Questions about Trial Version

Discussion in 'NOD32 version 2 Forum' started by handinglove, Sep 21, 2006.

Thread Status:
Not open for further replies.
  1. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Hello everyone,

    I just ended my yearly subscription of Norton 2005 and, after some online researching, I decided to give NOD32 a try. What impressed me most in the reviews I read was how light, configurable and efficient the software is supposed to be. However, after a few days interacting with the trial version, I still have a few issues I’d like to see polished before I decide to commit to the full version of the product. First of all, I must say I’m not very impressed with the onboard software help file, or even with the lack of a manual of some sort dedicated to NOD32 (I was even able to find a manual.pdf in Polish on the British site, but none in English!), which is why I ended up posting here as a last resource. My first problem is related with the automatic update feature, which despite being scheduled to operate hourly, is consistently failing to contact ESET servers (messages such as “Error connecting to server u7.eset.com” marked with red icons are filling up the Event Log), even though I can still successfully obtain updates manually. What should I do to enable the automatic retrieval of updates? My second question has to do with the length of an in-depth scan analysis (which should be the equivalent to a full local scan with NAV2005). I have the software tweaked to perform a local scan after a successful signature update, which usually takes me around 15 minutes, but an in-depth analysis of my disk (around 60000 files) requires over four hours (NAV would do it in less than 2), consuming the total capacity of my CPU during most of that period! Hardly acceptable for a piece of software that claims to be as unobtrusive and efficient as NOD32. Is such behaviour normal? Also, is there a way of monitoring a local scan triggered by a successful update, or at least of acknowledging it with a pop-up message?
    Thank you for your time!

    Windows XP SP2
    ZoneAlarm Pro
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Manual:
    http://www.eset.com/download/manuals.php

    Server connection issues - due to there being an hourly connection, and a round-robin approach being used, plus there are a couple of servers which are:

    a. overloaded
    b. flaky

    and finally:

    c. Eset being HONEST about connection failures - and RECORDING THEM...

    you will see connection issues. Eset (Marcos) has already said in the forum that there are more update servers on the way.

    The suggestion has been made (by me) that a successful connection be recorded after ANY failure to connect - for any reason.

    On the time to scan - you should NOT configure NOD32 to scan in the way you described. I and all the other regulars will recommend that you read and then use the information found here:

    https://www.wilderssecurity.com/showthread.php?t=37509

    You will make your NOD32 installation a lot safer and save yourself a few grey hairs.
     
  3. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    From one glove to another... :D

    The "error contacting server..." messages do show that you had trouble connecting to an update server, as webyourbusiness states. What is not obvious (from looking at the logs) is that a successful connection was probably made, immediately thereafter, to another server. This does not show up in the logs, however. For example, if you could not connect to u7.eset.com, you may have connected to u5.eset.com 3 seconds later.

    If you see the same server show up with an error every hour, that usually means that this particular server is flaky or overloaded. However, if you see error messages from 6 different servers every hour, that is something to worry about (or your network cable is unplugged).

    Regarding the in-depth analysis scan time... what type of CPU do you have in your computer, and what type of hard drive? Unless you have a fairly old computer, 4 hours does seem a bit long.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As for the long time to complete in-depth analysis, I assume you must have a pretty big bunch of archives and runtime-packed files on your drive. These take much time to emulate (with advanced heuristics /AH/ and runtime packers /RTP/ enabled) so with many such files on disk the delay becomes apparent.

    You can disable AH and RTP, but though it will shorten the scan time signifficantly it will also reduce detection capabilities.

    Note that NOD32 re-scans all files run at startup after each update automatically, with all settings tweaked to maximum. If a threat is found, it will show up a bubble warning in the right-hand lower corner by the clock. You can schedule a full disk scan, let's say once a week, but running it after each update seems to me needless.
     
  5. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Thank you all for your input! Glad to know there’s such an active NOD32 community around here.
    Regarding server connection issues, I guess things are now working as expected, so no worries about that (perhaps it would be better if successful connections were logged as well).
    My laptop is equipped with an Intel Pentium M 740 and a 80GB HDD (no partitions) on a PCI Motherboard.
    Unless you consider restore points “a pretty big bunch of archives”, I don’t think I have an excessive number of archives on my hard-drive. But even if I had, what would be the point of buying a product to protect you if you have to disable its more advanced features in order for it to perform efficiently (or at least as efficiently as my last AV)?
    Also, I went through Blackspear’s tutorial for installing and tweaking NOD32, as suggested by Webyourbusiness, ending up trying a scheduled scan with many (if not all) of the software features enabled, which I presume would be the equivalent of an in-depth analysis. This time, the analysis took 2h25min, but still consumed many of my CPU resources during the scan, much to my dismay. Is this normal? Is there anything else I can do to obtain a more efficient performance of NOD32?

    Cheers
     
  6. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    1. Defrag your hard drive
    2. Ensure you have FULLY removed Norton (see Norton's very own website.)
    3. Remember that Norton on a full scan *doesn't* scan every file, only those with certain extensions. NOD does scan EVERY file, including tmp files etc.
     
