NOD32 Scanning takes ages to scan a single file

Discussion in 'ESET NOD32 Antivirus' started by harsha_mic, Oct 31, 2009.

Thread Status:
Not open for further replies.
  1. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Hi,

    I have an undetected malware sample of size 1.6 MB. The problem with NOD32 is that it takes more than 1 min to scan that single file.

    My questions -
    1. Why is NOD32 taking that much longer time to scan just a 1.6 MB file.
    2. To whom should be the sample submitted, such that the scanning time of this particular file can be reduced.

    Virustotal link for the sample i've tested -

    ~Virus Total link removed per Policy.~


    Note: My computer hasn't been infected. I'm just testing whether my NOD 32 picks up it or not in Sandboxie.

    Thanks,
    Harsha.
     

    Attached Files:

    Last edited by a moderator: Nov 1, 2009
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    It can be normal if it's a large runtime packed file. Unpacking and emulation takes time, especially if it's compressed with a high compression ratio. You can submit it in a password protected archive to samples[at]eset.com so that it's added to the whitelist if it's actually clean.
     
  3. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Thanks Marcos! for explaining the cause briefly. The sample is being detected by NOD32 with v4562 update :).

    One question i would like to ask...
    How difficult is to implement a technology like to ignore scanning a already scanned file on the system which is considered as clean/trusted before?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Surely it ain't easy, but we'll see if such a technology can be incorporated safely in future versions without the risk of malware modifying this kind of information to evade detection.
     
  5. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Thanks Marcos! Hope Eset successfully implements this in Version 5!
    All the Best ESET :)
    This thread can be closed now...

    -Harsha.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.