Re: Extra settings for Nod32

I'm curious why it would be beneficial to set AMON to scan all files (and IMON/DMON too for that matter). Doesn't it scan all infectable files by default? It seems like it would unnecessarily slow down a computer to scan every mp3 you play with deep, advanced heuristics.

Doesn't it also slow things down to set the MON's to monitor archives? I didn't have the chance to check before my copy of NOD32 expired, but most AV's I've used really hit system performace when I told them to monitor archives. If an archive does have a virus, won't AMON catch it once you manually unpack the archive anyway?

I'm all for beefing up security...I'm just concerned that a couple of these recommendations might impact system performance without providing a real benefit.

 

The real time resident scanner AMON doesn't scan archives.

I do have Amon set to scan All Files, Advanced Heuristics, and Runtime Packers on a game machine without any noticeable performance hit on my end. I like to have AH set on with AMON to help stop any zero-day infections that AH may detect.

This is one of the reasons that I continue to prefer NOD because it doesn't cause me any performance problems with the resident scanner and all the options check as opposed to some other AV scanners, YMMV.

 

well i guess that is why eset has giving us the choice to change the monitors to our own preference.

Everyone has their own opinions on differents aspects so luckily they are flexible in this case.

I guess do what you prefer unless someone can point out a good reason otherwise which changes your mind.

 

If an archive does have a virus, won't AMON catch it once you manually unpack the archive anyway?
_________________________________
Exactly ..I don't believe nod does this, but once open, it's caught. I might be wrong here..I have Nod on two machines, never saw a slowdown.. I wouldn't use anything else. I've tried different ones including Kav and Norton..I do use BOClean with nod, again no slowdown. I want my AV to catch viruses, no AV catches all viruses or Trojans for that matter.That is why I like using BOClean along with nod32

 

runtime packers protection is very important in the trojan world. Nod32 does have unpackers but they are still inadequate...most can be seen when scanning a packed trojan with TDS-3. Normaly even with everything maxed out NOd32 will skip over some packed trojans but while TDS-3 is scanning the trojan, NOD32 will kick off...reason....TDS-3 unpacked it and NOD32 saw it as it is (NOd32 could not unpack it by itself). BUT runtime packed trojan can infect your system even when packed...so the moral of the story is:
AMON does not use archive scanners but it does use runtimeunpackers like UHA. For the best protection against malware make sure that that is checked...it doesn't really seem to impact performance that much. ACtually runtime packers + AH and DO not scan all files impact it less then Non Runtime Packers+ Non AH BUT SCan all files. What I would add to the scan file list is .jpeg and .jpg due of the new vulnerbility that effects the jpeg files.

 

Hi Tempnexus,
a reason for this could be that AMON uses the Runtime packers option as well as AH only on newly created files as stated in AMON's setup. Do you mean you ran an on-demand scan with runtime packers enabled and it didn't find the infected files as you mentioned?

 

Ah, I never noticed that. I can see why this would be beneficial to system performance -- when KAV's monitor uses runtime packers, it can slow down Windows Explorer (amongst other things) considerably.

This makes sense after reading Macros's post. You did seem to confirm what I was worried about though -- that configuring AMON to scan all files has a noticeable impact on system performance. And other than adding jpeg files as you mentioned, I don't understand how scanning all files (AMON/DMON/IMON) would improve security.

 

Yes I did an OnDemand scan and still could not see it. Only when TDS-3 did the on Demand Scan did AMON kick into action which was lame since now TDS-3 could not see it.