Smart vs In-Depth Scans; Advanced Setup Settings

SMART SCAN VS IN-DEPTH SCAN: EFFECTS OF ADVANCED SETUP SETTINGS

The following statements may be obvious to everyone else --- although I cannot find any substantive equivalents in either the NOD32 v4.2 Help or User Guide --- but I did not know them until a few days ago. In case others also may not know them, I am posting them here.

"0) The sole function of this [Smart Optimization] option is to improve scanning speed" [without reducing "efficiency," which could be described as "efficient security" or simply as "security".]

"1) Running any On-Demand scan will not change any Advanced Setup Tree settings.

"2) Running any On-Demand scan will follow all (i.e. not ignore any) relevant (default or user-selected) Advanced Setup Tree settings.

"Both of these statements apply regardless whether the scan is a Smart [optimization] scan or a Custom scan (based on an In-Depth profile, a Context Menu profile, or a User-created-profile), and regardless whether the scan profile uses only Default-settings or uses a mix of Default and User-selected settings (selected from within the Advanced Setup Tree)."

----------------------------------------------------------------

NOTE: I was able to discover and establish these statements' accuracy only with enormous help from ESET's Home support services, by a single correspondent. (Case #686348 - "Other Download/Installation issue - Download/installation". Our email correspondence, 22-30 April 2011, totals approximately 5615 words.) I have posted the statements above with his permission. [His message to me of Friday 29 April 2011, 10:22 am PDT (GMT-07:00)]

Statement 0) above is extracted from two messages to me from my ESET Home support correspondent:

"I [my ESET Home support correspondent] have been assured that checking the Smart Optimization option has no affect on any of your other user-defined options. The sole function of this option is to improve scanning speed via the mechanism I briefly explained in the last email. Though we cannot disclose the exact mechanisms used, as they are part of our core intellectual property and also change frequently, rest assured that there is no additional security risk associated with using Smart Optimization." [Tuesday 26 April 2011, 09:18 am PDT (GMT-07:00)]

The "mechanism I briefly explained in the last email" was:
"One example of a behavior that occurs when running under smart optimization is the ability to recognize when a file was scanned last, and if no changes were made to the file or the virus signature database, the scanning engine can skip it, increasing overall scan speed." [Saturday 23 April 2011, 11:22 am PDT (GMT-07:00)]

Statements 1) and 2), and the following "Both" paragraph, were drafted by me, but have been read and approved by my ESET Home support correspondent, who showed at least some of our correspondence to other support personnel and to "our product team as well as any other appropriate parties involved with the documentation and support of our product." [Saturday 30 April 2011, 10:38:19 am PDT (GMT-0700)]


USES OF THIS INFORMATION

As a result of statements 0), 1), and 2), I been able to set up my NOD32 v4.2.71.2 so that I have heightened the security in my Advanced Setup Tree settings. Also, I can choose, from the Graphic User Interface (GUI) Window, either a Smart scan or an In-Depth scan (each with the same heightened security settings). I choose Smart Scan if I am in a hurry, or In-Depth Scan if I want to scan everything on the computer (which alerts me to any files that may have been corrupted even if not modified or created recently).

My new setup does not fully follow ESET's recommendations. At the end of this message, see ESET'S APPROACH.


BACKGROUND

In 2005, when I first started using ESET's NOD32 (then version 2.x), all of my On-Demand scans were "In Depth" because that option provided the most thorough scan.

With NOD32 v4.x I have continued using only "In Depth" On-Demand scans (rather than Smart scans), after first going through every setting in the Advanced Setup Tree to heighten security, for example by Checking (i.e. adding) settings for Heuristics, Advanced Heuristics, Unsafe and Unwanted applications, and Email. Some of those new settings generated warnings that they would slow the computer down, but that did not concern me because I On-Demand scan only at night when I am asleep and my computer is not doing anything else. (Advanced Heuristics warned also that it could generate false positives, but since 2005 I can recall having only one of those, which was for a very old file compressed by WordPerfect's no-longer-used Envoy utility.)

But this April, when I upgraded NOD32 4.0.474 to 4.2.71.2, I decided that I ought to find out exactly what a Smart [optimization] scan did, and whether I could customize it as I had customized In-Depth scans. On the Wilders NOD32 v4 forum, I started a thread ("Questions about NOD32 AV version 4.2.71.2 setup" https://www.wilderssecurity.com/showthread.php?t=296937) with a bunch of questions. I got excellent answers answers to two of my questions, and then the thread became inactive. So I contacted ESET Home support, and got the answers I needed --- which indirectly answered many of my unanswered questions in the inactive thread.

As described above, I went through every setting in the Advanced Setup Tree to heighten security, but this time, for On-Demand computer scan I also modified each of its three basic profiles --- Smart scan, In-Depth Scan, and Context Menu scan --- to heighten security by Checking (i.e. adding) settings for Heuristics, Advanced Heuristics, Unsafe and Unwanted applications, and Email files. My Smart scan and In-Depth scan profiles are identical, except that Enable Smart Optimization is Checked in Smart scan but not in In-Depth scan.

[The Email files settings are in the On-Demand computer scan Smart, In-Depth, and Contest Menu profiles, ThreatSense engine parameter setup > Objects. I was surprised that Smart scan and In-Depth (and also Context Menu) scan profiles do not include Email files by default. But that may be caused by my using Mozilla SeaMonkey's Browser and Email package, rather than Mozilla Firefox and Thunderbird. Nevertheless, because my ISP uses POP3 rather than IMAP, and I have enabled Email files anywhere it is listed in the Advanced Setup Tree, my email is checked when downloaded, and in On-Demand scans.]


