NOD32 v4.2 BE: Excluding extensions - Document protection vs File-system filter?

As a newbie, I am trying to understand many of the undocumented policy settings.

I was using the Policy Manager to view my policy settings and see Extensions->Extension setup listed under numerous headings:

ESET Kernel->Scanner (Startup scanner)
Computer scan->Profile (multiple)
File-system filter
Document protection

I would imagine that extensions added under ESET Kernel->Scanner (Startup scanner) only apply during a "startup scan", and that extensions added under Computer scan->Profile (multiple) only apply during a scan, right?

But, how about Document protection? When do extensions added under this heading come into play? I am confused as to when extensions added under Document protection would apply vs under File-system filter?

Are any of these nuances documented anywhere? Any whitepapers?

Thanks!
-Mike

 

Extension setup is to allow you to exclude certain file types from being scanned for threats, usually to avoid certain conflicts, that can affect performance.

There are several scanning modules where you can specify that certain file types, via the extension, are not scanned.

You can also select the opposite, you create a list of file types that will be scanned.

Document protection applies to applications that utilize the Microsoft Antivirus API only.

 

So if I excluded .DOC files under Document Protection (but not under File-system filter), then opened a .doc file, would the File-system filter scan the file?

Is any of this documented somewhere? How are newbies (or anybody other than the developers) supposed to figure this out?

 

bump...

 

Yes, it would. By the way, Document protection is disabled by default for performance reasons and should only be enabled by those who really need it (e.g. if real-time protection needs to be disabled due to another real-time protection already active in the system).

 

Is the behavior of all these "protection" modules documented anywhere?

When I look at the default policy settings that came from ESET, I see "Enable document protection" = YES. Then there's "Integrate into system" = NO. I assume that means document protection is enabled by default (which is the opposite of what you said)? By the way, the ERAC's Policy Manager screen shows that the DEFAULT value for "Enable document protection" is YES. I was pretty sure I had not changed any of the default policy's settings, and this seem to confirm it. So I am a bit confused by your last reply...

 

As long as it's not integrated into the system, it's effectively non-functional.

 

Can you explain the meaning of these 2 Document Protection settings? Also, you keep forgetting to answer my questions about where this sort of information might be documented?

It's nice that you experts have knowledge about your own product, but how about us newbies? We rely on DOCUMENTATION to learn things like this. But often I do not find it described in the docs

 

It's like with some other modules (e.g. real-time protection, HTTP/POP3 scanner, firewall, etc.). First they need to be integrated in the system and then you can disable or enable the protection modules via GUI.

A brief description of Document protection is available in the help file and manual.

 

Hmmm, I just opened the help file on my own workstation's NOD32 GUI, and do not see the "Integrate into system" setting. Document Protection displays in a different location than in ERAC, but I found it listed under Real-time File system protection->Document Protection. Marcos - pls look at the screen shot in the help file at this section and you'll notice that "Integrate into system" is missing. I even did a search of the help file for just the word "integrate" and no topics were found. Maybe I have an outdated help file? How do I get a current one that matches the actual NOD32 screens?

I looked at other modules (e.g. HTTP) but did find any that have a similar "Integrate into system" setting. Can you give me a specific example of another module with this setting?

Thanks for all your assistance in helping a newbie figure out your software!

 

ALSO, I still do not know exactly what these 2 settings do. I would assume that "Enable document protection" controls whether this module is enabled, right? So what exactly does "Integrate into system" mean? At first I thought it meant that it would add some menu item to the Windows Explorer context menu, but I'm not sure. Can you describe in detail how this module works, and how these 2 settings work together?

Please also read and respond to my prior reply...

 

No problem Ronjor. I am just asking followup questions because his answers led me to more questions. I am not sure why you thought I needed an immediate reply from him? I do work from my computer most hours of the day, so when he replies I get an instant email notification, at which time I reply with any further questions. If I do not reply right away, I'll forget So just because you see me reply right away, please do not think I am being impatient.

Hope you understand?

Thanks,
-Mike

 

Just a reminder that I am waiting for an answer to my post on 2/29 at 01:02pm ...

 

Module integration with the system and enabling/disabling a particular module are two different things. The former causes the module to integrate into the system which means that in case of conflicts with other software you'll simply disable integration. Enabling/disabling integration may require a computer restart for the change to take effect.

By contrast, if the module is already integrated and you just don't want to scan files for a short period of time, you will disable it. Disabling modules takes effect immediately.

 

Hello Marcos - you did not answer all my questions from that 12/29 1:02pm post I made. PLEASE take the time to thoroughly read, then respond to all the questions. Otherwise, what is the point of this support forum

I do not understand your descriptions of how these 2 settings work. WHERE IS THE OFFICIAL DOCUMENTATION?

I know you must be overwhelmed with work, otherwise I am sure you would provide more complete answers. But it really wastes time for BOTH of us when I have to keep re-asking you questions. I am not trying to hassle you - I just need help as a new user of your software and I am finding support in this forum to be quite disappointing

e.g. in that post I asked:
Marcos - pls look at the screen shot in the help file at this section and you'll notice that "Integrate into system" is missing. I even did a search of the help file for just the word "integrate" and no topics were found. Maybe I have an outdated help file? How do I get a current one that matches the actual NOD32 screens?

I looked at other modules (e.g. HTTP) but did find any that have a similar "Integrate into system" setting. Can you give me a specific example of another module with this setting?

In an earlier post in this thread I also reminded you:
Also, you keep forgetting to answer my questions about where this sort of information might be documented?

 

The official documentation are the help files and manuals either bundled with the products or manuals downloadable from the web (manuals are basically help files in the form of pdf files).

I can confirm that the "Integrate into system" option is not mentioned in the Document protection section of v4.2 help files. V5 contains only a check box for enabling / disabling integration and is mentioned in the v5 help files.

Speaking about HTTP scanner (or generally about protocol filtering), it gets integrated in the system after checking the "Integrate into system" box in the Protocol filtering section (ESET NOD32 Antivirus) or unchecking the "Enable application protocol content filtering" box (ESET Smart Security).

All information considered suitable for users is available in the help files or manual. Of course, not everything can be described in detail but it's customer care or forums that come into play then. Unless it's not confidential and we know the answer, there's no reason not to let you know.

 

I do not use v5, as it is not a business version. So I have no idea what's in v5 help files, and it really does not seem to make sense for me to use a different version's documentation, right? I can't even find the word "integrate" anywhere in the v4 help file.

So you are saying there currently is no documentation that explains these settings under v 4.x? How the heck are newbies supposed to intelligently configure policies when no documentation exists? I know you are not responsible for the lack of documentation, but have you let the appropriate people at ESET know that this documentation is lacking? Actually, there's very little documentation on ANY of the policy settings one would need to know when using ERAC to configure policies.

While it seems ESET has a decent product in NOD32, I now question whether I should have chosen it as our new AVAS product. It is an incredible mistake on the part of ESET to provide basically no documentation for the hundreds of policy settings that they expect admins to be able to configure. If the next version does not improve on the docs, we may opt to look elsewhere. Maybe your management should be made aware that lack of documentation may cause them to lose sales revenue!

Plus - now think about this - if you had better docs customers (like me) would not have to submit all these questions (via phone or forums). that means lacks of docs is costing eset money!