Re: Extra settings for Nod32

Discussion in 'NOD32 version 2 Forum' started by Culvin, Jan 5, 2005.

Thread Status:
Not open for further replies.
  1. Culvin

    Culvin Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    47
    I'm curious why it would be beneficial to set AMON to scan all files (and IMON/DMON too for that matter). Doesn't it scan all infectable files by default? It seems like it would unnecessarily slow down a computer to scan every mp3 you play with deep, advanced heuristics.

    Doesn't it also slow things down to set the MON's to monitor archives? I didn't have the chance to check before my copy of NOD32 expired, but most AV's I've used really hit system performace when I told them to monitor archives. If an archive does have a virus, won't AMON catch it once you manually unpack the archive anyway?

    I'm all for beefing up security...I'm just concerned that a couple of these recommendations might impact system performance without providing a real benefit.
     
  2. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    The real time resident scanner AMON doesn't scan archives.

    I do have Amon set to scan All Files, Advanced Heuristics, and Runtime Packers on a game machine without any noticeable performance hit on my end. I like to have AH set on with AMON to help stop any zero-day infections that AH may detect.

    This is one of the reasons that I continue to prefer NOD because it doesn't cause me any performance problems with the resident scanner and all the options check as opposed to some other AV scanners, YMMV.
     
  3. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    well i guess that is why eset has giving us the choice to change the monitors to our own preference.

    Everyone has their own opinions on differents aspects so luckily they are flexible in this case.

    I guess do what you prefer unless someone can point out a good reason otherwise which changes your mind.
     
  4. ?jram

    ?jram Guest

    If an archive does have a virus, won't AMON catch it once you manually unpack the archive anyway?
    _________________________________
    Exactly ..I don't believe nod does this, but once open, it's caught. I might be wrong here..I have Nod on two machines, never saw a slowdown.. I wouldn't use anything else. I've tried different ones including Kav and Norton..I do use BOClean with nod, again no slowdown. I want my AV to catch viruses, no AV catches all viruses or Trojans for that matter.That is why I like using BOClean along with nod32
     
  5. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    runtime packers protection is very important in the trojan world. Nod32 does have unpackers but they are still inadequate...most can be seen when scanning a packed trojan with TDS-3. Normaly even with everything maxed out NOd32 will skip over some packed trojans but while TDS-3 is scanning the trojan, NOD32 will kick off...reason....TDS-3 unpacked it and NOD32 saw it as it is (NOd32 could not unpack it by itself). BUT runtime packed trojan can infect your system even when packed...so the moral of the story is:
    AMON does not use archive scanners but it does use runtimeunpackers like UHA. For the best protection against malware make sure that that is checked...it doesn't really seem to impact performance that much. ACtually runtime packers + AH and DO not scan all files impact it less then Non Runtime Packers+ Non AH BUT SCan all files. What I would add to the scan file list is .jpeg and .jpg due of the new vulnerbility that effects the jpeg files.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Tempnexus,
    a reason for this could be that AMON uses the Runtime packers option as well as AH only on newly created files as stated in AMON's setup. Do you mean you ran an on-demand scan with runtime packers enabled and it didn't find the infected files as you mentioned?
     
  7. Culvin

    Culvin Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    47
    Ah, I never noticed that. I can see why this would be beneficial to system performance -- when KAV's monitor uses runtime packers, it can slow down Windows Explorer (amongst other things) considerably.

    This makes sense after reading Macros's post. You did seem to confirm what I was worried about though -- that configuring AMON to scan all files has a noticeable impact on system performance. And other than adding jpeg files as you mentioned, I don't understand how scanning all files (AMON/DMON/IMON) would improve security.
     
  8. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    Yes I did an OnDemand scan and still could not see it. Only when TDS-3 did the on Demand Scan did AMON kick into action which was lame since now TDS-3 could not see it. :) :) :)
     
Thread Status:
Not open for further replies.