Upgraded to v4 A-V: 3 Challenges

Discussion in 'ESET NOD32 Antivirus' started by Chamlin, Sep 18, 2009.

Thread Status:
Not open for further replies.
  1. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    On an XP Pro system, I am using:

    NOD32 v4.0.437.0
    Online Armor 3.5.0.32
    Spysweeper 5.5.7.103 (not with A-V)

    Thunderbird 2.0.0.23 with Cloudmark Desktop 1.0 (spam blocker)


    A. In the Threat Sense Engine default "options" in Thunderbird's setup, everything is checked except "potentially unsafe applications". That seems more of a threat than "potentially unwanted applications" (which is checked.) Why is the default set up that way? Isn't unsafe worse than unwanted?

    B. Are there other "consensus best settings" to adjust?

    C. Cloudmark identifies spam upon arrival, moves it from the inbox to the junk folder. Every time it is moving an email from the inbox to the junk folder, I get this message:
    "An error occurred communicating with the Cloudmark Service".

    I also have this in the Scanner Setup (not sure which of these I should checko_O):
    http://screencast.com/t/aVEgGKTFbxLR

    What do I need to do to allow Cloudmark to work right?
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello Chamlin,

    The default settings should be ideal for most setups. If you have any backup software, you will want to exclude it from the real-time scanner.

    You should uncheck Cloudmark from the email clients list since it is not the actual client, thunderbird is. This should fix the communication error.
     
  3. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Thanks Wayne.

    1. I've unchecked everything in the email clients except thunderbird, but the cloudmark error is still occurring. It has to be something with NOD32 because it only started happening once v4 got installed. What else can I try?

    2. When you say exclude backup software from the real-time scanner:
    A. Is that the Smart Scan, Custom Scan or both?

    B. Do I exclude FDISR and Acronis? And if so, how/where do I exclude them?

    Thanks!
    Chamlin
     
  4. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    Excluding back-up software from the real-time scanner might decrease the time making the backup. If you are fine with the time it takes for scheduled back-ups you don't need to exclude them really.. (Except if you get errors at copying)

    Here is a KB article how to exclude items. I believe that exclusion list is for both the real-time and all on-demand scans.

    Personally I haven't set exclusions for FD-ISR, when I copy a new snapshot I just temporary disable real-time monitoring from the NOD32 tray icon. I always manual make/update new snapshots, if you schedule (and like to speed it up) you need to exclude whole c:\$ISR\ directory I guess. (see below)

    I don't know if NOD32 supports excluding executables so it wont monitor what files that executable uses (to copy, in this example). Cant find a answer for that atm. If so, you just have to exclude the executables from Acronis and FD-ISR.
     
  5. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    You can exclude executable files like you are talking about. This is the best option for backup software so you only exclude the executable and all the other files still get scanned.


    Chamlin,

    The interruption or difficulty you described may be a result of the Web Access Protection feature.

    1. Open the main program window by clicking the ESET icon next to the system clock or by clicking 'Start' -> 'All Programs' -> 'ESET' -> 'ESET Smart Security' or 'ESET NOD32 Antivirus'.

    2. Press the F5 key to display the Advanced Setup window.

    3. From the Advanced Setup tree, click 'Antivirus and antispyware' -> 'Protocol Filtering'.

    For ESET Smart Security users, click 'Personal Firewall' -> 'Protocol Filtering'.

    4. Select the 'Applications marked as Internet browsers or e-mail clients' option.

    5. Click 'OK' to save your changes and then restart your computer.
     
  6. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Thanks Wayne, am trying this now.
     
  7. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
  8. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Chamlin,

    Does it work if you disable web access protection? Also, does the software communicate to the internet or locally to a service for what it is trying to do?
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Rather than disabling web protection try disabling HTTP checking in the main setup tree just to see if it makes a difference.
     
  10. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Cloudmark has a database of Spam that its community deemed as Spam collectively, so I'm pretty sure it communicates with the Internet.
     
  11. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Trying this at Noon on Sunday.
     
    Last edited: Oct 4, 2009
  12. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Unfortunately, that didn't do it. :(

    By the way, I can't disable web protection as it appears to be already disabled and I can't enable it.

    Also, just reverted the "Applications marked as Internet browsers or e-mail clients" back to the "Ports and Applications" option that was set as default since it didn't seem to change anything.

    Oh, and now it appears the "Disable Web Access Protection" is re-enabled. Hmmm....

    Guidance please?
     
    Last edited: Oct 4, 2009
  13. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Chamlin,

    Make sure that Cloudmark is not checked in the Email clients section of POP3, POP3S as well.
     
  14. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Guys, I've resolved the problem by making a change in Cloudmark. So....

    I've made a number of changes. What is the best thing to do now? Is it most wise to click on a "global default" to get the program back to how it was installed?

    Thanks,
    Chamlin
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    Are you using any web filters like K9 or any other parental web filters? Somtimes they can read the communication of some programs as being malicious or belonging to an unknown domain. They then block the communication silently without the user knowing. I had this happen with K9 webfilter blocking Prevx's webserver once. I was so baffled as to why i couldn't activate my Prevx key. I would have never figured it out if Prevx had not came through with such good support.
     
  16. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    That would be the fastest and most complete way of doing it. However, if you lose any connectivity after restoring the defaults, you will need to go through the steps again to find which change is the solution.
     
  17. haerdalis

    haerdalis Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    74
    Where do I find this setting with NOD32 Antivirus 4.0.467 x64?
    For some reason it doesn't exist at all when running Windows 7 Pro x64.

    Wanted:
    http://img35.imageshack.us/img35/7229/nodsetting2.png

    Actually displayed:
    http://img690.imageshack.us/img690/2268/nod324.jpg

    I'm asking for this because NOD32 tends to interfere with/slow down some programs.

    Additionaly for some reason NOD32 creates an extraordinary amount of temporary files during a day (although they disappear after a shutdown) with
    filenames like HTTA45B.tmp (usually 30-50MB each, currently I have 1GB worth) etc.
     
    Last edited: Nov 10, 2009
  18. haerdalis

    haerdalis Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    74
    I sort of found the answer to the main question myself.. although it makes NOD32 somewhat useless with all OS versions newer than unpatched Vista in the cases mentioned:
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2132

    Useless because if NOD32 interferes, there is no way to exclude that application from scanning.
     
    Last edited: Nov 10, 2009
Thread Status:
Not open for further replies.