NOD32 v3 and ZIP files

Discussion in 'ESET NOD32 Antivirus' started by ProTON, May 26, 2008.

Thread Status:
Not open for further replies.
  1. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Hello,

    I'm currently in a process of migrating to v3 our entire HQ. However I noticed very big issue in NOD32 v3. Seems like on tests machines where we have NOD32 3.0.657 installed, ZIP files opens VERYYY slowly. The bigger the ZIP file the bigger the slowdown. Sometimes it even freezes workstation. Temporarely disabling NOD resolves the problem so I'm sure there is something wrong with my NOD32 setup.

    We have runtime-packers and advanced heuristics disabled in Realtime protection options. Any other option I'm missing?

    Also this happened with build 650 and version before that.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Do you mean zip files with big size or many files contained in a zip? Is it a sfx archive? Could you provide an example of such an archive?
     
  3. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    It doesn't matter if it contains couple of big files or a lot of small ones. Some statistics:

    zipped album of 20 mp3s (100MB) - slow ~20 seconds to open
    3 moderate text files (50kb) - very fast <1 second
    zipped program setup (450MB) - extremely slow > 5 minutes

    And this is statistics with NOD32 turned off:

    zipped album of 20 mp3s (100MB) - very fast <1 second
    3 moderate text files (50kb) - very fast <1 second
    zipped program setup (450MB) - fast - ~2 seconds


    They all are non-sfx and recieved from very different vendors. I can upload one of the bigger zip files if you need, but generally you can zipp an album or two of mp3s into one file and see how it goes for you.
     
    Last edited: May 26, 2008
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What oper. system do you use? Do you use default EAV settings?
     
  5. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    It's Windows XP SP3 (also tried with SP2). I've slightly modified EAV settings there and here. However I can't tell you exactly as I don't remember :) Maybe there is a hidden button somewhere to reset to factory defaults?
     
  6. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Last edited by a moderator: May 26, 2008
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The archive contains a very large mmf file. Could you check the user and system temp folders? If there are many files inside, it might take longer for EAV to extract this archive.
     
  8. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Ghm, I cleared the temp folders and this helped. Why does it take so long for NOD32 to extract the archives when there is a lot of files in temp? What is possible workaround because I can't tell my users to clean temp folders constantly? Maybe there is a way to disable archive scanning?
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This is a matter of the system, not EAV. From my own experience, when I copy files to a folder with thousands of files all operations are slowed down. The closer you're to the maximum number of files in a folder (about 65000), the slower system reactions are.
     
  10. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    But there were like 200 not more files in these directories. BTW, this also doesn't explain why without NOD32 exactly the same archives extracts in a matter of seconds. During drag and drop operation archiving utility uses the same temp folders too.

    Is there a way to disable archive scanning completely?
     
  11. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Also this doesn't explain why we haven't god such problems with version 2.
     
  12. qwer1304

    qwer1304 Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    16
    Same problem here - NOD32 v3 is VERY slow dealing with large files (especially if it's an archive). Tested on Win32 XP SP3 NOD32 v3.0.669 default settings and a .rar archive.

    Disabling NOD32 makes the file open in a snap.

    Bummer!
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Do you use WinRAR or another program to open the archives?
     
  14. qwer1304

    qwer1304 Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    16
    WinRAR, but see another post of mine about NOD32 being SOOOOOOOOO slow on any large files.
     
  15. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    FWIF - MC2.zip opens as soon as I double click on it. eSet Nod32 3.0.669.

    Real time threat sense has runtime packers & advanced heuristics off, everything else is on. Realtime screen, everything is checked. No exclusions.


    Dual core 2.0GHz Intel 3GB RAM.

    a.png
    b.png

    You might try disabling explorer extensions for your archive manager.

    I have 7Zip and WinRAR installed. But I don't have the explorer enhancements on. (Right click menu options) I have suffered slow issues such as what you speak of when I have these options turned on. Seems to create a reciprocal locking issue between the right click menu and (any) AV software - I see in filemon explorer.exe and the antivirus software looping hitting the file/directory over and over in these cases.
     
  16. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Can you try with Advanced Heuristics ON?
     
  17. qwer1304

    qwer1304 Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    16
    I did some further experiments. Here're the results (not encouraging):

    1.NOD32 v3.0.669
    a.Two .rar files, each 650MB. One opens in a snap, the other takes forever to open.
    b.Tried to open the files with other programs (7Zip and TextEdit) - same result
    c.Tried to open the files from within a program - same result
    d.Left only Signature check - same result
    e.Shutting down RT protection or excluding rar filetype - both files open in a snap

    2.NOD32 v2.7
    a.Both files open in a snap

    Conclusion:
    Definitely NOD32 problem

    I'm on the edge of trashing v3 and moving back to v2
     
  18. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    3.0.669 - turned on advanced heuristics under threatsense - still opens immediately. Extraction takes about 5 seconds.


    Turned everything on - including realtime / runtime packers, advanced heuristics; opened immediately and extracted in 15 seconds.

    I go into the XML and turn on things - things you can't turn on in the GUI - and again, opens immediately and about 15 seconds to extract.

    I did have problems with .zip's, .mpg files, and others after going from 2.7 to 3.0. Those were resolved by removing explorer extensions for Nero, zip, notepad++, et al. When they were all removed my speed issues were resolved. When I upgrade to the latest release, and the explorer enhancements come back - I can really tell. I didn't have this issue with 2.7 (except with WinZip.)

    Hope that's of some help.
     
  19. qwer1304

    qwer1304 Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    16
    Removed all shell extensions - no change :(
     
  20. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    By shell extensions you mean what?
     
  21. qwer1304

    qwer1304 Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    16
    Context menu entries in Windows Explorer of WinRAR, 7Zip, etc
     
  22. subyroo

    subyroo Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    29
    Location:
    Sunshine Coast - Australia
    I'm running Win32 XP SP3 NOD32 v3.0.669 too but with Blackspears Extra Settings and I have no problems opening either Zip or RAR files but I do get "mini freezes" whereby the PC locks up for like 30 - 60 secs and you can't do a thing, not even bring up Task Manager it's just frozen. :eek:
     
  23. qwer1304

    qwer1304 Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    16
    Sine another PC with v3 had no problem with this file, I uninstalled and installed again v3 on the laptop, and guess what - it now behaves!
     
Thread Status:
Not open for further replies.