  7. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Two and a half hours does seem more reasonable, especially given that laptop hard drives tend to be slower than their desktop counterparts. Your CPU is certainly reasonably fast.

    That still does not explain why it would take longer than Norton, though the explanations offered by pc-support would certainly make sense. I will have to go find a computer with Norton installed on it to see for myself.

    I agree with Marcos that doing a full scan of the hard drive after every update may be a bit much. Marcos is actually one of the main developers at Eset, so he does know the inner workings of the software pretty well. ;)
     
  8. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Unless you configure it properly I presume...
     
  9. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Couldn’t be more defragmented.
    Now that was a lovely piece of advice. Even though it didn’t do much to ensue a swifter scan, it surely had an impact in my Windows booting times. Thanks!
    NAV may be awfully resource greedy, but I never had any problem during scheduled local scans. No more than two hours were needed to scan my hard drive thoroughly. Up to now, having tried several local scans with NOD32, I still can’t understand why it requires 3h21min (that’s the last figure) to get through 60000 files using Blackspear’s conservative settings for Control Center Profile (with the command line reading: ‘/adware /ah /all /arch+ /clean /cleanmode /delete /heur+ /log+ /mailbox+ /ntfs+ /pack+ /quarantine /scanboot+
    /scanmbr+ /scanmem+ /scroll+ /sfx+ /unsafe /wrap+’). The program appears to dedicate a disproportionate amount of time going through my Thunderbird profile and my Windows restore points. What’s more, it reports “error - unknown compression method” for one of the restore cabinet files, and several “archive damaged” for others (at this point, I just hope NOD32 hasn’t corrupted my restore points).
    One simply may argue as Marcos did:
    But again, what’s the point of buying a product to protect you if you have to disable its more advanced features in order for it to perform efficiently? I have considered erasing some older restore points, but I would like to hear some advice before doing it. Again, I decided to try NOD32 for its much praised efficiency and agility, but so far I must confess I’m not very impressed with the latter. At least no enough to buy the full product.
    Unless I’m still missing something?

    Cheers
     
    Last edited by a moderator: Sep 26, 2006
  10. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    I can't do much to help but agree the time's strange.

    I've got a laptop with approx. 120 000 files (as seen by windows and file defragmenter - OO software) and Nod scans it with all options activated (like in BS's settings, only stored in a profile and scheduled with the profile instead of command-line, allowing me to do a 'silent' scan) detecting approx 500 000 files (with archives/packers) in 50minutes.

    It's also a 80GB HDD, and I've an Athlon XP-M 3000+ (1.6 Ghz) - System restore is disabled, but when it was on it didn't have a big impact on scanning times.

    I know on some systems ZA can be a real resource hog (it noticeably slowed down my system for instance), you may want to try disabling it while scanning (and network off)
     
  11. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Trial Version again

    Hello everyone. I’m opening a second thread since the first one I had here came to a point where I was hardly getting any feedback. I’m currently evaluating the trial version of NOD32 (haven’t given up yet) using Blackspear’s conservative settings for Control Center Profile (with the command line reading: ‘/adware /ah /all /arch+ /clean /cleanmode /delete /heur+ /log+ /mailbox+ /ntfs+ /pack+ /quarantine /scanboot+
    /scanmbr+ /scanmem+ /scroll+ /sfx+ /unsafe /wrap+’). Up to now, I’ve tried several local scans with NOD32, and I still can’t understand why it requires 3h21min (that’s the last figure) to get through 60000 files (Norton AntiVirus, my last resident AV, would go through my HDD in less than 2 hours). The program appears to dedicate a disproportionate amount of time going through my Thunderbird profile and my Windows restore points. What’s more, it reports “error - unknown compression method” for one of the restore cabinet files, and several “archive damaged” for others (at this point, I just hope NOD32 hasn’t corrupted my restore points).
    At some point, Marco pointed out that:
    But what’s the point of buying a product to protect you if you have to disable its more advanced features in order for it to perform efficiently? I have considered erasing some older restore points, but I would like to hear some advice before doing it. Again, I decided to try NOD32 for its much praised efficiency and agility, but so far I must confess I’m not very impressed with the latter. Unless I’m still missing something? I’d really appreciate some help here!

    Cheers
     
    Last edited by a moderator: Sep 26, 2006
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Trial Version again

    NOD32 uses a very sophisticated and efficient emulator, it simply takes time to emulate certain runtime packed files. I suggested to disable those options not to make NOD32 less efficient, but just to see if it decreases the scan time.
     
