testing v4

Discussion in 'ESET NOD32 Antivirus v4 Beta Forum' started by ugly, Dec 21, 2008.

Thread Status:
Not open for further replies.
  1. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    If , during install, I choose to perform program component update I get nothing in the next window.

    install.JPG

    If I use advanced heuristics for real-time protection but without AH on execution when I try to run an application I get 100% CPU for a long time and an frozen PC.


    cpu.JPG

    ekrn.JPG


    With AH disabled for real-time protection everything is OK.
    I did not get this with v3 even if I had enabled AH in real-time.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Maybe the application copies some files which are then scanned by AH. You could check this using Process monitor.
     
  3. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    All I wanted to point is that I don't have the same behavior with v3 cofigured like here when starting different applications. So , if nothing changed much in v4 , something is wrong.
     
  4. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    It, likely, a file or a virus processed: Protector, Crypter, packed.

    =>Statistics=>antivirus and antisryware protection: we look often appearing, a file.

    We delete a file, if it not the good.

    I processed a file :
    Protector, Crypter, packed, for concealment maiware, and is very frequent on such files, terrible brakes, but mine CPU to load and on 50 % it will not turn out :p


    Excuse, I use the automatic translator. It can be not clear.

    I from Moscow.:)
     
    Last edited: Dec 22, 2008
  5. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Is ESET aware that it has problemes with AH in real-time and launching some aplications ( not only with wmp11- yes...a windows element...very important -resolved in another thread) ?
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    It's with the way specific files are packed, the best thing is to find the files and report the problem to ESET. That improves things for everyone. Remember for all it's worth advanced heuristics is really a "beta" module, being off by default. I was patient enough to find out the file causing my problem, they fixed it and I've never had problems since. It's also nice knowing you've fixed the problem for potentially thousands of other users. Unfortunately some people don't have the time/experience to find the file causing the problem.
     
  7. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania


    All this happened trying to lunch Advanced Uninstaller Pro 9.1 on XP Pro. SP3 with real-time AH enabled.
    Can't say the scanner stops on a certain file for a long time. Just a frozen PC for a while ......
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Without AH on execution doesn't fix anything if it's on in real time. Advice has been given on how to try solve the problem. It's something only you can do.
     
  9. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    I don't think so.
    I've installed on my machine and reported something wrong.
    ESET should do anything they have to and resolve their product bug.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    They can't resolve a product bug if you don't help them. Sorry, but so far you have provided 0 useful information.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We're not aware of any bug re. advanced heuristics. Of course, enabling it on access may cause delays when running certain applications, that's why a warning is displayed when the user attempts to activate this feature. In the case of widely used and popular applications, we can whitelist them directly in the engine, otherwise you can exclude such application from scanning or disable AH on file access/execution.
     
  12. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Thank you for your answer.
    I'll put that on exclusion.
     
  13. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    When web antivirus founds something nasty you get not 1 warning pop up but 5.
    IMO this is very annoying. This behavior is present both in V3 and V4.(if I remember well , when beta-testing v3 ,Marco's answer was the browser is trying to download that multiple times so you will get multiple warnings)
    But......with any other product I've used (kas.,avira,norton..) will have just one warning and ,of course, a terminated connection. I think this the right way to do it.
    Maybe something like in NOD32 when IMON gives you a nice red warning in the page and that was all.
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Could you provide screenshots? I've only ever had 1 warning (the small non-intrusive window at the corner of the screen that appears for a few sec)
     
  15. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Same here...exactly 5 popups (tried with eicar test file) :thumbd:

    maybe movie clip but screenshot hardly ;)
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This should happen if you switch the browser to active mode. In such case, the browser doesn't receive individual packets, but the whole file at once. If the last packet is blocked, the browser tries to download it again several times.
     
  17. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    No active mode.
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I've just tried to download eicar with Opera. With Opera set to active mode, an alert html page was displayed and an alert bubble appeared only once. When set to passive mode, I got several warnings as Opera was trying to download the last missing packet several times.
     
  19. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    You are right. If the browser is in active mode you get one alert bubble and a warning red page. But the active mode do impact the browsing speed.
    For me the ideal it seems to be one warning in passive mode but that ,I presume, it is not possible.
    Thank you again!
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    So this is limited to Opera?
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The same holds true for any browser that attempts several times to complete download if the last packet is blocked by Eset's products.
     
  22. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    @Marcos
    Is there a possibility for implementing some sort of anti flood for pop-up messages?
     
  23. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853

    So what's the plan now?
     
  24. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    After uninstall "ESET Antispam" folder remain in Outlook Express and I have to manually delete it.

    oe.JPG
     
  25. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    After reinstall ekrn.exe gives me a 100% CPU with no obvious reason.
    Restarting solved the problem.
     
Thread Status:
Not open for further replies.