-
I need additional help with NOD32. How do I get help?
- NOD32 will not update, what should I do (and Symantec's Norton Antivirus removal instructions)?
- How long are the updates and upgrades free?
- My e-mail address has changed. Does NOD32-AV need to know about it?
- I have paid. What is next?
- I had the trial version installed before. Do I have to uninstall it first?
- What will I get with the download?
- What version of NOD32 should I download?
- How do I install the NOD32 antivirus system?
- What needs to be configured during the installation and how?
- What needs to be done after installation?
- How do I know the NOD32 system works on my computer properly?
- How does the NOD32 antivirus system work?
- How can I find out whether my NOD32 is up to date?
- How do I uninstall the NOD32 antivirus system?
- Will NOD32 Control Center automatically dial an update server?
- Can NOD32 be updated without access to the Internet?
- Error connecting to server.
- I have a problem with updating from the mirror on a Windows NT/2000/2003/XP machine. What to do?
- (121) NOD32MOD_WINNT_ENGLISH_INET
- After installing NOD32 internet access is broken.
- My NOD32 is password protected and the password does not work. How can I unlock it?
- I uninstalled an antivirus and installed NOD32. The system does not function properly (or update).
- Why is NOD32 faster than my previous antivirus?
- NOD32 shows many files with "error opening - (File locked) [4]" what does this mean?
- NOD32 specific error codes and their meaning
- How do I test IMON in NOD32 to ensure it is working properly?
- I just installed NOD32 and I am infected with Virtumonde.O and I can not remove it. What do I do?
- Definitions of Virus, Worm, Trojan, Adware, Spyware and Riskware.
- McAfee Removal Instructions for Desktop Products.
- NOD32 was installed and there is an infected dll and it can not be removed. What can I do?
- My Email account (e.g. gmail) uses port 995 (SSL) will
IMON work?
- Can I keep Norton System Works 2003 and use NOD32?
- How can AMON be configured to not prompt every time a
virus is detected?
- How can IMON be prevented from displaying a message when viruses are
found?
- How can NOD32's On-Demand Scanner be prevented from
prompting each time a virus is found?
- Why does NOD32 hang on installation?
- Error occurred while scanning active boot sector of the
1. physical disk. Error reading sector.
- Outlook does not shut down properly.
- What is the latest regarding NOD32 v2.7?
Support is free as long as a valid license is held through purchasing from computersecurityassociates.com. One can use either
support @ computersecurityassociates.com, the telephone numbers provided here, or with an instant messenger program (i.e. GAIM, Trillian, Yahoo! messenger, MSN messenger, ICQ, etc.) using nod32av @ hotmail.com, nod32av @ yahoo.com or 2052440 for ICQ.
There is also a support
request form
here.
First, one must ensure that the Username and Password that was sent by NOD32-AV is used (not ones made up by the person installing).
Then one must ensure that they are being copied exactly as given. These are case sensitive - we suggest using cut and paste to ensure
exact transcription.
This can generally happen for the below reasons.
1. Try copying and pasting the provided username/password into the NOD32 Control Center - Update-Setup boxes and retry updating.
2. Username and password have expired.
Fix: Obtain a renewal license from the purchasing page.
3. Corrupt registry entry.
Fix: Blank the current username and password and perform a manual update. Copy and paste back in the current username/password and perform a
manual update.
4. Previous antivirus program never fully removed due to an incomplete uninstall.
A. For Symantec's Norton Antivirus versions 2003/2004/2005/2006/2007 follow the instructions here.
5. Security software such as Norton Password Manager are enabled (disable and perform an update).
6. When #4 is used, it is also a good practice to run winsockxpfix to ensure internet connectivity is not lost after removal.
This will repair the TCP/IP stack which is used to communicate on the internet.
Ensure IMON is re-enabled, since this utility will disable its functionality (if run when NOD32 is already installed).
7. *** Ensure all programs are downloaded and placed in a location that is easy to find before proceeding.
8. Software Firewall is blocking NOD32KRN from inbound/outbound internet communication. Enable the NOD32KRN access to the internet.
9. A transparent proxy may be enabled at your ISP (Internet Service Provider) which may cache older update files. Please check with your ISP to see if this scenario is applicable.
