NOD32 extra info thread. A lesson learned

Discussion in 'NOD32 version 2 Forum' started by CarolHaynes, Sep 8, 2005.

Thread Status:
Not open for further replies.
  1. CarolHaynes

    CarolHaynes Registered Member

    Joined:
    Sep 1, 2005
    Posts:
    37
    I was recently pointed at https://www.wilderssecurity.com/showthread.php?t=37509 by Fred Langa's newsletter (you all get this ... right www.langa.com there is a free version but I pay for the plus version and it is an excellent read).

    This provides a comprehensive set up and tweak list for NOD32 version 2.5 and is excellent.

    The only problem I had (and this is the warning) is that after applying all the tweaks GetRight download manager stopped getting file sizes for new downloads and really struggled to complete downloads.

    Be aware that the HTTP compatability settings need to be set with care (half way down page 2):

    [​IMG]

    and in particular all the GetRight settings need to be set for compatability mode.

    The problem arises becase when "Higher efficiency" is set all files are downloaded first by NOD32 and scanned before being passed to the application that requested them. Sometimes this means that applications make the request and it is then downloaded twice! Once for NOD32 to check and once for the application, but in GetRights case it tries to download it and sticks in the last few bites forever and so the download never completes!
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi CarolHaynes, welcome to Wilders.

    Step 4 of that post does state the following:

    4. It is recommended to change the compatibility level to "Higher Efficiency" unless you experience problems with certain applications.

    The reason "Higher Efficiency" is recommended is also stated, in that lowering this setting may allow Trojans to slip past.

    Cheers :D
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Download managers and streaming media players must remain set to Higher compatibility mode due to the way they work.
     
  4. CarolHaynes

    CarolHaynes Registered Member

    Joined:
    Sep 1, 2005
    Posts:
    37
    Thanks for the comments - both are fair points.

    Trouble is you do this tweaking and then wonder a few days later what could be causing odd effects. I just thought it worth mentioning my specific experience. No criticism intended.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    Just a point here, the help file that comes with NOD32 is a wealth of information on how to configure and use each module.

    From the help file on IMON: In active (higher efficiency) mode, IMON first downloads and scans whole file and then passes it on to the target application. This procedure is safer because in the case of an infiltration the application does not receive any portion of the downloaded file. A disadvantage is that the application receives all data at once, therefore it cannot show the download status properly. Therefore, if the download lasts for more than 5 seconds, a small window showing the dowload progress pops up beneath the system tray. Active mode is not suitable for certain types of data which requires a continual data flow (e.g. multimedia, streaming video/audio).
     
  6. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Well, personally, I find "Higher Efficiency" scanning to not really be worth the extra hassle that it may involve in determining compatibility and/or adjusting for client compatibility issues. While I do understand the underlying technical difference between the two formats, I believe it to be a pretty rare occurence that would result in serious computer compromise or malware infection as a result of not using Higher Efficiency. Although I do acknowledge and conceed that it results in a nominally increased amount of security. However, I also believe that it isn't worth the time to adjust the real-time scanner for all files rather than the default set of executable, scripting, and macro-based extensions. Like nearly everything in information security, there is a tradeof or a compromise to be made.

    Sometimes the minimal extra protection afforded by a security configuration, setting, or program isn't worth the extra compatibility hassle or extra overhead incurred. Knowing where to strike the right balance is also part of information security. At the end of the day, it is certainly personal preference and also a decision that must be made in consideration of one's own unique situation and application... yet, still, I think the point should be made that it's not always best just to set every setting to maximum. At least not without some careful consideration. Moreover, I think it's somewhat disingenuous to throw in, almost as an after-thought, a disclaimer saying essentially: "Oh, yeah, by the way this setting might cause you problems." I believe that if you are going to provide detailed instructions and recommendations, you owe your readers a more detailed explanation of what may go wrong and what you may break by configuring such settings.
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Most download managers have the option to put in command line parameters for scanning files after downloading. I normally just set that (similar to Blackspear's suggestions for the scheduler, but with /scanmem-) and exclude the download manager in IMON. With all options enabled, this can potentially result in a better scan anyway :)
     
Thread Status:
Not open for further replies.