Why does Nod32 want to log keystrokes?

Discussion in 'NOD32 version 2 Forum' started by 072707, Jul 29, 2007.

Thread Status:
Not open for further replies.
  1. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    6 days into 15 day trial Cyberhawk Pro 2.0.4 alerts me Nod32 wants to log keystrokes. I told CyberHawk to allow Nod32 to log keystrokes. Was that the right choice?

    After using Nod32 through the entire trial period of, I believe, 40 days I am now running the full(purchased) Nod32 2.70.39 version with virus signature database 2426 (20070727). However, I just configured Nod32 to Blackspears specifications( https://www.wilderssecurity.com/showthread.php?t=37509 ) about 5 days ago. After configuring it to Blackspears specs the only change I really noticed is that Nod32 now takes about 1hour 10minutes to on-demand scan as opposed to the 17minutes or so before the reconfiguration. This is the first time that Cyberhawk has told me Nod32 wants to log keystrokes. I allowed it.

    Should I be allowing NOd32 to log keystrokes?

    My other post to the geekstogo forum is http://www.geekstogo.com/forum/thes...ean-XP-sp2-machine-now-invulnera-t165600.html
     
  2. ASpace

    ASpace Guest

    Hello and Welcome to Wilders!

    It should be false-postive alarm because NOD32 doesn't keylog . If you really want to use CyberHawk , you should allow NOD32.

    This is because with BS's settings you can enabled all possible options such as Run-time packers,Advanced heuristics , Adware/Spyware/Riskware . You may have used another profile before - without these options.
     
  3. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Hi,
    This is a known false-positive problem with CyberHawk. CyberHawk are aware of it and were supposed to have fixed it, obviously they havn't. Just allow NOD32.
    Ian
     
  4. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Thankyou very much HiTech_boy and Dark Star 72. I will consider it a false positive.
     
  5. ASpace

    ASpace Guest

    You are welcome !

    Enjoy your NOD32 ! :thumb:
     
  6. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    This is an update to: http://www.geekstogo.com/forum/Why-nod32-logging-keystrokes-t165696.html

    I just heard back from ESET Customer Care again:

    An ESET Customer Care Representative has updated this case with the following information:

    Hello,
    We do not have any code that logs keystrokes; in fact our new version 2.7.xx was introduced to prevent these types of tools.

    We do not recommend running any other AV, Anti-malware, Anti-adware programs in conjunction with NOD32. Using two AV type scanners will eventually lead to file system corruption and eventual system failure.


    Please contact that vendor for a solution.


    Thank you

    I very much appreciate ESET's advice and I hold them in very high regard, but I still wanted to clarify my "reasoning" to them even if I am only an average XP sp2 user. Following is the text of my reply to ESET:



    The program that I mentioned is, to my understanding, a HIPS, or behavior analyzing type program. To my understanding HIPS fits within a category of security applications that has been developed to run simultaneously with conventional AV, etc. They do not rely upon "signatures" to stop viruses, etc. I am feeling somewhat "conflicted" now because, based solely upon my own "research", I do feel that these types of security applications are an important and necessary component of a comprehensive and "layered" approach to computer security.

    I really need to consider this subject more because HIPS, or behavior analyzing security applications, are very well known to a certain category of computer users and, from what I can discern, are "deployed" on windows XP machines simultaneously with conventional AV and antispyware and antimalware products. I "consulted" user forums like "wilderssecurity, where it is my understanding that ESET maintins an OFFICIAL Support Forum( https://www.wilderssecurity.com/forumdisplay.php?f=15 ) , castlecops.com, geekstogo.com, and tomcoyote.org during my "research" into additional security measures that I can/should take in addition to conventional firewall, antivirus, antispyware, etc. Wilderssecurity.com has significant threads supporting the use of HIPS, or behavior analyzing type security applications, simultaneously with Nod32.

    Possibly to my credit I had already developed a very high opinion of Nod32 after doing the same kind of research that led to my conclusion(s) about the use of HIPS, or behavior analyzing security applications. I ALLOWED the so called key logging, as reported by Cyberhawk Pro(HIPS), because I valued the integrity of ESET far more than that of the Cyberhawk Pro trial program. I just was not willing to believe that Nod32 on a new install of XP sp2 was specifically doing something bad nor did I believe the new XP install had been "infected" by something aggressive or effective enough to "masquerade" as or manipulate Nod32.

    Researching on some of the forums that I mentioned I am told that this "false positive" is a known issue to Cyberhawk's makers; however, I am unclear of when or if the "fix" will be deployed. Again, I told it to ALLOW Nod32 though.


    I used the trial version of Nod32 in just the same way before I bought the full version.


    My question now is: Does running anything more than Nod32 and a firewall(Comodo in my case) on my XP sp2 machine "eventually lead to file system corruption and eventual system failure" like ESET stated in the email or was this possibly just a "quick" answer by an ESET representative who may not necessarily be familiar with the purported importance of and the real popularity of HIPS and other behavior analyzing software?


    The security applications that I am running on my XP sp2 are listed http://www.geekstogo.com/forum/thes...ean-XP-sp2-machine-now-invulnera-t165600.html

    Can anyone tell me if they see any potential conflicts?
     
  7. psych1610

    psych1610 Registered Member

    Joined:
    Jun 16, 2007
    Posts:
    62
    Location:
    Redneckville, FL .. originally Newburgh, NY!!!!
    Hi, I run Nod32, Comodo Firewall, Comodo BoClean, Spyware Terminator Realtime, and spybots real time protection teatimer. So far as I know since none of these products directly interfere with the operation of the other ones my system is stable.

    Now it may be over kill in protection for me, but that wasn't the question..

    I think you have a bunch of security products running, but that may be just right for you (are no script, and key scrambler extensions for firefox? I think they are, and firefox is a wonderful browser). What I hear mentioned alot around here is "it depends on your surfing habits".

    From what I saw I didn't see any potential conflicts (but then again I'm no security expert). Just keep in mind the more programs running, the more inherently your system gets just from too many things happening. As far as program instability and conflict I think you're ok.

    psych1610
     
  8. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Hi,
    Drop CyberHawk and run Online Armor v2 with firewall. Runs sweet, no problems at all. A few more pop ups than CyberHawk to start with then you probably will not hear from it unless you install new software or visit sites you shouldn't! Online Armor is the future. Stay safe,
    Ian
     
Thread Status:
Not open for further replies.