If you use a commercial version of NOD32, updates of the virus signature database and program components are free for the duration of your subscription.
Even after your subscription runs out, you can still use NOD32, but will not receive further updates which is crucial for maintaining detection
capabilities of any antivirus program.
If you are evaluating NOD32 with a trial version, you will be able to update the virus signature database (not program components) during the 30-day
trial period. The only limitation of the trial version is that it does not support incremental updates. Therefore updates are always about 2 MB in size.
It is not crucial to notify NOD32-AV about the change of your email address, however, a valid email address would help us look up your license in
case you lose your username and password.
Within 24 hours (normally a few minutes) you should receive a message from NOD32-AV with your Username and Password. Using them, you will be able to download the particular
version of NOD32 you purchased from our downloads page.
Should you not receive an email message with your username and password, please contact .
Please, always enclose the confirmation email with the invoice number you should have received after the purchase.
Some E-mail providers have spam blockers (e.g. gmail, hotmail, yahoo, aol, verizon) and perceive the NOD32 license as such (because it is so popular J ).
An alternate method will be provided if this is the case and it can not be retrieved.
No, it is not necessary to uninstall the trial version before installing the commercial one. Just use the Full Version button in the NOD32 Control Center (Update-Update).
Enter in your username/password from the licensing e-mail and you will be automatically upgraded.
You will download an executable file to your desktop (or other directory that you specify) - that file must be "extracted", by simply double clicking on it, to install NOD32.
Please find out the type and version of your operating system first. Then search for the appropriate NOD32 version on our
Downloads page and download it. Do not forget to update NOD32 to the latest version
after installation by clicking on the Update button in the NOD32 Control Center.
The NOD32 installers available on our website are indeed self-extracting archives. After you download the particular installer and save it to disk,
run it from that location. The files will be extracted (by default, to C:\Program Files\Eset\Install directory) and the setup program will be
launched automatically.
NOD32 offers you 3 types of installation, each one offering you a different level of customization: Typical, Medium and Expert.
For most users it is sufficient to install NOD32 in Typical installation mode. In this mode, the installer will only prompt to enter your
username and password which will later be used for updating (or you can choose to set these parameters later).
Also, you can specify if you want AMON (the on-access scanner) to run automatically at startup.
This option SHOULD BE ENABLED unless you have another resident protection currently running.
In contrast, Medium and Expert installation levels provide more detailed configuration options. For more information on installing NOD32, please
read the setup tutorial here.
A customized installer is also available for CSA clients that automatically configures NOD32 optimized. E-mail nod32 @ computersecurityassociates.com for more information.
After NOD32 has been installed, it is highly recommended that you immediately update the virus signature database to the most current version in order to get maximum protection capabilities. It is also highly recommended to read through the setup tutorial here.
The most crucial module, which should be running all the time, is the on-access scanner AMON. Having it running is indicated by a white-green icon
in the lower-right corner of your screen (hide inactive icons may be turned on which may deter NOD32 from showing - please turn this option off).
Basically the system functions in two ways:
First, the conventional "identification by signature or file name" which is common to all current antivirus programs.
Second, by using heuristics (standard or advanced) to check other file characteristics which may be indicative of malware.
The version number of the currently installed virus signature database appears in the status window of all NOD32 modules as well as among
NOD32 System information. If your NOD32 is out-dated, a pop-up notification window will appear at NOD32's startup.
To ensure one has the most current version installed, visit our website www.computersecurityassociates.com and compare the version number provided by your NOD32 with
that listed on the website.
Alternatively, you can connect to the Internet and press the Update now button manually. NOD32 will subsequently be updated to the most current
version, or you will get a message that your NOD32 is up to date (when not running in silent mode).
NOD32 can be uninstalled directly from the Start menu - Programs (All programs) - Eset - Uninstall, or
through Start - Settings - Control panel - Add / Remove programs.
No, at the time an update is to be performed it's crucial to have a connection to the Internet already established.
Yes - typically one computer in the network is set up as the update server - that computer is linked to the Internet and is updated from the
NOD32 servers.
Other computers in the network go to this update server for updates. For more information, please read the Guide for network administrators.
