NOD32 Recommended Settings/AH

Discussion in 'NOD32 version 2 Forum' started by phasechange, Dec 17, 2004.

Thread Status:
Not open for further replies.
  1. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    Hi!

    I just did a deep scan and found a .jar with multiple infections, so I thought maybe the default settings aren't good enough. So I came on here to ask "Should I turn on Advanced Heuristics?"

    In fact I have a follow up questions as AH can lead to false positives does NOD32 say, "blah found by AH but not H" so that you can decide how to treat the message?

    Should I apply the settings from the "Extra settings for Nod32" thread?

    Thanks,
    Fairy
     
  2. phaedrus

    phaedrus Registered Member

    Joined:
    Aug 18, 2002
    Posts:
    95
    Yes.

    Trev.
    ____________________
    Useful Links:
    Anti-virus:
    NOD32 Anti-virus ... Avast Anti-virus (Free) ... AVG Anti-virus (Free) ... Housecall (Online Scan)
    Firewall:
    LooknStop Firewall ... Sygate Personal Firewall (Free)
    Anti-trojan:
    TDS-3 ... Trojan Hunter ... A² (Personal & Free) ... BOClean
    Anti-Spyware:
    AdAware SE ... Spybot S&D 1.3 ... HijackThis! ... SpywareBlaster ... DialerWatcher
    Misc:
    System Safety Monitor ... Proxomitron ... Firefox ... SysMetrix ... Rainlender
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since AMON, the on-access scanner, does not scan within archives in real time, it wasn't intercepted before. On the other hand, if it came from the Internet, IMON would have blocked it because it scans within archives. At any rate, unless files are in archives, they are not dangerous.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I am a Nod32 Reseller and have been for quite some time now (over 2 ½ years). We always tweak Nod32 to the absolute maximum for every customer.

    I am yet to see a false positive with Nod32 using Advanced Heuristics, though it will occur at some time during the future due to the nature of AH's. A new virus detected by AH will be seen as a “Probable NewHeur_PE virus found”, and in such a case we advise to do the following:

    1. Place a tick in the Quarantine check-box.

    2. Select Delete.

    3. Send the Quarantined file to Eset: samples@nod32.com This file can be found here:

    C drive

    Program files.

    Eset.

    Infected.


    Hope this helps...

    Cheers :D
     
  5. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    thanks to you all :)
     
  6. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
Thread Status:
Not open for further replies.