Shell Power for NOD32 2.0

Discussion in 'NOD32 version 2 Forum' started by Paolo Monti, May 31, 2003.

Thread Status:
Not open for further replies.
  1. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Did you do a copy and paste of the password, or type it manually?

    I suggest the former. Also, an accidental space at the beginning or at the end of what you copied could already cause trouble (as I've found myself...)
     
  2. yvonne

    yvonne Registered Member

    Joined:
    Apr 6, 2003
    Posts:
    11
    IMPORTANT NOTE: The latest version of the virus definition database must be downloaded immediately after the installation has been completed to ensure the highest detection capabilities of the system.
    The username/password for NOD32 version 1 is valid also for version 2.

    SUCCESS!!!!! Thanks to Mr Wilders and Mr Klein!!! :-* :-*

    Now does this note above mean there is something else I need to download? You guys are great and I feel very fortunate to have found this site!!!
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Hi yvonne,

    Good! credits go to teh honourable Mr. Tony Klein ;). The name is Paul, btw ;)

    As for NOD32: just make sure you'll have the software configured properly, and check for/download database updates regularly - at least once a day.

    On behalf our our team: thanks for the compliment!

    regards.

    paul
     
  4. uni

    uni Guest

    Just installed this shell extension, and I cannot log on to the eset server for updates, anyone else have this problem?

    I get the message [move][glow=red,2,300]server connection failure[/glow][/move]
    o_O :doubt:
     
  5. uni

    uni Guest

    [move]
    Disregard previous post have located and fixed the problem[/move]

    :cool:
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    Is this shell extension (and more properly, the "/ah" parameter in general) no longer needed, now that NOD32 2.0 has a "/heurdeep" command line parameter, and also the capability to enable "deep heuristic" right within the interface?

    The "/ah" parm isn't documented, so far as I can tell. My guess is that "/heurdeep" replaced it.
     
  7. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    /ah isn't yet documented but that's the new advanced heuristic option in NOD version 2. Previously NOD 1 only had the Safe, Standard and Deep Heuristics sensitivity levels. Those are still available in NOD 2, but Advanced Heuristics is, well, advanced. ;)
     
  8. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Just so this is clear to me... :p

    Would someone kindly confirm that:
    • deep heuristics is not the same (as thorough?) as advanced heuristics (/ah)?
    • advanced heuristics is typically available only as an on-demand activity, using Paolo Monti's shell extension?
    • /ah is not available (for whatever reason) as an option during NOD32's continuous on-access activity?
    • /ah as a constant on-access option is unfavorable because of the slowdown likely to be experienced, regardless of OS or environment?
    Many thanks
    Optigrab
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,285
    Location:
    New England
    This is true. Deep heuristics is different than (and not as powerful as) Advanced heuristics. See this screen shot that shows deep heuristics selected on the Amon setup screen. But, there is no setting available in AMON for Advanced heuristics.

    Not completely true. Yes, for the on-demand NOD32 scanner, you need to use Paolo Monti's shell extension to get AH to be used (or setup the command line switches yourself). However, Advanced heuristics are enabled and used by default in IMON (and EMON, too I believe).

    Correct. At this time AMON (which handles the on-access file checking) does not and can not use Advanced heuristics.

    I don't believe Eset has actually stated that directly. (Maybe they did and I missed it.) However, I think everyone assumes that a slowdown would occur because of reports from those who've tested scanning a massive number of files on a server both with and without /AH set, and there is a definite slowdown. So, I believe it seems logical that there would be some impact on a continuous resident module like AMON.
     
  10. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Many, many thanks LWM, you've cleared things up for me nicely! :D My only follow-up comment:

    It seems that various comments that praise NOD32's advanced heuristics capabilities (sometimes as a counterpoint to NOD32's supposed 'weaknesses') really imply careful use by the user. Users relying on the on-access scanner alone -deep heuristics or not- are not taking advantage of this lauded strength of NOD32. One must continue to rely on the 'safe hex' habit of on-demand scanning consistently.

    I apologize if I'm very late to the party with this observation. I installed the /ah shell option quite a while ago, but apparently didn't fully understand the importance of relying on it.

    Thanks again
    Optigrab
     
  11. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    I really hope those comments aren't accurate. A user should not have to use undocumented and difficult-to-use tricks in order to get good performance from his anti-virus software.
     
  12. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Hi Nameless,

    I didn't mean to imply that a user wouldn’t get "good" performance out of NOD32 with regular heuristics. I'm not qualified to make such a statement and my impression from lurking here at Wilders is that users (like myself) feel they are protected with NOD32's on-access scanning.

    What I did mean is that I've read many instances of NOD32 fans touting its advanced heuristics as a particular strength that sets it apart from other fine AV's. A NOD32 user must be aware that this advantage applies to their situation only if they consistently rely on 'on-demand' scanning with advanced heuristics.

    The expert who believes that "safe hex" practices should be maintained regardless of how good the AV is, probably wouldn't consider this surprising or an inconvenience.