NOD32 was not able to connect to an update server. Please check the following:
1. Ensure an Internet connection is already established before you perform update.
2. Ensure a correct server is selected from the pull-down menu in the Update setup (if you update NOD32 from the Internet, it should be
set to Choose automatically).
If you update NOD32 from a local network and encounter this error, please contact your network administrator for the exact path to the mirror .
3. If you are using a firewall, ensure the NOD32krn service is permitted access to the Internet.
4. If you are using a proxy server, ensure the connection parameters are set properly in the advanced Update setup -
LAN setup (if the proxy server requires authentication, make sure a correct login name and password are specified).
5. If you are not using a proxy server, ensure the use of proxy server is disabled.
6. There are more than 1 (one) NOD32 update servers. From time to time a server may become overloaded with requests or have maintenance performed.
When that happens, the server will error out and proceed to the next update server. Generally this is not cause for alarm unless it is happening for all servers in the list.
Should the problem persist, please contact nod32 [@] computersecurityassociates.com.
There are three possibilities as how to accomplish the update in a network environment:
Updating via HTTP
Updating via Windows shares using the system account
Updating via Windows shares as the currently logged in user
For more information on updating NOD32 in a corporate network environment, please read the Guide for network administrators found on the downloads page.
Means IMON could not install. Removal of some programs also removes critical windows files. Run "sfc /scannow" from the Run prompt.
Ensure any security programs are disabled.
Have the original Windows installation CD on hand (may be prompted to insert depending upon the installation method of Windows).
This can occur for many reasons. Typically another software program has written to the TCP/IP stack and has either not fully removed itself and broken
the entries with non-existent files and/or settings. Running the tool found here should repair the TCP/IP stack allowing internet access to function
.
My NOD32 is password protected and the password does not work. How can I unlock it?
Run the utility found here. Copy the code into an e-mail and send to nod32 @ computersecurityassociates.com. An unlock code will be sent (only for nod32-av (CSA) clients).
Ensure to include your username and original e-mail address.
I uninstalled an antivirus and installed NOD32. The system does not function properly (or update).
When an antivirus is uninstalled from a computer, many times (depending on the configuration used) critical windows system files will be removed.
Have the Windows installation CD ready and type "sfc /scannow" (without the quotes) from the Start/Run line. If after running, the system asks to reboot,
critical windows files (and/or settings) have been replaced (or re-installed) to their stable versions.
Why is NOD32 faster than my previous antivirus?
NOD32's core is written in assembly (the closest to binary, which is the language of a computer) making it the fastest antivirus in the world. More on assembly here.
Other higher level programs (Antivirus in general) must run through more CPU cycles to be decoded (interpreted) and used by a system. NOD32 allows a
system to run as fast as it can (using less resources - CPU cycles/Memory) while being protected from threats.
NOD32 shows many files with "error opening - (File locked) [4]" what does this mean?
NOD32 passes information from the Operating System regarding which files can not be accessed for scanning. Typically these files are in use by
the Operating System itself and can not be scanned. Files may also be encrypted (or password protected), not allowing access (i.e. Adaware,
SpyBot S&D and other security programs).
This is normal for any On Demand scanning antivirus program. Why do you need to see it? If NOD32 was downloaded to an infected system, some files may be
inaccessible (infected, or the infection itself) through normal windows. This will help in the troubleshooting process if needed. Well-trained eyes can diagnose
the issue to help recover the system to a non-infected state.
Rebooting into safe mode and running a Scan & Clean will generally eliminate the threat.
Always disable System Restore when attempting to clean an already infected system. This will eliminate the ability of System Restore to put the infected file(s)
back during the boot process after a Scan & Clean has been performed and a reboot is necessary.
Here are some examples of Operating System files (or encrypted/password protected) that are in use and can not be accessed for scanning.
C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\DEFAULT.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\SYSTEM.ALT - error opening (File locked) [4]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph7.bmp - error - password-protected file
NOD32 specific error codes and their meaning.
