Problems w/ scanning from context menu??

Hmm.. true.. It should have some "Blah, blah, no action because, blah, blah archive" explanation.

However, when it detects a file as infected, and it's set to ask the user for action.. it "must" display that window... I don't want it to be inconsistent and showing different windows, etc.. However, an explanation as to why it's not possible might be nice. If nowhere else, than in the help file ;P

Please e-mail or PM Jan or "someone else" (you can send it to me and I'll check/forward it) regarding any inconsistencies you find. I prefer to receive it via e-mail.. (anders @ eurosecure.com)

Best regards,
Anders

 

Radicalb21,

I guess I am kinda unsure what is left unresolved.

I am unsure what you meant in your initial post abou the greyed out options. Is that the ones on the right side of the "Actions" settings tab? As mentioned later in the thread (and verified on my station) if you move the left bullet selection from "notify/offer action" to "clean" than those other buttons become selectable.

If, however, you mean the PopUp window after you press the clean button having four greyed out buttons (Clean, Rename, Delete, Replace) that is also explained later in the thread that NOD cannot clean a file within an archive. You can further test this by extracting the contents of the zip within that folder and AMON will immediately pop up and give you rename or delete options.

Does this answer your question or am I completely off-base?

 

Well then why in NOD32v2b5 have those options possible and not the final release of the product. This was even possible in earlier version of NOD32 BETA program. I guess I would just like to hear why it changed or why it isn't possible in the final product. This is in reference to the pop-up window after you press the clean button and in the pop-up window the only options available are the leave button, putting a checkmark inquarantine, quit scanning, and details. In the beta versions of NOD32 the other options were available (ie delete, and rename). I have done a side by side comparsion of the final release of NOD32v2 & NOD32v2b5 and the only differences I can see is some objects (files) are different size as far as bytes and some .dll files are a higher version number other then that I see no differences other then how the program operates in references to eicar.zip files. If I extract the file in question AMON does go off. But if I turn off AMON and extract the file then scan using the context menu it detects the virus. Then I click clean and then the other options I mentioned above are available delete and rename. I don't understand this behavior in the program.

 

I understand what everyone is saying or trying to say I think. But this doesn't match up with what is in the help file or manual. Or what some people said early on about changing certain options that would ungrey those options in the pop-up window. I have sent this information to eset by email and they can't explain the problem and would get back to me. That was last week sometime I would like an update as to what is going on but I know there are other problems they must deal with first. I was just wondering if you had any other ideas for dealing with this problem short of switching back to the antivirus I was using. Don't get me wrong I love NOD32 and all but If certain things aren't fixed quickly alot of problems could result.

 

If you mean the remarks by NewNod, I don't think he is correct (I may be wrong as I am a newcomer to NOD myself). My reading of the the Actions tab is that the right-side options are for when a Clean attempt is not possible and these options are relevant only if Clean is set on the left-side. If on the left-side you have notify/offer action selected, the right-side means nothing since you already have manual control of the entire process. If you did a clean attempt of the eicar.com with this setting it would fail to clean it and immediately prompt for some other action (even though the right side of the Action settings were greyed out).

Regarding the DOCs, I'm afraid I don't know what to tell you as I haven't messed with them, sorry.

 

Hi,

>But doesn't it matter to anybody (and if not, shouldn't it matter) that the program interface offers options on the Actions tab of the Setup screens that allow for cleaning, renaming, quarantining, and (auto) deleting archive viruses, yet we find out through our own testing that these options are useless?

We need to mention this in the documentation.

>Well then why in NOD32v2b5 have those options possible and not the final release of the product.

Sorry I don't think there was a possiblity in the beta to clean/delete/rename a virus in the zippped file. If you think yes - pls. recheck - if you still have the beta.

>If I extract the file in question AMON does go off.

Amon catches the eicar when trying to unzip eicar.

>But if I turn off AMON and extract the file then scan using the context menu it detects the virus. Then I click clean and then the other options I mentioned above are available delete and rename. I don't understand this behavior in the program.

When the file is already unzipped - there is no problem with renaming/deleting the eicar.

>But this doesn't match up with what is in the help file or manual.

Really the doc. doesn't mention ALL cases - it neeeds to be upgraded.

Thx.,

jan

 

Hey, Dan Perez:

When you said....

....I have to say you were the one that is incorrect; you must have been thinking of someone else besides me. And it's not a matter of your being new, it's a matter of carefully reading the posts.

If you read the thread with even slight comprehension, you'd know that RadiCalb21 was not confused by my posts. I think Radicalb21 and I were pretty much on the same wavelength throughout. And based on what you said in your post, Dan, it seems that you and I are pretty much in agreement that few people here have grasped what "Notify/Offer Action" means or have grasped why those options on the right side of the Actions Setup Tab are grayed out unless you choose "Clean". And few have grasped that those issues, even if properly understood, are tangential to the problem Radicalb21 describes.

I'm pretty much giving up on trying to explain all the "elementary" side issues in order to help make the real point, which here was that the interface gives you six options (seemingly) to handle archives containing viruses, but when it comes down to it, you really have no alternatives from within the program other than to simply leave the file "as is" when a virus is detected; NOD32 detects the virus but pretty much hangs it up after that. How dangerous is that? Maybe not that dangerous from the standpoint of becoming infected (assuming AMON is on - what if it's not?); however, since the user, if he properly understands the Setup, would have expected something else and this becomes confusing and a concern develops that the software can't do its job. So, the danger is that it leaves the user feeling less than confident in NOD32; adding to this lack of confidence is an attitude, even from the moderators, that this is not that important. Lack of confidence in a piece of security software not important?! Wrong.

