Shouldn't the results of an on demand scan be simple, readable and comprehensive?

Discussion in 'ESET NOD32 Antivirus' started by HandsOff, Mar 2, 2008.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Oh, by the way, I just renewed for two more years!

    I think NOD32 does a great job...but it is kind of hard to tell just what it is doing.

    Over a year ago I mentioned this problem in the v2 forum, and I am a bit disappointed that nothing seems to have changed. It could be that I just am missing something.

    First, when I do a complete system scan there are literally thousands of results returned for files that are encrypted. I would really, REALLY like not to see these results. These files were encrypted yesterday, they will be encrypted tomorrow. Including these makes any meaningful review of the results all but impossible.

    OK, that is just petty complaining on my part, I guess. What did my first complete scan find? It found, as near as I can tell, 1 threat which could not be cleaned and was deleted. I can't seem to find out what virus was detected, what file was infected. It seems possible that a backup copy was saved. It seems as though I a free to submit the file to Eset for analysis, however I won't be informed of the results.

    I'm sorry that is not the way I operate. Cooperation is a two way street. How could you even ask someone to submit a sample when you cannot be bothered to respond with some statement about the findings?

    I know NOD32 users as a group will benefit from the submission of possibly infected with a virus samples, however, that is all the more reason to show some courtesy to those who submit such samples.

    I don't guess this is going to change, but...
    ...
    I would like to know what file was infected, and by what. Surely, I just am not getting it!


    -HandsOff!
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    Enter the advanced setup tree:
    On-demand computer scan-> ThreatSense engine parameter setup->Other
    uncheck 'Log all objects'

    Also, within the advanced tree: Tools->Log files: Change the field
    'Minimum logging verbosity' to suit your needs.
     
  3. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California

    Thank you, Thankful! So far what I have done is to change the Minimum logging verbosity to "Warnings". I'm not sure if that is correct. Is a warning > an error? Is an error serious? I feel like I am shooting in the dark!




    -HandsOff!
     
    Last edited: Mar 2, 2008
  4. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    I have the value set to 'Informative records'. I usually have about 20 to 30 records per log file.
     
  5. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    informative...sounds good. I'm going to go with "warnings" and do a scan.

    But lets just say I wanted to set this setting by knowing what each of the parameters includes. Then I would have to know what is included in:

    -Diagnostic Records
    -Informative Records
    -Warnings
    -Errors
    -Critical Errors

    In order to make sure that the setting I choose is the one that I want.

    Per the guide .chm file:
    Minimum logging verbosity - Specifies the minimum verbosity level of events to be logged

    Critical errors – logs all critical errors - error starting Antivirus protection etc.

    Errors – only errors of type "Error downloading file" and critical errors will be recorded

    Warnings – records all critical errors, errors and warning messages

    Informative records – logs all informative messages including successful updates and all records above

    Diagnostic records – logs all information needed for fine-tuning of the program and all records above

    Not one word is mentioned about viruses or encrypted files. It could be that those are in a separate log, however, I don't see where settings for this are.

    Question: If I set to warnings, will I still be logging threats found. Are records of viruses detected even saved to a log file. I saved the entire results of the first scan with an external viewer, so that I can go back and check what was initially displayed.

    -----------------------
    To answer my own question of what virus and what file, in this case:

    Now when I look at the on demand log I see:
    2/25/2008 7:46:54 PM ...;A:\;C:... 522811 1 1 Completed
    Which indicates that one threat was found and "cleaned"

    Then checking Quarantine, I finally find out because there is a file there, and a description of the type of virus.

    ...But let's say that it was possible for NOD32 to clean the file without quarantining it. There would be nothing in quarantine, correct? Would I have no way of knowing what file was infected, and with what? Obviously (I think) I would like to know these things.


    Thanks for your response, and I think I am a bit closer to understanding,

    -HandsOff!
     
Thread Status:
Not open for further replies.