Web Access Protection's heuristics

Discussion in 'ESET NOD32 Antivirus' started by jmc777, Sep 30, 2009.

Thread Status:
Not open for further replies.
  1. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Is there a top secret command line switch to enable these slightly more sensitive heuristics in a scan?
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello jmc777,

    If you open up the Advanced Setup window by pressing F5 and then navigate to the Web access protection section, you can find what you are looking for. Click on the Setup button next to ThreatSense engine parameter setup and then choose Options. This is where you would turn on and off Heuristics.
     
  3. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Thanks for the reply WayneP; I think I may have got my wires crossed. Maybe I've misunderstood what Marcos said in the past when he said that the Web Access Protection module uses more sensitive heuristics than the other modules. I forgot that the default for Advanced Heuristics in the real-time scanner is 'off', and I'm guessing that's what he was referring to (if he reads this post maybe he can clarify things for me). I had it in my head that there may have been an undocumented setting for a more paranoid/sensitive version of Advanced Heuristics hidden away in EAV/ESS that wasn't available to the real-time scanner, or in manual scans. :doubt:

    (Edit: I don't know if that explains my thoughts, or if it confuses things further. o_O)
     
    Last edited: Oct 3, 2009
  4. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Ok, I've been thinking about this some more and would like to ask this question: When I perform an 'in-depth' scan with default settings, are the heuristics used during the scan as sensitive as the web access protection module's heuristics?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Of course not, otherwise the on-demand scanner might detect a lot of false positives on the disk. Web protection is sensitive to suspicious packers which wouldn't do good if the same sensitivity was used by the on-demand scanner.
     
  6. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Right, now we're getting somewhere! Back to the original question: is there any way to call in this extra packer sensitivity with a command line switch when performing a scan with ecls.exe?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No, there's no way to enable it as it would be too dangerous.
     
Thread Status:
Not open for further replies.