NOD32 falling behind in definitions?

Discussion in 'NOD32 version 2 Forum' started by Coolio10, Jul 6, 2007.

Thread Status:
Not open for further replies.
  1. ASpace

    ASpace Guest

    I guess the reason is because the file is somehow packed , AMON and the on-demand scanner cannot unpack this upon create and that's why they cannot see what there is in the file . IMON can because it is scanning bit per bit while downloading . I'm sure if you run the file AMON will pop-up immediately
     
  2. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    421
    Location:
    London England UK
    I was stating how important signature updates obviously are for signature-based virus detection. When the updates are not coming through (for whatever reason) then it is of paramount importance that alternative methods for acquiring the updated signatures are available. With Eset NOD32, I am in the dark as to what to do to get these updates. Any ideas anyone? A link to a manual download place perhaps?
     
  3. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    So, all of this begs two questions: What is the difference between trojan, worm and virus? Along with using NOD for almost four years, two years ago, when trojans and worms seemed to be some new kind of malware, I purchased ewido (now AVG A-S) and continue to renew it. I also run Spy Sweeper and freewares BOClean and Windows Defender, all running processes with no conflicts or performance loss that I can discern. Second question: are any of these "late" definitions to NOD perhaps being downloaded to my anti-spyware products or are we dealing with a competely different set of malware than NOD is supposed to be protecting my pc from? By the way, I've never had any kind of malware!
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    See here :)
     
  5. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    As far as you know :D

    This truism was pointed out to me (here, I think) when I made a similar boast having used NOD for over six years.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    There are no known problems with the update servers, if you are having a problem I'd suggest that you contact your local NOD32 distributor or directly Eset's support at support[at]eset.com
     
  7. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    421
    Location:
    London England UK
    I'll ask again. Is there a site I can download the latest signatures from so I can install them manually? If not, then I am at the mercy of a faulty updater embedded in NOD32 itself.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Virus definitions can only be downloaded via the NOD32 Control Center. The administrator version of NOD32 allows the user to create a so-called mirror which can be transfered to other computers by any means (e.g. a USB key, CD, etc.). If you are having a problem downloading virus definitions via the Control Center, please contact Eset's support as advised above.
     
  9. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Actually frequent updating was one of the main reasons I switched to NOD32. My previous AV only updated every few days. Now I usually get an update on boot up, and then periodically throughout the day.:)
     
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Actually thats not true. Even if you scan the file bit per bit you still have to wait till the very end for last bits of file and then finish scanning and show final summary. This only works for pure signatures, for emulations and stuff you need entire file. And scanning bit per bit won't make scaning any more thorough.
    File is still the same you just don't have it in one piece. So technically scanning is actually LESS thorough this way (if you don't wait till the end which would be quiet stupid thing to do). NOD32 doesn't do that anyway as it always scans the file when browser or downloader actually finishes it (this means it recieved all the file bits).
     
  11. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    I am very big ESET fan and I want to help them.


    I send to ESET ---> samples[at]eset.sk several samples. E.g. Generic5.HJF (AVG); TR/Radar.C (Avira); a variant of Win32/TrojanDownloader.Small.NUS (NOD32); Trojan-Downloader.Win32.Agent.avr (Ikarus); Generic5.ILD (AVG); Generic5.CKH (AVG) and some possible threats detected by heuristic of another products (they can be false alert). It was from 18th to 25th of July. I wrote "urgent cases" and date of sending these samples. I added Virus Total logs to each file. Sorry, but at first I send clean files too ( .txt and .nfo), because they were in archives and I forgot to delete them. And some of files are in archives more than once.


    When will you add this samples to database? You only add Win32/Adware.Virtumonde and Win32/TrojanDropper.Small.NGC from my threats, but these samples was detected by heuristic as a variant of Win32/TrojanDownloader.Small.NUS, before. I think that at first you should add unknown threats and less some threats detected by heuristic.


    (sorry, i am only student of english:) )
     
  12. ASpace

    ASpace Guest

  13. Pru

    Pru Registered Member

    Joined:
    May 18, 2007
    Posts:
    11
    Location:
    California
    I too am disappointed in NOD32's detection rates these days, especially considering I just upgraded our company to it.

    In the past couple of weeks, three trojan viruses have slipped right by it even though my signatures are up-to-date. This morning bsaver.scr slipped by which is the Agent.brk trojan downloader. Luckily we are small enough that I have personally trained our users not to touch attachments like that. I verify my results by uploading the viruses to sites like virustotal.com. Admittedly, I am not actually executing these viruses, but NOD32's heuristic scanner is not detecting them.

    I appreciate the need for getting samples but I thought I was paying for ESET to do this work? It's easy to set up a virus sample shop. Just get a website that ranks well in Google and put several e-mail addresses on it. Monitor those e-mail addresses for spam and you'll soon be getting fresh virus samples.

    Honestly, I would hesitate to recommend NOD32 to people anymore just based on my recent experiences. I really like its speed and efficient design, but ultimately all that matters is whether it stops the newest viruses sooner and better than the competition, even if it costs me extra CPU cycles. It does not appear to be doing that lately.
     
  14. ASpace

    ASpace Guest

    Hi !

    In case you suspect malware not detected by NOD32 , contact Eset Technilcal Support for help
    Eset HQ Slovakia support@eset.com
    Eset Worldwide http://www.eset.eu/partners :thumb:
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Well, NO AV is 100% PERFECT and my experience is different. For instance, we are receiving thousands of rootkit variants on a daily baisis that are, besides NOD32, detected only by Antivir ;)

    Bear in mind that we receive dozens of thousands samples on a daily basis so we must set priorities for adding signatures or making improvements to AH. You cannot expect an AV to detect even 99% of all threats in a day, needless to say that 100% detection is simply impossible.

    Having explained this and to prevent further bashing/ranting, I'll draw this thread to a close now.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.