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    why, Why, WHY does Nod32 by default NOT arrive set to it's maximum strength o_O

    why, Why, WHY should the public have to discover this after the fact, when something has NOT been detected, due to default settings, as in the basis of this thread.

    Cheers :D
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,774
    Location:
    Texas

    I think they are trying to avoid false positives as much as possible. That can scare a new user. And if a new user should delete a false positive, they might possibly break their operating system.

    That is the only reason I can think of.
     
  7. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Polymorphic viruses aren't detected even if NOD is configured to scan all files. Why? because NOD need to emulate the virus. It's not dangerous because if a virus has a bad extension it can't run so can't damage your system.

     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I am talking about "Default Settings" that should be ticked by DEFAULT, we go through after installing Nod32 for clients and tweak it up, I would rather be at full strength and deal with a possible "False Positive", than deal with a angry, upset and confused client who then has to be told, go to settings tick everything that should be ticked, rerun your scan, and ohhhh now Nod detects the infection...

    Cheers :D
     
    Last edited: Jun 19, 2004
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,774
    Location:
    Texas

    In this case, NOD needs to rewrite their help file that comes with the program.
    They state in the help file that NOD is optimized out of the box.

    Maybe Marcos can shed some light on this.
     
  10. MCT

    MCT Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    300
    i agree it should be optimized out of the box, i have a reg tweak that does alot :D

    download RegSnap run it, & compare registry changes before & after u configure nod how u like it, then u just have 2 double click the .reg file 2 have it install when u install nod for the first time

    regards
     
  11. Stephan123

    Stephan123 Registered Member

    Joined:
    May 15, 2004
    Posts:
    135
    Location:
    The netherlands
    thanks for all the replys
     
  12. 0pium_Dealer

    0pium_Dealer Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    106

    Hi guys

    Hads a couple of infection recently, so decided to reinstall XP. Decided to give NOD a try too. So far, very impressed with it.

    With reference to the above post, what 'tweak' should I make to the default setting to ensure I get maximum protection?

    So far, I've changed the HR scan from safe to deep, is this better?

    TIA
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    See this thread: https://www.wilderssecurity.com/showthread.php?t=21171

    Yes :D

    You can also set up Nod to make a automatic weekly or daily scan, see this thread: https://www.wilderssecurity.com/showthread.php?t=33275 and from post number 18 onwards... And post number 46 in the same thread for a maximum strength command line scan...

    Cheers :D
     
  14. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I left my NOD32 updating every hour as it was set upon install. Anyway, that' not the point of my post; rather my point is to say that I too would have preferred that the application installed with "max" or "very high" so to speak levels of detection or security without me having to make a few adjustments. All the same, I must also state that I've never had any other AV so impressive as this, and it's definitely never missed a single thing (yes, for the record - I have double and triple and quadruple and blah blah blah checked :-D )
     
  15. 0pium_Dealer

    0pium_Dealer Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    106
    Blackspear

    Thanks for the link. Followed your example setting up a schedule scan :)

    The schedule was set up in the admin account, under profile. I have a limited account set up for nornal everyday use.

    Will the scan start while I am logged in the limited account, or do I need to be in the admin account for it to work?

    TIA
     
Thread Status:
Not open for further replies.