Error and Meaning
101 administration rights required
102 no configuration file specified
103 lack of memory
104 old version of the Operating System
105 cannot create a temporary folder to extract the installation files
106 error extracting files
107 internal program error
108 attempting to overinstall with an older component
109 internal program error
110 internal program error
111 cannot create a file on the disk
112 internal program error
113 internal program error
114 SETUP.XML corrupt or missing
115 the current version not compatible with the old version (you need to uninstall the old version)
116 error writing to the operating system registry
117 upgrade required
118 attempting to overinstall with a different language version (uninstall the previous version first)
119 corrupt uninstall file
120 registering service error
121 component installation error
122 cannot install a certain component to the computer
123 attempting to install the trial version again error
124 wrong Operating System, the installer is intended for the Windows NT/2000/XP/2003 Operating System
125 wrong Operating System, the installer is intended for the Windows 95/98/ME Operating System
Try any of these downloads. If IMON is functioning properly, these files should be blocked from getting to the hard disk drive (typically C:).
These are not live viruses, but test viruses that can not cause any harm even if run.
Test 1
Test 2
Test 3
Test 4
Virtumonde.O has the same characteristics as the Agent.CS Trojan.
Eset has a cleaner developed by Paolo Monti of Italy to remove. Which is much easier than the difficult removal instructions found on the internet.
Download the file here.
Extract the zip file to a directory on your hard drive.
Run the utility (AGCSCLEAN.exe). The cleaner will not find the Agent.CS and will ask for the location of the .dll file. NOD32 will have a window showing the location.
Browse to the file and select it. A reboot must occur after running the utility. **This utility only works on Windows 2000 and above.
The warning should now be gone. Registry entries created by Virtumonde.O are also removed.
Thank you Paolo!
Virus - A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Worm - A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down. Trojan - A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy. Adware - A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns. Spyware - Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today. Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability. Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers. Riskware - Possibly a legitimate program used for nefarious purposes. mIRC is well known for being used in such a manner to allow unscrupulous people to access a computer for their own purposes (e.g. uploading and downloading files for use by others in an mIRC channel).
Download the file located here and extract to a directory of choice. Run the undll.exe file extracted to the directory of choice. It may be necessary to turn off AMON's detection of the file for the cleaning process to complete.
Currently there is not an antivirus program that can natively scan SSL (Secure Socket Layer) connections (they are encrypted). However, a program named STunnel could allow
the intervention necessary to scan before entering your inbox. We do not support its usage, but you are welcome to test it yourself. Even without the scanning of SSL mail, AMON,
the resident scanner will still intercept infiltrations when executed.
It is possible. Follow the guidelines here. After removing and before installing NOD32, run the winsockxpfix program.
If you do not wish to see alerts from the Activity
Monitor (AMON) each time a computer virus or other threat is found, you can
configure it to automatically clean infected files or move them to the
Quarantine folder, in case a file cannot be cleaned.
Here is how to configure AMON to do
this, step-by-step:
- Open the NOD32 Control Center
window by clicking on the white and green NOD32 icon
in the System Tray (next to time in the lower right hand corner of the
screen).
- Click on AMON under Threat Protection Modules.
The AMON - File System Monitor window will appear.
- In the AMON - File System Monitor
window, click on the Setup button, The AMON Setup
window will appear.
- In the AMON Setup window, go to the
Options tab and enable (check) the Move to
Quarantine option.
- In the AMON Setup window, go to the
Actions tab and make sure Clean automatically
is selected and enable (check) the Move newly
created files to Quarantine option.
AMON has now been configured to automatically clean
files of computer viruses and other threats without prompting the user for
an action to take.
NOTE: The actual operation
performed by AMON when the Clean automatically option is selected
will vary based on the type of threat found. For example, NOD32 will attempt
to
disinfect "classic"
parasitic file-infecting and boot sector viruses by removing the viral code
from the infected object and re-writing the cleaned (disinfected) object
back to the disk.
On the other hand,
most forms of "modern" spyware, Trojan horses, worms and other malicious
programs are entirely self-contained and contain no beneficial program for
NOD32 to disinfect.
When AMON detects
this type of threat, it will clean the file by removing it from the system.
If you do not wish to see alerts from the Internet
Monitor (IMON) each time a computer virus or other threat is found in your
mail client or web browser, you can configure IMON to automatically clean
virus-infected files,
move them to the Quarantine folder or delete them.
Here is how to configure IMON to do
this, step-by-step:
Email Account (POP3)
- Open the NOD32 Control Center
window by clicking on the white and green NOD32 icon
in the System Tray (next to time in the lower right hand corner of the
screen).
