Training NOD

Hi all. My NOD distributor had no idea what to tell me about the following queries: hopefully someone here might have the answers

I'm a PC tech. I make sure all my customers use NOD32 but I'm finding the latest 5x versions a little too enthusiastic for my own purposes.

The questions I put to my local distributor's helpdesk were:

1) I'd rather use NOD 4 than 5, because it wasn't quite as aggressive, but when I install 4, it automatically upgrades the program to 5. How can I prevent this?

2) If I absolutely MUST stay with 5, how to train it to ask me what to do if it finds anything nasty, instead of just diving in like Terminator and destroying files? I recently moved 20G of data across my network to an archive folder and it wasn't until several days later I discovered that none of the 50 or 60 folders contained any data. All were nicely named, just like the originals, but every one contained 0 bytes. The only culprit had to be NOD32 5.0.95 that was guarding the archive.

But anyway, even it something else was to blame for that incident, NOD has become a little over-zealous, IMHO. That's great for average users, but I'd prefer to have a little more control over what's deemed to be 'dangerous' on my own computer.

Thanks

 

Hello Noddy72

Have you try to download the offline installer of nod32 Version 4.2.71, you can find it here: ESET NOD32 Antivirus 4 Regarding your question on how to change Nod32 response to a threat, then take a look on this article, on how to changing "cleaning level" How do I change the scanner's default response to a virus detection? (I have never used version 4, but I think you will find something similar, regarding " cleaning level")

Cheers, Janus

 

1, all versions from v3 are same in terms of detection so it's not true that v5 would be more aggressive than the previous versions. I can only think of HIPS blocking certain operations which was new in v5. V4 does not upgrade to v5 automatically providing you use an offline installer and do not select to download the latest installer during installation.

2, nothing has changed in terms of cleaning; ESET has always attempted to clean files automatically in default cleaning mode and prompt the user for an action only when inevitable. However, you can adjust cleaning to your likings at any time, for instance, by setting cleaning mode to No cleaning.

 

Have a look here
https://www.wilderssecurity.com/showthread.php?t=197509
for an interesting Tutorial for v. 3 that, maybe, could help you with v. 5

 

Janus, Marcos and Wallaby - thanks for your comments. I don't know what it is about v.5 - I've never taken the time to examine the mechanics of NOD, so I tend to blindly depend on it doing the right thing. And 5 has several times done the wrong thing, like arbitrarily deleting files without warning. - files that I wanted kept.

Maybe NOD isn't for me. As I said, I make sure all my customers use it, because it's unobtrusive and effective. The best of the freebies are Avira, Avast and AVG, IMHO, and I've used them on other folks PCs from time to time, but they've all become way too commercial of late and are virtually unusable.

Like anyone who's been messing with computers for 20-some years, I've got my share of files that cause warning bells to ring in AV systems, but I don't need an uncontrollable gung-ho, cyber-crusader with its own agenda crashing around inside my systems and carrying out search-and-destroy operations at will.

What I need is a totally obedient, subservient and polite gatekeeper, that is clever enough to detect any form of intrusion, but that always asks what to do about it. Malwarebytes does this. I run the free version, which is reactive rather than proactive, and it works brilliantly, often detecting problems that NOD missed.

A hybrid Malwarebytes\NOD combo would be ideal, I think.

Marcos mentioned 'HIPS'. What is this process and what does it do? Could it be responsible for the sort of carnage that recently occurred in my archive server? That was weird. Sixty-odd folders transferred and not one consisted of anything but its label. Zero bytes content, every one. I managed to recover about 30% of them with recovery programs but the rest had just vanished.

I keep telling my customers: Copy - don't Move. Then, when you're sure the copy worked, delete the source. But not until you've checked that the copying worked.

Should have taken my own advice

 

If you didn't get any alert and certain files were deleted, it's very unlikely they were deleted by ESET. Malware detection and cleaning is always logged so I'd suggest checking the Threat log and supplying us with the appropriate records pertaining to the deleted files.

 

Thanks Marcos. You maybe right, that Eset wasn't the culprit. Unfortunately, the Threat log has been wiped; I reinstalled three XP systems after the mystery deletion occurred, in an attempt to get back to basics and start from scratch.

In retrospect, the problem may have been caused by any one of three apps (or maybe a combination of several). These are NOD32 v.5, Teracopy v.2.2 and Internet Explorer 8. NOD we've talked about already. Teracopy has never given me a problem in the 2 or 3 years I've been using it, but I guess there's always a first time. IE8 I mention because it's now got some sort of super-sleuth under the covers that keeps popping up and asking 'Are you sure you want to copy from this location?'

Now, this message may very well have been popping up on the target drive and I wasn't there to see it because I was sitting in front of the source computer. Maybe if this question isn't answered, the copy is disallowed or bollixed in some way. Gawd knows. (Gawd Gates, that is)

But the weird thing that I can't get my head around is that most of the files (which were MOVED, not COPIED by Teracopy) were not recoverable. They'd disappeared from both source and target ends.

It'll have to remain another computer mystery. But I'm going to be REAL careful when transferring files in future.

Cheers.