ESET'S APPROACH

According to my ESET Home support correspondent:
"Typically we do not recommend that users change the profiles associated with Smart Scan or In-Depth Scan [presumably because their defaults might be needed as the basis for future user-created profiles], and that they only modify the 'My Profile' scan, or create new profiles from within Advanced Setup. By doing [so] you could create any number of variations of your preferred scan settings." [Tuesday 26 April 2011, 04:17 pm PDT (GMT-07:00)]
(Note that this statement does not mention Context Menu profile settings.)

But because I have no need for additional user-created profiles, I decided not to create new profiles (such as "My Smart Scan" and "My In-Depth Scan"), but instead to customize the already available profiles (Smart scan, In-Depth scan, and Context Menu scan). My customizations only select additional settings, and do not delete any ESET default settings (other than not-checking "Enable Smart optimization" in the In-Depth profile).
[In my Context Menu profile, "Enable Smart optimization" is not checked, which is ESET's default.]

If I ever did need to follow ESET's recommendation, returning the Smart Scan and In-Depth Scan profiles to their defaults would not be difficult: In the Advanced Setup Tree, one click restores a profile's defaults.

Incidentally, for User-created profiles, see the NOD32 v4.2 User Guide, page 17, section 4.1.5.3. The reference to section 4.1.6 should be to section 4.1.7.

I hope this information is of some use to others. It certainly has been useful to me.

Of course I would welcome any comments or suggestions.

Roger Folsom

________________________________________________________________

P.S. In the Advanced Setup Tree, Real-Time file system protection, Advanced setup > Additional ThreatSense parameters for executed files > Advanced heuristics on executing files from removable media > Exceptions, includes the following introduction:

"This option allows you to exclude objects from being scanned by advanced heuristics on file execution.
"Advanced heuristics settings for hard drives will be applied to selected devices."

To me, those two sentences are contradictory (because the first sentence says "exclude" and the second sentence says "applied"), and if I did not want Advanced Heuristics to apply to something --- that is, if I wanted something to be excluded from Advanced Heuristics --- I couldn't figure out whether I should check it, or leave it unchecked.

My ESET Home support correspondent clarified that. To exclude an object from being scanned by advanced heuristics on file execution, check its box.

 

Thanks for the information.I am sure you took a lot of time to complete this post.

 

I dont know if on demand profiles can be restored by using "restore default" button

 

toxinon:

I have run an experiment to test that. The experiment requires being in an Administrator account, in either Windows 2000 (which I use) or XP. I don't know anything about Windows 7.

The button I have in mind is "Default," not "restore default."

To restore a scan profile's defaults, go to Advanced Setup Tree > On-demand computer scan > Selected profile field. Then select a profile. In my case, the profile already selected was In-Depth scan, so I used the dropdown menu to select Context Menu, because that's the profile I wanted for this experiment.

But Context Menu scan is just an example. The procedure below should work for any scan profile: Smart, In-Depth, Context Menu, or a user-created profile.

After I got Context Menu selected and displayed in the Selected profile field (details are in a concluding NOTE, below), I clicked on ThreatSense engine parameter setup, and clicked the Default button. That got me a Yes or No box with the message "Are you sure you want to revert all settings to defaults?" I guessed that means "Are you sure you want to revert all settings in this profile to defaults?" So I clicked Yes.

The defaults were restored. That is, the following items that were checked in my customized settings for this profile, all became not checked after I selected Yes in the Yes or No box: In Objects, Email files now was not checked; in Options, Potentially unsafe applications now was not checked, and Display notification about scan completion in a separate window now was not checked.
I then checked my other On-demand scan profiles (Smart and In-Depth), and their customized settings had not been restored to their defaults.

Apparently, "Are you sure you want to revert all settings to defaults?" really does mean "Are you sure you want to revert all settings in this profile to defaults?"

But to confirm that, I exited ThreatSense engine parameter setup with OK, and exited the Advanced Setup Tree with another OK, and then exited the ESET NOD32 Window by using the X in the upper right corner.

I then re-entered the Advanced Setup Tree, confirmed that the only returned-to-default settings were in the Context Menu profile, exited the Advanced Setup Tree and the ESET NOD32 Window, and Restarted my computer. Back in my Administrator account, I then re-entered the Advanced Setup Tree, and again confirmed that the Context Menu settings were still restored to their defaults, and that my other profiles still had their customized settings.

Of course, I have since restored my customized Context Menu settings to the way I had them before running this experiment.

[Note: Initially, my Selected profile field said "In-Depth scan." When I used the dropdown menu and selected Context Menu scan, the Selected profile field continued to say "In-Depth scan." The solution to that was to select the Profiles button (immediately to the right of the Selected profile field), which opens a Configuration profiles box. In that box, in the Profile name list, select Context Menu scan, and click OK. That should put Context Menu scan in the Selected Profiles field.
The following should not be necessary. Once I thought I needed to do it, but now I cannot replicate the need to do it. If the preceding paragraph doesn't work, try again by clicking the Profiles button to enter Configuration profiles, again select Context Menu in the Profile name list, and then click the Add button, which opens a New Profile box. Don't add anything. Exit the New Profile box by clicking Cancel (OK is greyed out because you didn't add anything new), and then exit Configuration profiles by clicking OK. That definitely should put Context Menu scan in the Selected Profiles field.]

I hope my experiment is convincing. But if anyone wants to repeat my experiment, I suggest that they try it on some scan profile other than Context Menu.

Roger Folsom

 

yongsua:

Thanks for noticing!

Roger Folsom

P.S. Here's hoping that someone at ESET will notice, and that in the next NOD32 version the statement "Are you sure you want to revert all settings to defaults?" will be updated to "Are you sure you want to revert all settings in this profile to defaults?"

 

You are welcome