- Click on IMON under Threat Protection Modules.
The IMON - Internet Monitor window will appear.
- In the IMON - Internet Monitor
window, click on the Setup button. The IMON Setup
window will appear.
- In the IMON Setup window, go to the
Miscellaneous tab and click on the Setup
button near the bottom of the window. The Scanner Setup window
will appear.
- In the Scanner Setup window, select
the Actions tab. For each type of object checked by
IMON (Archives, Email, Files, Runtime Packers and Self-Extracting
Archives) change the action performed from "Prompt for an action" to a
different one, such as "Clean" or "Delete."
Web Browser (HTTP)
- Open the NOD32 Control Center
window by clicking on the white and green NOD32 icon
in the System Tray.
- Click on IMON under Threat Protection Modules.
The IMON - Internet Monitor window will appear.
- In the IMON - Internet Monitor
window, click on the Setup button. The IMON Setup
window will appear.
- In the IMON Setup window, click on
the HTTP tab.
- In the Actions section, about
half-way down the window, select Automatically deny download of
file.
NOTE: If IMON does not appear to work correctly
with your web browser, try clicking on the Client Compatibility
button and changing the setting for your particular web browser from "Higher
Compatibility" to "Higher Efficiency."
Back to Top
If you do not wish to see alerts from the NOD32's
On-Demand Scanner each time a computer virus or other threat is found, you
can configure it to automatically clean infected files and system areas,
or move files to the Quarantine folder or delete them.
Here is how to configure NOD32's
On-Demand Scanner to do this, step-by-step:
- Open the NOD32 Control Center
window by clicking on the white and green NOD32 icon
in the System Tray (next to time in the lower right hand corner of the
screen).
- Click on NOD32 under Threat Protection
Modules. Click Run NOD32.
- In the NOD32 On-Demand (Manual)
Scanner window click on the Actions tab.
- On the Actions tab, select
each type of object checked by NOD32's On-Demand Scanner (Archives, Boot
Sectors, Email, Email Folders, Files, Runtime Packers and
Self-Extracting Archives) and change the action performed for each
object from "Prompt for an action" to a different one, such as "Clean"
or "Delete."
Once you are finished making changes, click on the
Scan & Clean to perform a scan for viruses. You should no
longer be prompted to perform an action when an infection is found.
After the Scan & Clean has been performed and a prompt
to save settings is initiated, click Yes.
Back to Top
The most common problem is that Norton Password
Manager is enabled. Disable Norton Password manager and the
installation should proceed normally.
Back to Top
A card reader is attached to the machine with no card
inserted (included would be a Zip drive).
System scan is performed using the account of a
limited user.
A special boot manager or similar program that alters
boot sectors is installed.
Back to Top
Delete the extend.dat file located here: %userprofile%\Local
Settings\Application Data\Microsoft\Outlook
Open Outlook.
Click on Tools then Options.
Click on the "Other" tab at the top
Click on the "Advanced Options" radio button
Look through the "Add-In Manager" and "COM Add-Ins" for remnants of other
antivirus or removed programs and remove.
Back to Top
The following
are FAQs as they relate to the latest release of ESET's NOD32.
-
What are the
new features in ESET’s NOD32 v2.7?
Support for Windows Vista
ESET was one of the first Anti-virus vendors to offer comprehensive
64-bit support to both home and enterprise users in June 2005. ESET
is also one of the first to offer full Windows Vista compatibility
with Version 2.7. Despite the highly publicized disagreements
between some security vendors and Microsoft, ESET has found little
difficulty in preparing a product for Vista. ESET core developers
worked closely with Microsoft HQ in Redmond to ensure that NOD32
would be compliant with the new security measures in Vista and fully
compatible with the platform when it is released.
Anti-Stealth Technology (Rootkit removal)
Rootkits are now frequently used to hide malicious
processes and files. The Anti-Stealth technology in ESET NOD32 v2.7
helps the on-demand and startup scanners to see the “real world”
instead of false one presented an active rootkit. NOD32’s
ThreatSense can then use signatures and heuristics to detect and
remove these threats. It is transparent to users, and it is turned
on by default.
