Questions about NOD32 AV version 4.2.71.2 setup

The following NOD32 setup questions are naive, because it's been a long time since I did a "clean" NOD32 install (after completely removing my previous version, in this case 4.0.474). So I would very much appreciate any answers.

1) Does the Antivirus and antispyware ThreatSense engine parameter setup button (which leads to settings for Objects, Options, Cleaning, Extensions, Limits, and Other) "carry down" to the same settings for its sub-categories of Real-Time file system protection, Email client protection, and Web Access Protection?

That is, if in Antivirus and antispyware, I set the ThreatSense engine parameter settings for Objects, Options, Cleaning, Extensions, Limits, and Other, and click OK, are those settings also set (where applicable) in Real-Time file system protection, Email client protection, and Web Access Protection?

Or do I have to set them separately for Real-Time file system protection, Email client protection, and Web Access Protection?

2) Miscellaneous's Email Client Integration Help includes the following statement:
"As part of its security measures, ESET NOD32 Antivirus checks email communications. Therefore it must be integrated into your email client to be able to move infected messages to the corresponding folder in your email client. Upon the integration, the program options are available from your email program. In the current version, the following programs are supported: Microsoft Outlook, Outlook Express, Windows Mail, Windows Live Mail and Mozilla Thinderbird."

Since Mozilla-SeaMonkey email (which I use) is not in that list (despite its core and Thunderbird's core being very similar if not identical), does that mean that in NOD32 AV 4.2.71.2 I will have no downloaded email protection? Probably not.

But then what does the Help statement mean? Does it mean simply that infected messages get moved to quarantine (which is where I think I would want them to go anyway)?

3) Demand Scan Setup Help includes the following statement:
"With Smart Optimization enabled the most optimal settings are used to ensure the most efficient scanning level, while simultanneously maintaining the highest scanning speeds. . . .
Is [If] the Smart Optimization [is] disabled, only the user-defined settings in the ThreatSense core of the particular modules are applied when performing a scan."

My demand-scans always are at night while I am asleep, and the computer isn't doing anything other than scanning. So I don't need a Smart Optimization demand-scan's tradeoff between speed and thoroughness, even if the tradeoff is "efficient." What I want and need is an In Depth scan, that scans literally everything on the computer.

My questions about not enabling Demand Scan Smart Optimization are:
What is the "ThreatSense core of the particular modules"?
What does "modules" mean here?
Where are the "user-defined settings in the ThreatSense core of the particular modules" located?

Incidentally, if anyone from ESET is reading this message, "simultaneously" needs only one n.

4) Demand Scan Setup includes a Scroll log option, which Help says "allows you to enable/disable log scrolling. If selected, information scrolls upwards within the display window."
Does that scrolling occur during scans (in which case I don't need it), or only while looking at a scan-log after the scan is completed?

5) In Web Access Protection > Web Browsers, only MS Internet Explorer and Mozilla-SeaMonkey browsers are listed. What other programs should I consider adding? Adobe Flash? Java? My PDF viewer? Or do other programs all work through either MSIE or SeaMonkey, so they don't need to be listed separately?

6) I have removed all of the ThreatSense.Net Early Warning System, Exclusion filter defaults:
*.doc; *.rtf; *.xl?; *.dbf; *.mdb; *.sxw; .sxc
What are the consequences of doing that? (I use the first three very rarely --- I'm a WordPerfect Office user rather than an MS Office user --- and the last four not at all.)

7) In Alerts and notifications, there is a field "On multi-user systems, display notifications on the screen of this user." My computer is a multi-account (Administrator and User) computer, but not a multi-user computer in the sense of multiple people using the computer.
So what should I put in this field so that the notification displays on whatever account is in use, be it Administrator or User? Or should I leave this field blank?

Thanks for any comments, suggestions, or answers!

Roger Folsom

 

1) Does the Antivirus and antispyware ThreatSense engine parameter setup button (which leads to settings for Objects, Options, Cleaning, Extensions, Limits, and Other) "carry down" to the same settings for its sub-categories of Real-Time file system protection, Email client protection, and Web Access Protection?

