NOD32 Scanning takes ages to scan a single file

Discussion in 'ESET NOD32 Antivirus' started by harsha_mic, Oct 31, 2009.

Thread Status:
Not open for further replies.
  1. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    808
    Location:
    India
    Hi,

    I have an undetected malware sample of size 1.6 MB. The problem with NOD32 is that it takes more than 1 min to scan that single file.

    My questions -
    1. Why is NOD32 taking that much longer time to scan just a 1.6 MB file.
    2. To whom should be the sample submitted, such that the scanning time of this particular file can be reduced.

    Virustotal link for the sample i've tested -

    ~Virus Total link removed per Policy.~


    Note: My computer hasn't been infected. I'm just testing whether my NOD 32 picks up it or not in Sandboxie.

    Thanks,
    Harsha.
     

    Attached Files:

    Last edited by a moderator: Nov 1, 2009
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,404
    It can be normal if it's a large runtime packed file. Unpacking and emulation takes time, especially if it's compressed with a high compression ratio. You can submit it in a password protected archive to samples[at]eset.com so that it's added to the whitelist if it's actually clean.
     
  3. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    808
    Location:
    India
    Thanks Marcos! for explaining the cause briefly. The sample is being detected by NOD32 with v4562 update :).

    One question i would like to ask...
    How difficult is to implement a technology like to ignore scanning a already scanned file on the system which is considered as clean/trusted before?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,404
    Surely it ain't easy, but we'll see if such a technology can be incorporated safely in future versions without the risk of malware modifying this kind of information to evade detection.
     
  5. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    808
    Location:
    India
    Thanks Marcos! Hope Eset successfully implements this in Version 5!
    All the Best ESET :)
    This thread can be closed now...

    -Harsha.
     
Thread Status:
Not open for further replies.