New Categorizations of Malware objects
NOD32 v2.7 takes new steps to control Adware and Spyware, in the
form of an overhaul of our malware classification system to provide
more granular threat assessments: The renamed Potentially Unsafe
Applications and a new classification, Potentionally Unwanted
Applications, added to identify low-risk threats. There is an
arguable distinction between Adware and Spyware, one that can pose
tricky legalities for anti-malware companies. By redefining
“Grayware” to more generally account for this distinction, NOD32
provides greater granularity of control to customers while more
accurately defining this increasingly foggy area.
-
What is the
cost for upgrading from the current version of NOD32 to v2.7?
NOD32 v2.7 is being offered free of charge to all of existing
customers with a valid NOD32 license. NOD32 v2.7 can be downloaded
from our web site and reinstalled over your current version, It will
also be delivered automatically as a program component update in
about three to four weeks, in mid-December, 2006.
-
How does NOD32
v2.7 compare to other Vista compliant solutions in the market?
|
Vendor
|
Compliance |
Status
(sources of information publicly available on the
Web) |
|
Avast |
1 |
Available on
all antivirus editions |
|
CA
|
0 |
CA Anti-Virus
2007 in Beta |
|
ESET
|
1 |
Now available
in NOD32 v2.7 |
|
F-Secure |
0 |
F-Secure
antivirus for Windows Vista 7.00 beta, F-Secure corporation
available for Vista |
|
Grisoft
|
1 |
AVG Anti-Virus
7.5 and AVG Anti-Virus Free Edition – Vista ready
|
|
Kaspersky |
0 |
No date yet,
developers working on it |
|
McAfee
|
½ |
VirusScan
Enterprise Release Candidate 8.5i |
|
Microsoft |
0 |
Windows Live
OneCare 1.5 now in Beta |
|
Softwin
|
0 |
BitDefender
Internet Security 10.1 now in Beta |
|
Sophos
|
0 |
Couple weeks
after Vista release (Sophos antivirus v6.5) |
|
Symantec |
0 |
Enterprise
edition-30 days after Vista release, Home users – beginning
of 2007 |
|
Trend
|
0 |
PC-cillin for
Windows Vista still in Beta (5/23 – 12/31) |
-
Do I need to
uninstall the current version of NOD32 v2.5 before upgrading to the
new v2.7?
No, you do not need to uninstall your previous version of
NOD32. NOD32 v2.7 installs seamlessly over NOD32 v2.5.
Alternatively, you can simply wait for the PCU in December.
-
Is antivirus
software needed for Microsoft Windows Vista?
Microsoft Windows Vista is Microsoft's first consumer
operating system built from the ground up with security in mind and
also introduces a least privilege security model (called "User
Account Control" under Windows Vista.) These methods will only
reduce the risk of malware under Vista compared with previous
versions of Microsoft Windows, not prevent it entirely.
Anti-virus software will still be required for Microsoft Windows
Vista. For more information, please visit the “Security in Windows
Vista” page on Microsoft's web site.
-
Is ESET running
any special deals for the purchase of NOD32 v2.7?
Yes, for the gaming industry we are currently running a
2-for-1 license purchase. Existing 2.5 product boxes are available
at a 35% discount: 2-year business licenses can be purchased before
12/31 and you receive an extra 6-months. Purchasing a 3-year license
provides you with an additional 9-months. Contact your Channel
Manager.
-
I have an
inventory of 2.5 boxes – what do I do with it?
ESET will supply all of the distributors of ESET NOD32 with stickers
for their remaining NOD32 2.5 inventory. They indicate that there is
a FREE upgrade to v2.7. Distributors interested in securing stickers
should contact their Channel Sales Manager.
-
Do I have
to teach my users about rootkits to protect them?
No, rootkit protection takes place seamlessly, under-the-covers.
Switched on by default, the Anti-Stealth technology finds and
protects against infections automatically. Users are notified that
a new threat has been detected and are asked to confirm cleaning
procedures, just like their current NOD32 protection.
You can also educate yourself by reading this white paper
http://www.eset.com/download/whitepapers/Whitepaper-Rootkit_Root_Of_All_Evil.pdf
-
Is a new
version of Remote Administrator required to manage NOD32 v2.7?
