NOD32 Engine Technical Details

Discussion in 'ESET NOD32 Antivirus' started by jrmhng, Dec 26, 2007.

Thread Status:
Not open for further replies.
  1. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Hi all,

    Where can I get information on the NOD32 engine beyond the typical marketing talk? I'm interested in how the AV works.

    Cheers
    Jeremy
     
  2. ASpace

    ASpace Guest

    ESET Antivirus is not an open-source software
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Somethings like this?
    untitled.gif
     
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Never said it was.

    Yep, but what exactly is "Code Analysis", "Emulation" and "Generic Signatures"?
     
  5. ASpace

    ASpace Guest

  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
  7. jilo

    jilo Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    11
    First "Heuristic" in ESS = passive heuristic in manual ? and "Advanced heuristic" = active heuristic ?

    If it's that I don't understand what passive heuristic can't do that active heuristic does. I'd like to know what setting alert me when an application tries to modify hosts file, or startup settings for example like with an HIPS.

    The PDF doesn't help me :

    1. Heuristics used by an anti-threat program might have rules to look for things like this:
    . Something that tries to copy itself into other programs
    . A program that decrypts itself when run
    . Code that binds to a TCP/IP port and listens for instructions over a network
    connection
    ƒ . A process attempting to manipulate (copy, delete, modify, rename, etc.) files required by the operating system or applications"

    Ok... even it could be more explained (ex. what are these "files required by the OS" : all files in windows directory ? only some of them ?)

    2. "Passive heuristics, though a useful tool, is very difficult to do well."
    and later "Due to advanced heuristics, the detection intelligence of the program is significantly higher."

    Have we to conclude that, unlike HIPS tools, ESS is unable to detect each actions mentionned in the Heuristic feature, for example in "passive" mode ?
     
  8. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    No. And I am afraid the rest of your question will remain unanswered.
     
Thread Status:
Not open for further replies.