Eset can either match the options to the reality of the program's capabilities (not the best solution but it could at least instill confidence that the software functions as expected), or Eset can actually program the software to be able to manipulate archives (or more advantageously, just the infected objects within the archive), or they can do nothing. As far as being able to manipulate archives or the infected files within...what's so hard about deleting, renaming, or moving a file to another folder? This should be within the scope of the programmers capabilities. If the user can do it manually, it can be done programatically. In one scenario, NOD32 could even go so far as (offering) to unzip the contents of an infected archive to the quarantine folder and then manipulate the individually infected components from there. Any number of things are possible other than just "leaving" as is. (Cleaning is another issue because it depends on the virus, or the combination of the virus and the file it has infected, which makes it much more difficult / impossible to program a solution in all cases. That's the reason for the now infamous "right-side-grayed-out-options" only available if (auto) "Clean" is selected and fails; failure of "Clean" is likely in many instances, so correctly, alternative options were provided. The problem is that the alternatives "fail" also).
_________
By the way, Radicalb21, can you confirm whether the beta actually was able to manipulate archives, as Jan asked? That would be interesting. Also, even though we agreed on just about everything else, you said that NOD32 gave you the option to select "quarantine" with the EICAR zips. The only options I was able to select were the buttons "Leave" and "Details"; the "quarantine" check box was grayed out like "delete" and "rename" on mine. Doesn't really matter at this point, just curious. Thanks and good luck.

 

Hi NewNOD,

...er, well I DID say I might be wrong and I was

Thanks for clearing the matter up. I'll leave it to the Eset folks to follow up.

Regards,

Dan

 

Another thing is that some people out there might not know how to find the file to manually delete it..

 

Here are jpeg files of what the NOD32v2b5 can do.

 

NOD32v2b5

 

NOD32v2b5

 

NOD32v2b5

 

NOD32v2b5 in action

 

NOD32v2b5 in action

 

NOD32v2b5 in action

 

I have posted all these jpeg files to show and hopefully make people understand what the problem is in the final version of the product and how it differed from the Beta 5. Also to the ESET moderators take a look at this thread and see what you can do to fix the problem. I have talked with numerous techs via email and on the forum and they said and I quote "In the beta version NOD32 you only could delete the whole archive, not just a particular file.
In the near future we plan to incorporate support for performing actions on files within
archive so it will be possible to replace an infected file with its clean copy."

 

Thank you, Radicalb21. You have provided quite a lot of help towards getting this straightened out I hope. Everyone seemed to think it was inevitable that zips could not be handled other than to "leave" them as is. I didn't believe that was true, in general ...to quote myself:

It looks like Eset programmers are capable of handling the situation, because they have already done it in the beta you tested. A couple of things could have happened here to cause the current situation:

1. They provided the options with the intention of programming to match the options and something is just disconnected or maybe some code was inadvertently left out;

2. Or, they found some problems with that functionality in the beta that you/we aren't aware of, and couldn't get it fixed before the final release date. Problem here is that they left the ability to select the options; if the functionality was deliberately left out, the option settings related to that should have have been left out also.

By the way, did you have a chance to take a look at my other question from my last post:

Were you able to actually select "quarantine" in Nod32 v2?

Thanks for your efforts.

 

To answer your question YES you can select Quarantine from the virus found box. Any questions contact me via email or IM.

 

Hi,

>I have talked with numerous techs via email and on the forum and they said and I quote "In the beta version NOD32 you only could delete the whole archive, not just a particular file.
In the near future we plan to incorporate support for performing actions on files within
archive so it will be possible to replace an infected file with its clean copy."

Actually, this is true - so I think it explains many things here.

Thanks,

jan

 

I have done a side by side comparsion of the files in NOD32v2b5 and NOD32v2 and have found no differences in these sets of files except the byte size of some files is larger then the others and the version number of some .dll files is higher. So there for I have no other reason then to conclude that the differences of the programs exists solely in the registry. Any and all help would be appreciated. I would like some input from an eset moderator on this issue but be sure to read the whole post to understand what I'm talking about. Thanks again.

 

When this issue is fixed with scanning from the context menu could someone from ESET place a thread on the forum saying it has been fixed and what steps we as users need to take to fix are systems.

 

Hi radical,

sorry if I didn't answer your questions completely, we are pretty overloaded with the posts and e-mails here in this v1 -> v2 transition period.

Did I understand correctly that you were surprised that NOD v2 is not renaming and deleting a virus in archive and NOD Beta 5 is?

Does this answer your question?:
----
"In the beta version NOD32 you only could delete the whole archive, not just a particular file.
In the near future we plan to incorporate support for performing actions on files within
archive so it will be possible to replace an infected file with its clean copy."
-----

If I didn't cover the questions you have. pls. describe closer what do you need.

Thanks for the understanding and patience.

All the best,

jan

 

" In the near future we plan to incorporate support for performing actions on files within archive so it will be possible to replace an infected file with its clean copy." What I was saying was when this change is incorporated if one of the ESET Moderators could post a thread in this forum about this hot topic. I understand you are very busy with bugs dealing with the transtion from v1 to v2. Thaks for your assisstance.