NOD32 V2.5 - Optimize scanning

Discussion in 'NOD32 version 2 Forum' started by izi, Apr 9, 2005.

Thread Status:
Not open for further replies.
  1. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Hello!

    I like to know a little more about Optimize scanning.
    How Amon knows that file was checked. What if NOD32 first time doesn't recognize virus in file, in next update ESET will add virus signature for this virus will AMON detect this file because of 'Optimize scanning'?

    Best regards,

    izi
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No company discloses details on the technology developed / used.
     
    Last edited: Apr 9, 2005
  3. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    OK!

    Best regards,

    izi
     
  4. Shaman_fr

    Shaman_fr Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    17
    Hi Marcos,

    The question MUST be answered, not how eset do it, but if a file allready scanned will be rescaned after an av update...
    Please answer this. If it's not rescanned, then it's a bug and the file cache must be flushed after an update.

    Regards,

    shaman
     
  5. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i'd like to know the answer to this question too, and i'm sure it can be answered without giving away any top secrets!

    thanks, Lee
     
  6. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi Marcos,
    I must admit that I'm also more than just a little curious about this question but IMHO please don't answer it if you would prefer not to. However you guys at ESET have got this sorted I'm fine with it.....But it is an interesting question and one that I've been asked by other already outside this forum when I mentioned to people the Optomise Scanning feature.
     
    Last edited: Apr 9, 2005
  7. Shaman_fr

    Shaman_fr Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    17
    I payed for NOD32, my question about security must be answered, even if marcos prefere not to. Imagine a computer never rebooted (server for instance), that could lead to enormous security flaws.

    Please answer.

    Shaman
     
  8. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    I don't think that asking Marcos how feature works at a high level is out of line, but he does not have to tell you the specifics of it.

    That's information you don't need to know and no company is going to give you the details. Doesn't matter if you paid for it or not. Might as well ask MS to give up source code on Longhorn because you're going to buy it.

    If I remember correctly, on another thread, he stated that 2.5 does not use ADS, so my guess is that it's some sort of checksum table so it only scans new and modified files.
     
  9. Shaman_fr

    Shaman_fr Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    17
    Please read or understand the question before speaking. I'm asking if after an av update the files allready scanned are rescanned. If they are not, imagine this :
    On a server a new virus lands. The av scans it but don't see it's virus. Next the update occures, and it contains virus definition. If the file is never rescanned the virus stayes forever on the computer !!!
    So u say i cannot ask if NOD will protect me from virus , i don't need to know such info o_O Are you silly or what ? I don't ask how they manage to have the cache working !
    So please answer.

    Shaman
     
  10. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    To all concerned.

    I can verify that after an update, AMON and/or the On Demand Scanner will detect the file even it has not been previously detected (I have a few hundred samples previously submitted using the Beta and have recently been added).

     
  11. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    Hello,

    Check your NOD32 Scheduled Tasks, if this task is not visible enable displaying of System tasks.
    After an update NOD32 rescans all commonly used files.
    So no worry :) I think anyway that this "stuck-in virus" thing is a so trivial issue that Eset couldn't have missed it :)

    Regards,
    SA
     

    Attached Files:

  12. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Hello!

    If this is true, there is a hole. If virus signature is updated
    in 24 hours. Next scan will be after 24 hours if the virus signature is updated.

    This is case on my computer.
    Task 'System startup file check (commonly used files)' didn't start yesterday after virus signature update(9.4.2005 15:56:54). Last run was 9.4.2005 0:18:40. The next run 'System startup file check (commonly used files)' will be at next virus signature update if I understand this correct.

    Time Module Event User
    9.4.2005 0:18:39 Kernel The virus signature database has been successfully updated to version 1.1050 (2005040:cool:.
    Time Module Event User
    9.4.2005 15:56:54 Kernel The virus signature database has been successfully updated to version 1.1051 (20050409).

    Where is log file in 'NOD32 Scanner logs' for 'System startup file check (commonly used files)'?

    Best regards,

    izi
     
    Last edited: Apr 10, 2005
  13. irnux

    irnux Registered Member

    Joined:
    Mar 28, 2005
    Posts:
    24
    Location:
    Tehran
    I think Optimize scanning should be done with the help an additional software (file checkers), some thing like `Kaspersky's AVP Inspector' or an application like `ADinf' and regular scannings is essential also....
     
  14. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    What if someone untick System startup file check (for common used files & files run after user logon). How will this impact on Optimize scanning? Will AMON re-scan files?


    Best regards,

    izi
     
  15. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    After today's update 'System startup file check (commonly used files)' task start and scan commonly used files.
     
  16. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    So is necessary to enable that task in order to work the optimization?
     
  17. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
  18. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    The task is scheduled to occur after the successful update of the virus signature database - no task scheduled, no system check - and the last column of the task (in the Scheduler/Planner) specifies when it was last run, so it is easy to check whether it has been run after the last virus database update. For example, my last virus signature database update occurred at 10/04/2005 12:16:45 and the system check was run at 10/04/2005 12:16:51

    Works just fine :)
     
  19. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Sure it works, but i talk about optimization. I think that is better someone to clarify what we have to do (step by step) in order to work the optimization. Automatically updates (IMON) is the only schedule that i have in my NOD.
     
  20. Shaman_fr

    Shaman_fr Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    17
    I second this post. Please clarify (Eset) if we are fully protected with optimization enabled or not. If not, correct it.
    My gess is if nonody from eset responds to such a simple question is that the response is bad.
     
  21. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Im sure we will have the answer soon. Eset's responce is always very fast.
     
  22. Shaman_fr

    Shaman_fr Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    17
    It looks like the files ARE NOT rescanned after an update.
    NOD updated and the files scaned in amon (about 1800) before update do not increase as it should. So this is a BIG security issue.
     
  23. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    I suppose it is better to leave the "Optimize scanning" feature disabled if one wants to keep the system safe from any supposed hidden/lurking trojans or worms?
     
  24. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    I think is impossible noone in Eset havent thought about these issues. I think is better to wait for their answer.
     
  25. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Hi Shaman_fr:

    You are assuming that AMON is scanning the files. Since it is an internal task to NOD32, then the AMON number would not increase.

    Think about the logic. If one runs an On Demand scan, should the number of files scanned in AMON increase by the same number scanned? No. It is a separate task, just like the System startup file check - Independent of each other. That would be pulling double duty. Not a wise programming choice.

    Does the System startup file check pop up an AMON window? No, it opens its own.

    Maybe this screenshot will help.
     

    Attached Files:

Thread Status:
Not open for further replies.