XML Files and configurations

Discussion in 'ESET NOD32 Antivirus' started by Ritmo2k, Dec 1, 2007.

Thread Status:
Not open for further replies.
  1. Ritmo2k

    Ritmo2k Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    13
    I pushed a v3 install out with a config I *thought* was right, but certain modules were not turned off. I reconfigured the client the way I wanted and exported a config from the client. I diff'ed the two xml's (The original used for deployment and the one exported out after reconfiguring) and they are the same?

    Should I gather from this that export config is broken, only exports the original deployed config or only exports the most recently deployed config from the RAS/C?

    I still can't produce a reliable result in the configuration editor that turns off the v3 equivalents of imon and emon. I just want realtime and on access scanning for a group of machines.

    Thanks!
    jlc
     
  2. ASpace

    ASpace Guest

    In v3 these can't be completely off ( I mean in the same way as they were in v2) . Example in v2 one can completely not register IMON , or make EMON not load from the beginning .

    To stop the email and internet scannings of v3 you should change your configuration this way:

    • POP3 - "Enable mail checking" - unchecked
    • POP3 - no mail clients checked
    • Protocol filtering set to "Applications marked as Internet browsers and email clients"
    • In the web-browsers : no application checked/selected as web-browser
    • Disable integration with OE and Office Outlook


    As far as I remember , all these can be changed via the Configuration editor.

    With these changes the icon should remain green and think protection is active , even though no traffic will be routed and scanned . This is to make the icon stay green and not bother users of these machines :thumb:
     
  3. Ritmo2k

    Ritmo2k Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    13
    HiTech_boy,

    I still cant make a reliable config, after installing a client manually and configuring it as I like I exported the config (I checked the xml and see the modules turned off) I then apply that config to an install package and deploy to another test machine, now all modules are on? Sigh...

    I do think NOD is the best, but their config leaves a lot to be desired as their are options scattered everywhere and it appears to have a few bugs (This one and the one that I started the topic with). I will call Support Monday, thanks.

    jlc
     
  4. ASpace

    ASpace Guest


    If you follow the instructions I gave you , the GUI will think modules are (and actually they will be ON) but they will not scan emails and http traffic .

    If you configure your clients as per the above instructions , it will be OK . Otherwise , if you disable the modules , the traffic will still be routed through ekrn.exe but will not be scanned and the GUI will display alerts because it thinks you may be in trouble.

    So , the conclusion , it can be done :)
     
  5. Ritmo2k

    Ritmo2k Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    13
    HiTech_boy,
    I need to deploy the app configured for various reasons, some of which are exclusions for example. If the software isn't configured right to start it may do something undesirable. In a small, non mission critical environment this might not be a problem.

    So if I understand you correctly, in some scenarios it shows the options disabled and it is, and in others it shows the options enabled, but they aren't?

    jlc
     
    Last edited: Dec 2, 2007
  6. ASpace

    ASpace Guest

    No , no ... I don't know how to explain it , really ...

    So , I can't help if the configuration was wrong or was showing wrong . But in your original post you say this:

    So I am telling you how to achieve this in a way only the real-time scanner will perform action . I'll try once again :thumb:

    E.g. if you now open your v3 - open the GUI (Standart mode) -> Setup -> and temporary disable protections or in Advanced mode you manually disable email and web scanning , EA will pop-up a warning window that some modules are off and that your machine might be at risk .

    In this case , you have disabled the protection but with default settings of protocol filtering the traffic is still being routed (this case routed but not scanned for threats).

    Since you want to make EA not scan mail and web traffic , I am sure you also want to make EA not display warnings all the time that email and web protections are off . So with the offered changes , I am 99.99% sure it won't display any alerts but we have also reconfigured the protocol filtering (a.k.a the local proxy part) so that it won't route the pop3 and http traffics and won't scan them.

    You get it? :thumb: :thumb: :thumb:
     
Thread Status:
Not open for further replies.