Why is IMON and DMON needed?

Discussion in 'NOD32 version 2 Forum' started by Tannor, Aug 6, 2005.

Thread Status:
Not open for further replies.
  1. Tannor

    Tannor Registered Member

    Joined:
    Jul 30, 2005
    Posts:
    22
    I have been running nod32 for almost two weeks now and so far love it.


    But i have two questions.

    Do we really need these running? I dont understand the purposes if you have AMON running all the time as well as do a full scan at least once a week?

    What is the advantage of IMON if you have it on vs off? Why would AMON miss anything that comes downloaded? It almsot seems redundant.

    Same thing with DMON. If you dont have that on means word docs dont get scanned?
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    See here for the answer.http://www.nod32.com/support/nodfaq2.htm Also I suggest you use Blackspears settings posted on this forum. I would not disable anything myself.
     
    Last edited: Aug 6, 2005
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Check the help file that comes with NOD for explanations of the modules. It has a wealth of info.

    Imon checks files coming in from the internet and will stop malware before it hits your hard drive.
    This is a great advantage over having to clean up your hard drive. :)
     
  4. Tannor

    Tannor Registered Member

    Joined:
    Jul 30, 2005
    Posts:
    22


    thanks for the link in faq says dont need dmon if have amon..so gonna disable that...also since not using pop email i dont really need imon gonna keep that disabled as well
     
  5. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    IMON is not just for pop email, its for scaning webpages before they load into ur browser. I strongly suggest u keep IMON enabled. it isnt gonna take much resources anyway, so why disable it?
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    quite frankly it couldnt hurt to keep DMON enabled either. nod32 uses very little resources as it is.
     
  7. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    Exactly! i think it would make VERY little difference (if any at all) if u disable DMON and IMON. Why do you u want to disable it?

    PS: FYI, i tried disabling both DMON and IMON, it just made a difference of about 8-10 KB. Dont u think u can sacrifice around 10 KB for extra protectiono_O
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i feel IMON adds to the uniqueness of NOD32. id like to see KAV (resident) scan an incoming archive without me opening it.
     
  9. Tannor

    Tannor Registered Member

    Joined:
    Jul 30, 2005
    Posts:
    22

    I just dont see the point...it seems way to redudant.


    Lets anaylze this. I go to a web page and something downloads to my machine. In thoery should not AMON notify me that something suspicious was downloaded ot my machine and clean?

    If not then AMON is not doing its job right.


    I rather have a servive or process not be running if not needed, i try to keep my machine as clean as possible especially since i am a heavy gamer.
     
  10. vee

    vee Registered Member

    Joined:
    May 29, 2005
    Posts:
    34
    Location:
    Zagreb, HR
    only with IMON you didn't even download it to your PC... layers of protection.
    regards,
    vee
     
  11. Tannor

    Tannor Registered Member

    Joined:
    Jul 30, 2005
    Posts:
    22


    maybe...but still between outpost and nod32 AMON...i am really not worried. I have used IMON now for two weeks it has scanned hundreds of files and never once found a thing.

    I still dont think IMON will be as good as using adware and spybot once a week.
     
  12. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    IMON isnt meant as a replacement for antispyware scans. IMON just intercepts viruses earlier than AMON tho both modules use teh same defs. if imon hasnt found anything yet then amon wouldnt have either.
     
  13. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    Why get infected in the first place and let crap enter your browsers cache? Prevention is better than cure! BTW, IMON does not use a separate process...
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Correct me if I am wrong, but the "network packet" is downloaded to the machine, but it is being checked in some "network buffer" (probably one that IMON sets aside). Is this correct? In any case, it is a very nice capability.

    Rich
     
  15. PlexShaw

    PlexShaw Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    62
    Why would anyone want to turn off IMON? o_O

    It's one of the best features of NOD32.
     
  16. vee

    vee Registered Member

    Joined:
    May 29, 2005
    Posts:
    34
    Location:
    Zagreb, HR
    try eicar.com test virus... it isn't even downloaded AFAIK...

    regards,
    vee

     
  17. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hmmm ... Unless IMON is executing on a remote server or on an external device (e.g. a router), how can it possibly process the data unless the data (e.g. data packet) is already on the local machine, where IMON process is located? If someone can expand on this, I would be very appreciative. Thanks.

    Rich
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Advanced heuristics using emulation I believe. A virtual machine on your machine gives the file a spin first. Best I can do. :D
     
  19. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks ronjor.

    Rich
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Rich


    Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immediatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.

    Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.

    http://www.antivirusworld.com/articles/antivirus.php
     
  21. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi ronjor,

    It seems as different approaches to analyze the behavior of applications in a "safer" manner - i.e. in an "environment" that protects the operating system's resources. I would imagine it is not worthwhile for any malware developer to try to build in code that might "break through" these "safe environments". This malware detection is a tricky business. ;)

    Thanks again for your insights.

    Rich
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    It certainly is. :)
     
  23. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    By all means I do not understand why you would want to disable IMON. It is not worth taking the risk. I would keep it enabled as others have stated here versus having to try to cleanup your machine later on.
     
  24. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Seems Antivir might have been a more appropriate choice.
     
  25. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Well, this is an amazingly enlightening thread for me.

    Let me explain.

    I won a free licence for NOD32 in the recent giveaway. I installed it and have been using it with no problems. I also won a licence in the previous giveaway but due to a complex period of things happening I let that first licence expire.

    So when I got the next licence I decided to continue to use it as I had always done before, with both IMON and DMON disabled and with EMON also disabled.

    As I use AOL I simply thought that IMON was for emails due to it saying something about POP3 in its setup section and with AOL using its own email system I thought it was of no use to me... same reason I disabled EMON which I understand is purely for MS Outlook which I certainly never use.

    I also didn't see the need for DMON if AMON was enabled which of course it always is.

    Anyway... saw this thread... and did some checks.

    Wow... big surprise to me I must say.

    With IMON now enabled I realise that it also checks all internet content from any browsed sites due to the http tab in setup being active, and in the last 2 hours since having it switched on it has actually checked over 500 files.

    This has to be worth having. Even if AMON is checking all files, to have this extra layer of protection up front has to be good. I will now be leaving IMON on from this point in time. I need to do more checks with DMON but for now I have it on also. EMON I'm sure I will never need due to AOL email in use only.

    This is the sort of thread I love... it has helped me see something I missed before. It is always up to each individual how they protect their own system and if Tannor is perfectly happy to set his protection to the minimum that he feels is all he needs then that has to be his choice to do so. For me... I like this extra layer... and had it not been for this discussion I would have blissfully been unaware of the correct function of IMON.

    This is one fantastic product... this time I will not let the licence lapse.

    Z :cool:
     
Thread Status:
Not open for further replies.