NOD32 finds virus but takes no action

Discussion in 'NOD32 version 2 Forum' started by n_spect_r, Apr 6, 2005.

Thread Status:
Not open for further replies.
  1. n_spect_r

    n_spect_r Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    5
    I browsed throught the older posts but did not find this so please excuse if it has already been addressed. I have a scheduled task to scan all files. I have tried to set action from prompt, clean, or delete but nothing happens in each case. Infected files are found, and I can see them in the scanner log. (I put the eicar test file in several places). In fact if I start NOD32 from the start menu and click Scan, it still does not delete the files. But if I click Clean, it does. Any suggestions?
     
  2. n_spect_r

    n_spect_r Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    5
    Just tried another experiment. Right clicked on a folder containing the eicar.com file. Clicked the NOD32 Antivirus system. The folder was scanned and it detected the test virus, but simply made a log entry. My options were to clean and if uncleanable to prompt for action.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Did you actually set the action to Clean & Delete for files and not for archives, runtime packers or other possible objects?
     
  4. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi n_spect_r

    when you coose the option to scan with NOD32 from the context sensitve menu, it just scans for viruses. in the nod32 log it will show the virus highlighted in red, so then if you were to right-click on that it would offer you the option to clean, or if you instead click Clean rather than Scan, it will scan for viruses and give you the prompts you have set.

    Lee
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi n_spect_r, welcome to Wilders.

    See the following screenshot.

    Hope this helps...

    Cheers :D
     

    Attached Files:

  6. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi

    isnt what n_spect_r has described actually the way NOD32 works?

    If you start the scanner with the right-click context menu it will automatically start up in Scan mode, not Clean mode, and will just highlight infections in red.

    if you start the scanner using a scheduled job it again only scans and doesnt actually take any action during the scan. its up to you to go through the scan log and right click the infections and take action.

    Maybe i'm missing an option that i havent set correctly, but as far as i can see if you want to start nod32 in Clean mode (so it either cleans, deletes, however you have it set), you have to either start it from the Control Centre and hit the Clean button, or start it via the Right-click menu and click Stop to stop the Scan mode and then click Clean to begin the Clean mode.

    thanks, lee
     
  7. irnux

    irnux Registered Member

    Joined:
    Mar 28, 2005
    Posts:
    24
    Location:
    Tehran
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Here are my $0.02:

    1. Update the virus signature database to the most current version

    2. Double-click the NOD32 icon on your desktop

    3. On the Targets tab, select all local drives you want to scan

    4. Open the Setup tab and enable the following options:
    - runtime packers
    - advanced heuristics
    - adware/spyware/riskware
    - alternative NTFS streams (if you use NTFS)

    5. On the Actions tab, select each of the file type from the drop-down menu and select Clean and Delete, if cleaning cannot be performed.

    6. Click the Clean button to run a scan in cleaning mode

    7. On exit, save the changes to the current profile so that next time you will not have to configure the scanner for automatic cleaning again.
     
  9. n_spect_r

    n_spect_r Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    5
    Thanks for all the replies. apparently I need to configure to execute an external application. I will look into the referenced pages. Personnally I don't have a problem in viewing the log and cleaning files, however my blond relatives sometimes have trouble finding the mouse and so I want something that will automatically fix problems when I am not around.
     
  10. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I use NTFS but can't find the setting in NOD for checking this :oops: I have all the other settings for deep heuristics/runtime packers etc but do not know where to find NTFS streams o_O is this something I have to add manually?
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The support for scanning NTFS streams by the on-demand scanner was added to version 2.50, currently available as a beta.
     
  12. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thank you, now I know I don't have the beta version, I can stop looking now.
     
  13. n_spect_r

    n_spect_r Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    5
    I tried the command line type scan. Set up the scheduled task with the reccommended switches and voila it took appropriate action on all copies of EICAR. Thank you.

    As we each have our quirks I will ad this as my own preference.

    The command line method opens the scan window in the same way as clicking the program from the Start menu. Using the default scheduled Scan, runs the application in the background. My personnal preference would be to run the Clean option in the background with no user interaction unless there is a problem. (Again I consider my blond relatives) Other than that I like the product.
     