  13. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    have you tried a fresh install,there is something not right here nod should be both faster and less resource hungry than Norton,what other apps are running whilst you are scannining?possible conflict??
    from earlier post you did run the registry cleaner for norton off their site(uninstaller!)and the correct one for your ex-product
     
  14. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Marcos,

    The time this reply took was exactly the time of a thorough HDD scan with Blackspear’s conservative settings, but with advanced heuristics and runtime packers off: exactly 3 hours (last time with AH and RTP on was 3h21min). I insist there must be a problem with the scanning of my restore points (that took over two hours of the scan), as suggested by these entries of the log file:

    C:\System Volume Information\_restore{B80077B6-9EC2-4BDA-9C96-51015B5D41E0}\RP69\A0029796.EXE »RAR »LuComServerPS_3_0.DLL »GZ »LuComServerPS_3_0.DLL - error - unknown compression method
    C:\System Volume Information\_restore{B80077B6-9EC2-4BDA-9C96-51015B5D41E0}\RP69\A0029811.DLL »GZ »A0029811.DLL - error - unknown compression method
    C:\System Volume Information\_restore{B80077B6-9EC2-4BDA-9C96-51015B5D41E0}\RP71\A0031253.exe »NSIS »openofficeorg4.cab »CAB »testtar.tar »TAR - archive damaged
    C:\System Volume Information\_restore{B80077B6-9EC2-4BDA-9C96-51015B5D41E0}\RP71\A0031279.exe »NSIS »openofficeorg4.cab »CAB »testtar.tar »TAR - archive damaged
    C:\System Volume Information\_restore{B80077B6-9EC2-4BDA-9C96-51015B5D41E0}\RP72\A0031790.exe »NSIS »openofficeorg4.cab »CAB »testtar.tar »TAR - archive damaged

    What’s more, it kept consuming most of my CPU resources during that time. Again, it is hardly conceivable that a simple local scan could be so slow and painful. If this is the fast and efficient NOD32 at its best, then I'm moving ahead to try another product.

    Steve1955, I installed the NOD32 execute file (sent by ESET upon request) according to Blackspear’s setting thread found above. All I had running along with NOD32 during that scan was a copy of Zone Alarm Pro. No conflicts were observed between these two programs.

    I’d really appreciate some help here. Thanks!
     
  15. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Something strange spottted. You have THREE exe's in your system restore, that each contain openoffice.org cab (probably the open office installation), indeeed something's strange with your restore points.

    Could you check the size of the \System Volume Information\_restore{ (id) }\ folder ? I know from experience that windows xp's system restore can act weird sometimes. For example, on a machine of mine, it kept incorporating 768 MB pagefile.sys, multiple times, even if i specified the size of the folder to be maxed out at 1GB. If there are too much complex / huge archives in system restore, that can be a problem and/or lead to longer scan times, especially if they're duplicate(unuseful) as it seems so from that log.
     
  16. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Thanks for your input, IcePanther. I’ve noticed the corrupted .tar OpenOffice file before, which led me to a reinstall of the program – no issues there. As for the size of the \System Volume Information folder, I’ve went through Microsoft Knowledge Base walkthrough, and tried everything that came to mind, but I still am not allowed to access the System Volume Information folder. Any idea?
     
  17. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    IcePanther,

    I checked the system properties, and the system restore tab tells me I'm running 12% (9157 MB) of the total allowed space on disk for this feature. Does this help?

    Cheers
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What happens if you run a "In Depth Scan" instead?

    Cheers :D
     
  19. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    I tried it first time, before scanning with your settings: it went on for over 4 hours . . .

    Glad you're over my problem, Blackspear!

    Cheers
     
  20. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Try this: http://support.microsoft.com/kb/309531/
     
  21. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Thanks, alglove, but I had already tried that:

    Cheers!
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If it was my system, then I would be turning off System Restore and rebooting to get rid of the previous restore points, as well when Restore was turned back on, I would lower the amount of storage it wants.

    Cheers :D
     
  23. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Thanks, Blackspear, that's exactly what I was thinking to do. Just waiting for a nudge! I'll let you know how it worked.

    Cheers!
     
  24. handinglove

    handinglove Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    21
    Ok, I disabled system restore, restarted the computer and ran a thorough scan on my disk (~47000 files reported this time) with Blackspear's conservative settings (AH and RTP on): 1h29min. Could anyone please let me know if this more of an accepable time?

    Thanks!
     
  25. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    Disabling system restore to get rid of ancient restore points is a good idea, and has shown there was a problem with yours (or it was stuffed), as now the scan has decreased by half its time.

    If you don't ever use it (as I don't) you can leave it disabled, but if you use it sometimes, you can re-enable it and lower its maximum to approximately 1GB, that will be sufficient since you don't need to often roolback to a restore point that far away.

    FYI : To access the restore folder, if you cannot access the /System Volume Information/ path, you have to first enable view of system files in the Folder Options control panel, then manually enter (or copy-paste from Nod's log) the C:/System Volume Information/Restore{ (id) }/ path. Then select all and do properties to get the real size and number of files in here.

    If that's NOD that reports ~47 000 files (not 470 000) then 1h29 seems slow to me (a full scan with all options on my laptop takes 48minutes for ~507 000 reported files), but it can really depend on your hardware :
    Since your CPU seems ok, i'd say the HDD (rotation speed, cache size, ATA interface speed) ,or the RAM size (512 MB is a minimum to be comfortable and 1GB really helps with XP)
    It can also depend on what you're doing while scanning (doing nothing vs for example using 3D rendering software at the same time).
    Also you may want to try turning off ZA while scanning (if you've not done so already), it can be a hog on certain systems.

    Just a few guesses, because on the four machines I used NOD, two desktops and two laptops, it always ran very fast.
     
Thread Status:
Not open for further replies.