Safe applications list

Discussion in 'NOD32 version 2 Forum' started by Blutarsky, Dec 18, 2006.

Thread Status:
Not open for further replies.
  1. Blutarsky

    Blutarsky Registered Member

    Joined:
    Oct 17, 2006
    Posts:
    148
    Is there a way to disable alarms/removal for well known applications?
    I use Remote Administrator (famatech) and always get alarms about it.

    If not it could be included in the wish list: could be a sort of safe applications list, CRC based; you select any file/folder and "add to safe application list"; NOD would do the rest: scan, send info and store CRC of executables
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You can do that in AMON by excluding the application or by disabling potentially unsafe applications.

    A quote from the help file to clarify:
    "Potentially unsafe applications - enables detection of commercial programs which might be exploited for malicious purposes, etc. (e.g. tools for remote access and administration)".

    Hope that helps.
     
  3. Blutarsky

    Blutarsky Registered Member

    Joined:
    Oct 17, 2006
    Posts:
    148
    Yeah, but what about unattended scans?
    I'm planning a network weekly maintenance schedule and running NOD within the scheduler. Would like to automate complitely the task without getting false alarms or unwanted removals....
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Ah, if you are using the admin version of NOD32 then I can't help.
    Someone more qualified will most likely post a reply.
     
  5. Blutarsky

    Blutarsky Registered Member

    Joined:
    Oct 17, 2006
    Posts:
    148
    I'm crossing my fingers!
     
  6. Blutarsky

    Blutarsky Registered Member

    Joined:
    Oct 17, 2006
    Posts:
    148
    My case it is difficult to manage:

    If you want to scan deeply the computer in unattended mode there must be a way to automate the task without exposing the PC to unwanted and unsafe removals still letting NOD deeply scan the PC.........

    I've got it: NOD should have a new option in the actions that simply sends an email to the admin when an alert is generated.

    In case of infection or suspicion, let the admins take the proper action.
     
  7. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    there is already a setting, it's not in the actions pane, though. It's under NOD32 system setup, Notifications. It will enable alerts to be sent to a defined mail address by SMTP, or windows messenging. Though, I have to admit it's probably not what you want, because it will alert on any new virus detected by AMON, IMON, etc., not only on-demand scans.

    If you want to suggest a new feature, here's the appropriate topic.

    Cheers,
     
  8. Blutarsky

    Blutarsky Registered Member

    Joined:
    Oct 17, 2006
    Posts:
    148
    Yeah I know about the email setup.... and it wouldn't be a major issue getting emails on amon,imon etc.

    Maybe I could choose a profile where all settings are enabled, do nothing when an alarm is started, just send an email...it should work....what do you think
     
  9. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    Really it's up to you : it seems that you want to do a network installation, so it will depend on the number of clients, your possiblitites to respond quickly to an alert, what the clients do on the network, etc...

    Disabling the "potentially unsafe applications" in your on-demand profile should really lower the risks of a false postivie. Also keep in mind if the software is automatically quarantined/deleted, the copy in quarantine remains and you can restore it afterwards if it's a FP.

    Back to the point, though, it is indeed possible to make NOD scan and take no action, just disable the "Run this profile in cleaning mode" checkbox in the profile you use to schedule scans, and NOD should only detect and alert on what if finds. However it means it will not take action against real malware equally with possible FP's.

    So it's up to you to choose what fits you best... I myself would just have run the scans with the potentially unsafe bix unticked and let NOD clean and, if a FP is found, exclude it and restore from quarantine.

    Cheers,
     
Thread Status:
Not open for further replies.