    Regards,
    Optigrab

    P.S. I made a mistake in the post that you quoted. I meant to say:
     
  13. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I can't imagine NOT using advanced heuristics nor can I imagine not practicing safe computing. In fact, without advanced heuristics, I don't know if I would have NOD32 any longer as I do not use IMON as it is redundant and unnecessary, but I do use advanced heuristics and it is absolutely necessary IMO. I NEVER, EVER open a downloaded file or an email attachment without first saving it to disk and then scanning it via advanced heuristics. This is safe computing and should always be practiced by all users.

    IMON causes, as all av email scanning programs do, a lot of problems. My ISP, Road Runner, asks that we turn off all email scanning as does Microsoft recommendations for Outlook Express. AV scanning of OE mail is the number one breaker of OE. Just save those attachments to disk and scan via advanced heuristics before opening. Much better for the health of your email program.
     
  14. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    Advanced heuristics are that powerful? Good to know!

    I also don't run IMON. I run Apache 2 on my WinXP system, and I've found that running IMON makes images fail to deliver properly from Apache (even if I try browsing locally). Users see lots of those lovely red Xs, and constantly have to refresh the page. That sucks.

    Getting back on topic... I, for one, really hope that AH is built into the interface sometime soon. I hate having to use a command line or shell extension to invoke it. For one thing, when you use the command line, you override all other profile settings. And since not all options are configurable with command line options, you end up having to take the defaults on certain things. That sucks, too!
     
  15. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    Well, just for the record, I have zero probs with IMON & OE :)
     
  16. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    I also have not had any problems with IMON & OE.

    Putting all of your faith in the advanced heuristics is not wise.
    I have used it to scan zipped files, archives, etc and it has not always caught the critters lurking within.


    gj
     
  17. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    And, for the record, I just installed NOD32 2.009, and found the problem with Apache was still there. I then added APACHE.EXE to IMON's exclusion list, and it corrected the problem--even with IMON set to its maximum efficiency setting. (Was the option to exclude applications available in NOD32 2.006?)
     
  18. DiGi

    DiGi Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    114
    Location:
    in the middle of nowhere
    No, it is with new packet worm filer one of new features in 2.000.9
     
  19. angelo_lopes

    angelo_lopes Registered Member

    Joined:
    Mar 6, 2004
    Posts:
    145
    Location:
    Porto, Portugal
    Why does everybody (and also ESET) says IMON is only about checking e-mail?
    Every Monday, when I check the Remote Administrator console in my firm I see things like this, broughten buy laptop users:
     

    Attached Files:

    • lsan.JPG
      lsan.JPG
      File size:
      57.2 KB
      Views:
      4,292
  20. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    Yes, IMON blocks/logs some exploit attempts too..

    That is a (quite) recent addition to IMON. More features are also expected soon.

    Best regards,
    Anders
     
  21. Adam

    Adam Guest

    Just to be clear:

    Using this shell adds the Advanced Heuristic on top of the other, pre-defined settings for the Context Menu profile, correct?

    In others words, if I add features in the Context menu Profile (e.g. deep heuristics, more items to diagnose - email, archives, etc.) - all that will get added on top of using the advanced heuristic?

    When I use it, this definitely appears to be the case. I assume advanced and deep heuristic are separate and additive?

    -Adam
     
  22. Spin

    Spin Guest

    Is this shell extension relevant to the current NOD32 v2.000.9 release? I see a right-clickable shell context option in Windows Explorer that can run scans on individual or multiple selected files manually. After the scan runs on the selected files, the "Setup" tab shows my default profile settings for "Deep" heuristics as expected.

    Am I missing something here? Does this shell extension (dated June 2003 by the way) do something that the current NOD32 release does not?

    Thanks in advance,
    Spin
     
  23. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Hi Spin

    The Advanced heuristics shell extension is still applicable to the latest release of NOD32. Please refer to my posts above and particularly LowWaterMark's reply, excerpted here. The shell extension offers "Advanced heuristics", as opposed to the "deep heuristics" setting that you've mentioned.
    Regards
    Optigrab
     
  24. Jaska

    Jaska Registered Member

    Joined:
    May 7, 2004
    Posts:
    98
    I found a registry key for Nods32 scanner HKEY_LOCAL_MACHINE\SOFTWARE\Eset\Nod\CurrentVersion\Modules\NOD32\Settings\Config001\Scanner\adv_heur_enable

    I changet the value 0 to 1. Am I now using adv.heur as defaul with on-demand- scanning?

    Jaska
     
  25. Minix

    Minix Registered Member

    Joined:
    May 27, 2004
    Posts:
    3
    After reading all posts within this thread I've got a question about parameters. Default is /ah /all /shext ... What should be added to scan all kind of files / all types of files including archives, runtime packed files, mail files, mailbox databases, all boot records, memory ...

    I want to really scan all things possible using /ah without missing anything.

    Thanks
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.