  14. pepito

    pepito Registered Member

    Joined:
    May 2, 2004
    Posts:
    57
    Location:
    Australia
    Is NOD32 supposed to clean .DBX files?

    On this topic...

    Is NOD32 supposed to clean .DBX files?

    Frequently a full system scan will find infections inside Outlook Express .dbx files but wont clean them.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Is NOD32 supposed to clean .DBX files?

    No program in the world is capable of modifying DBX files because it's an undocumented file format. If a virus is found in a dbx file, it must have gotten there before you installed NOD32 as IMON would have remove the infectyed attachments otherwise. Another possibility is that IMON does not check incoming emails for some reason (e.g. you use a different protocol than POP3 or HTTP).
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Is NOD32 supposed to clean .DBX files?

    Hi Pepito, in this case, just open up Outlook Express and go to the infected file and delete it, then empty your "Deleted Items" folder.

    Hope this helps...

    Cheers :D
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I totally agree with you, we must be related, I have the same relatives :rolleyes: :eek: :D :ninja:

    Cheers :D
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I don't second that, it would be like a suicide to delete files automatically without user's knowledge. Imagine you had your system files infected with a virus...
     
    Last edited: Apr 8, 2005
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My thoughts are based on the following;

    1) I have used Nod32 for 3 years with everything set to the maximum, everything on Clean (and quarantine) and if uncleanable, Delete (and quarantine), I have never seen such an instance with Nod32.

    2) Having set these same settings on hundreds of computers and never seeing such an instance it has given me great faith in Nod32.

    3) With such settings I also have “Quarantine” ticked as a backup, enabling restore in most conceivable instances.

    4) My belief in a Layered Defence, such as Imaging, Registry Protection and most important of all Backing up my Data to multiple forms of Media (external Hard Disk Drive and DVD).

    5) Last but not least, if it gets past IMON and AMON, then it deserves to be on my system ;) :D and as such I’ll shout the guy a steak for his efforts, and I don’t give up steaks to just anyone ;) :D

    Cheers :D
     
  20. irnux

    irnux Registered Member

    Joined:
    Mar 28, 2005
    Posts:
    24
    Location:
    Tehran
    I have the same problem, as I figured out `NOD32' do not have this feature... hope they add it in the next versions soon
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Eset will not do anything that might potentially cause serious data loss to clients.
     
  22. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I do not have any blond relatives - no truly, I don't :p - and I do not like the idea of any a-v programme deleting files without first securing my permission. NOD32 is wonderfully configurable and anyone who wishes to change the default configuration can do so. I fully support the cautious approach of Eset in this respect. And I also like the idea of having a choice of preconfigured settings available, something along the lines of low, medium, strong, paranoid :D
     
  23. n_spect_r

    n_spect_r Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    5
    I did not expect this much attention to my post but apparently it is an issue for more than a few people. If ESET is trying to avoid data loss to clients, then perhaps a compromise. Run the current type scheduled scan but if any suspected files are found put a BIG pop up window stating a potential problem that needs attention. IMON puts up a nice warning if a web page has a potential threat and the window will stay there until some action is taken.

    The way things are now, a customer can configure the scheduled scan to run daily and have infected files on their computer but unless they try to access the file or read the log file they will never know it is there.
     
  24. irnux

    irnux Registered Member

    Joined:
    Mar 28, 2005
    Posts:
    24
    Location:
    Tehran
    I as a Network Admin would like to have every thing automatically done on my clients systems, I would like to force my network policies to my clients so I install NOD32 on clients systems in password protected mode and set the actions as I wish, and do not let my clients change the rules I have set... This is because Im the responsible man in our network and I have to answer the boss and the clients about the network performance and...
    I have clients that will interrupt the NOD32 cleaning job if they see its scanning their system, I dont like they see even one small popup... we have a big network and many kinds of users...

    I think NOD32 should have all the features ( as it has many many good features now ) and let the users or Admins use the features at their own risk
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We were talking about the on-demand scanner. AMON in the new beta can move infected files to quarantine to prevent execution of heuristically detected files.
     
Thread Status:
Not open for further replies.