That is, if in Antivirus and antispyware, I set the ThreatSense engine parameter settings for Objects, Options, Cleaning, Extensions, Limits, and Other, and click OK, are those settings also set (where applicable) in Real-Time file system protection, Email client protection, and Web Access Protection?

Or do I have to set them separately for Real-Time file system protection, Email client protection, and Web Access Protection?

---------------------------------------------------------------------------------------------------------------------

Information from the ESET Antivirus help file,

ThreatSense is individually configurable for the following protection modules:

Real-time file system protection
System startup file check
Email client protection
Web access protection
Computer scan

The ThreatSense parameters are highly optimized for each module, and their modification can significantly influence system operation. For example, changing parameters to always scan runtime packers, or enabling advanced heuristics in the real-time file system protection module could result in a system slow-down (normally, only newly-created files are scanned using these methods). Therefore, we recommend that you leave the default ThreatSense parameters unchanged for all modules except Computer scan.

 

DrewD: Thank you for your response to my first question.

I do understand that these modules are "individually configurable." The layout of the Setup Advanced Setup Tree makes that obvious. But my question wasn't clear.

I simply wanted to know whether the initial Antivirus and Antispyware ThreatSense engine parameter setup settings, if changed, would overrule ThreatSense settings made in each of the components that you list. Another way to put that question is: Given that the modules are individually configurable, what is the purpose of the Antivirus and antispyware ThreatSense engine parameter setup settings?

I now realize that the answer to my overrule question apparently is NO, given that the purpose of the Antivirus and antispyware protection apparently is only to set the file types that "run automatically on system startup." (Quote from the "Antivirus and Antispyware protection" / "Automatic startup file check" box.)

[Digression: The next sentence says that "This scan is run on a regular basis by means of the Scheduler (e.g. after a virus signature database update)." To me that is a bit of a contradiction to the preceding sentence (partially quoted above), but I guess the writers meant that the Antivirus and Antispyware settings run on system startup, and also on other scheduled events such as a virus signature database update. End of digression.]

Understood. But in EAV 4.0.474, I added advanced heuristics and runtime packers because I wanted maximum security, and wasn't disturbed by whatever slowdowns occurred. (That may reflect the fact that I think slowly.)

But the information that advanced heuristics are used and that checks of runtime packers do occur for newly created files (which I assume includes newly downloaded files) was new to me, because I didn't see it in the ? helps that I used when examining settings. So I will reset my ThreatSense settings for each of the modules to the defaults, and then review whether I still want to make changes.

Thanks very much for the help.

Roger Folsom

--------------------------------

P.S. #1: If I can't get clarification on my question 2), re whether Mozilla-SeaMonkey mail gets scanned when it is downloaded, I may decide that I have to go back to version 4.0.474, because for that version I do know from experience (caught Trojans) that in version 4.0.474, SeaMonkey mail does get scanned.

P.S. #2: Assuming I do get clarification for my question 2) and can stick with EAV 4.2.71.2:
To assist in setting change decisions, I now have a printed User Guide, which I finally managed to print in a font big enough to read semi-comfortably. The problem was that the User Guide is formatted for A4 paper rather than the Letter-sized paper used in the U.S., and A4 is 3/4 of an inch longer than Letter-size. So to get the User Guide to fit on Letter-size paper, you have to scale it down, which of course makes the small print even smaller than it was in the first place. It finally occurred to me to scale it UP to 102%, then print it on Legal-size paper (14 inches long), then cut off the unused paper at the bottom and the top margin (which lost the six major headings so I typed them in just above the text) of each page. I did that so that the pages would fit in a standard US Letter-size binder.

I've got a request in to Eset to reformat the User Guides to use a larger font, and a hypothetical page size of A4 width (narrow than Letter width) and Letter length (shorter than A4 length) so that the User Guide would simply print on either A4 paper or Letter size paper without having to experiment with scaling and cutting, which was a multi-hour project.

