Nod32 Network settings & firewalls

Discussion in 'NOD32 version 2 Forum' started by Undecidable, Oct 23, 2005.

Thread Status:
Not open for further replies.
  1. Undecidable

    Undecidable Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    12
    Location:
    Hong Kong
    I am trying to understand the interaction between Nod32 network settings and my firewall.
    There appears to be duplication, and it seems the best option would be to turn off certain Nod32 options.
    I would be grateful for any clarification anyone can give on the effect of these settings:

    1. IMON Setup / HTTP / Enable HTTP Checking
    & Automatically detect HTTP communication on other ports

    Do these just mean check site access traffic & downloads
    or does it also mean check for port intrusions etc
    (ie a firewall duplication).

    2. IMON Setup / Miscellaneous / Log Intrusion Attempts to the Virus Log
    This worries me as it seems a direct conflict with firewall function.
    Seems an obvious one to turn off.
    Any views on this?

    3. IMON Setup / Miscellaneous / automatically detect changes in network configuration and repair necessary settings
    I think I understand this - obviously a counter-spyware strategy.
    I have not heard of firewalls doing this (I use OutpostPro, ZAPro and NIS)
    Does anyone know any differently?

    Grateful for any clarification or guidance.
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    1. IMON is the Internet Monitor, and it will scan all files from the Internet that your browser and/or other programs download (called intrusions by IMON). It will not block traffic like a firewall, unless a file contains malware.

    2. This will add an entrie to the threat log if it finds a virus/trojan/phishing etc. It has nothing to do with a firewall.

    3. No idea how it works, but a manual repair can fix connection problems etc.


    Hope it helps ;)
     
    Last edited: Oct 23, 2005
  3. piktor

    piktor Registered Member

    Joined:
    Feb 4, 2005
    Posts:
    45
    Location:
    Germany
    IMON adds some new provider entries for winsock, this necessary to check the HTTP-Traffic.
    If an other program changes this entries, then IMON couldn't check the HTTP-Traffic anymore. IMO this button is required to restore the correct settings.

    -piktor-
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Thanks for clearing that up! :)
     
  5. Undecidable

    Undecidable Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    12
    Location:
    Hong Kong
    Brian / piktor
    Am clear now on the answers to 1 & 3. - thanks very much.

    Am still unconvinced of 2:
    IMON Setup / Miscellaneous / Log Intrusion Attempts to the Virus Log

    'Intrusion' is a standard term, and Imon (or Amon or On-Demand) finding a 'virus' is not really an 'intrusion' in the sense it is used in security language. 'phishing' is also not really an intrusion.

    Any further clarification of this would be helpful - my concern remains that it is a conflict with the function of a firewall.

    (by way of background, I also run KAV which has a checkbox for protection against network attacks. If you are running a firewall, you need to disable it)
     
  6. SSK_offline

    SSK_offline Guest

    I have not noticed any conflict with a firewall when activating re: #2.

    AFAICT this option is just a passive one, not an active one like KAV's IDS.
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Firewalls will generally allow web traffic in that you request...Meaning...you visit a website...and the firewall will allow the website content to be pumped into your browser. Or...you open up your e-mail client, hit "send/receive"...and the firewall allows ports 110/25 to do their thing, since the request came from the "inside"..the trusted zone.

    The firewall does not care if you download something bad from a warez website, or MyTob comes attached to some e-mail that you receive. The firewall only blocks inbound traffic from untrusted resources unless you tell the firewall that that traffic is OK. The firewall does not actually care what that traffic is..unless that traffic breaks SPI rules...which really doesn't count for much at all. (DDOS, IP Spoofing, etc...who cares)

    This is where the IMON of NOD32 steps in. It examines the content...and looks for threats.
     
  8. Undecidable

    Undecidable Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    12
    Location:
    Hong Kong
    For those interested, I have clarification from eset tech support:

    "IMON scans HTTP and POP3 traffic only. IMON does not scan any other
    traffic (netbios, ftp, etc.). When IMON detects malware (virus,
    trojans, adware, etc.) it will generate an alert and add it to the
    Threat Log. "

    So the term "intrusions" here may be slightly misleading for those (like me) who read things literally: it is not really checking "intrusions" in the
    firewall sense of the term, it is checking content on existing http & pop3
    connections.

    This of course is what I would want it to do!

    mc
     
Thread Status:
Not open for further replies.