 

There are no general TreatSense settings, each belong to a particular scanner. So if you change a particular setting, you change it just for one scanner.

As for scanning other than supported email clients, email received via POP3 is always scanned regardless of the email client used. In order to scan IMAP email, this is possible only in supported email clients (MS Outlook, Outlook Express / Windows Mail, Windows Live Mail, Mozilla Thunderbird). Maybe the your problem is that v. 4.2 does not add signatures to scanned email by default; you'll need to configure this in the advanced setup (F5).

 

Marcos: Thank you very much for clarifying that. By "scanner" I assume you mean what I have seen elsewhere described as modules:
Real-time file system protection; Email client protection; Web access protection; On-demand computer scan; and Protocol filtering. (From Exclusions' ? help, my understanding is that Exclusions applies to all of the other scanners/modules.)

Please note that in my initial post in this thread, I quoted the Miscellaneous's Email Client Integration ? Help, and it didn't mention IMAP. Perhaps the ? Help needs some help there, because as written it's really scary for any POP3,POP3S user.
So thanks for clarifying that, as a POP3,POP3S user only (no IMAP), my email is still covered (as it was in NOD32 4.0.474).

When I first installed NOD 4.2.71.2, the Email Client Protection | POP3,POP3S list, and the Web access protection | Web browsers list, both were empty. So I added and checked SeaMonkey (email and browser) into both lists, and Internet Explorer into the browser list.
But in response to your message, just now I checked both lists, and although they do not include Adobe Flash, they do include:
Javaw.exe and Jaucheck.exe [the latter being an update reminder]
PDFXCview.exe [PDF-XChange PDF file viewer]
wpwin13.exe [Corel WordPerfect]
Iexplore.exe
SeaMonkey.exe

As noted above, I had added SeaMonkey and MSIE, and today I added the PDF viewer, but Java and WordPerfect were loaded automatically without my assistance, apparently because I used them yesterday.

In email, the items now checked are Jaucheck.exe and SeaMonkey.
In web browsers, everthing is checked in the main list and in Active mode.

If you have any suggestions for changes to either the email or web browser lists, please let me know.

Thanks again for your clarifications.

Roger Folsom

 

In my questions at the top of this thread, I got very useful answers to key questions 1) and 2). Thanks again to those who contributed those answers.

However, my questions 3)-7) still need answers.

And I have some additional questions:

8 ) Real-Time file system protection, Advanced setup > Additional ThreatSense parameters for executed files > Advanced heuristics on executing files from removable media > Exceptions, includes the following introduction:

"This option allows you to exclude objects from being scanned by advanced heuristics on file execution.
"Advanced heuristics settings for hard drives will be applied to selected devices."

To me, those two sentences are contradictory (because the first sentence says "exclude" and the second sentence says "applied"), and if I want Advanced Heuristics to apply to something, I don't know if I should check it, or leave it unchecked.

The devices listed (with unchecked defaults) are my DVD/CD drive, and various USB connections. I DO want Advanced Heuristics to apply to the DVD/CD drive, but not to the USB connections because one of those goes to my printer and the others to external backup disks that are rarely connected (i.e. the cable is not connected).

So to get my wishes, what should be checked and what should be left unchecked?

9) If one sets up a Demand-Scan, sets some additional security settings (e.g. Advanced Heuristics, and/or Potentially unsafe applications), and then checks Smart Optimization, does Smart Optimization uncheck those additional items? I fear that it does.

10) In my experience with version 4.2.71.2, when I start to run a Demand-Scan, the Scan-targets (Computer, and its list of partitions C:, D:, and my DVD/CD drive, all are blank, so I check Computer to fill in the list of partitions and the DVD/CD drive. That task is not difficult to do, but is it normal? Or have I missed a setting somewhere? I don't remember having to do that in version 4.0.474.

Thanks for any comments, suggestions, or help.

Roger Folsom