NOD32 v2.7 can be managed by the current release of Remote
Administrator (v1.0.11); however, anti-stealth technology and more
granular malware classification settings cannot be managed through
it. By default, the anti-stealth technology in NOD32 is enabled.
If you use the current version of Remote Administrator to deploy or
manage computers running NOD32 v2.7, anti-stealth is automatically
enabled on them. See next question, below.
-
When will a new
version of Remote Administrator be available?
This new version of Remote Administrator to manage NOD32 v2.7's new
features is currently in beta test and will be available
approximately two weeks after NOD32 v2.7 is released at the end of
November.
-
Are the new
anti-stealth technologies in NOD32 v2.7 implemented into existing
modules, as new modules or through a companion product?
NOD32 v2.7's new anti-stealth rootkit detection
technologies are integrated right into the existing program as part
of ThreatSense, are enabled by default, and can be managed through
the NOD32 Control Center interface.
-
Do other AV
solutions have Rootkit protection now?
Many AV vendors claim to have protections against rootkits. Most
either detect that a rootkit already known to them is trying to
install, or that a number of obscure processes may be hidden
rootkits, without any way of removing them. That is, they can
protect against some rootkits as they’re being installed, but not
against active rootkits already on the system. Active, already
installed rootkits were usually impossible to detect from inside the
operating system.
NOD32 v2.7 technology now works against Active rootkits, which was
difficult before. On-demand/on-access scanners have a real view of
all processes, regardless of the stealth activity of the rootkit.
NOD32’s integrated Anti-Stealth Technology allows NOD32 to bypass
rootkit hooks, seeing the real program output. It is also
transparent for users – Users don’t have to understand how it works,
or learn new habits to combat the newest rootkit threats.
-
Does NOD32 work
with Microsoft Windows Vista?
I’ve heard that other antivirus programs are not compatible with it.
The key issue with Vista for most AV vendors is the enhanced
restrictions of Kernel Patch Protection (sometime referred to as
PatchGuard). Kernel Patch Protection is not a new security feature
in Vista – it was originally implemented in the first Windows 64 bit
systems. This is not a problem for ESET and NOD32, since these
issues were addressed for the first NOD32 versions compatible with
64-bit Windows in 2005. Other, mostly larger AV companies rely on
patching the kernel directly, or “kernel hacks,” to operate. This
has ALWAYS been discouraged by Microsoft as inherently unsafe.
As NOD32 does not require taking over or bypassing the Windows
Security Center, as do other AV products, Windows Security Center
integration will pose no additional problem for v2.7. NOD32 is
compatible with the Windows Security Center in Microsoft Windows
Vista. It does not take over, bypass or otherwise interfere with it
as do some other anti-virus products.
ESET has a working relationship with Microsoft, unlike some other
anti-virus companies. NOD32’s architect and core developers worked
directly with Microsoft to ensure compatibility with Vista's new
security model. In fact, ESET is already in the process of applying
for "Certified for Vista" compatibility.
-
Does NOD32
appear in the Windows Security Center?
After it has been installed, NOD32 will appear in the Malware
Protection section of the Windows Security Center:
-
Is NOD32 v2.7
faster or slower than previous versions? What about memory usage?
There is only a negligible increase in size. The v2.7
installation will typically consume 23/24MB of RAM and installed
package size is comparable with the current versions of NOD32. Note
that other competitors have recently reported smaller memory
footprints, but those claims ignore the larger impact they put on
page-pull memory. And in testing based on Canon, Inc, performance
test methodology, NOD32 still remains the best product for low
performance impact on the system.
-
In some cases,
NOD32’s anti-stealth technology may not be fully compatible with
your system. Listed below are messages you may receive from NOD32
when this occurs, and steps to take to troubleshoot them.
Here is a list of new messages in NOD32 v2.7, along with
troubleshooting information:
Message: "Anti-Stealth technology is enabled.
Reason: This message is displayed if the NOD32 On-Demand Scanner is
operating using anti-stealth technologies.
Steps to troubleshoot: None. It is normal for NOD32 to display this
message.
Message: "Anti-Stealth technology initialization
failed. The Anti-Stealth technology is working in restricted mode."
Reason: This message is displayed if the NOD32 On-Demand Scanner is
started from an account with restricted privileges. In order to
operate correctly, NOD32's anti-stealth technology must run with
SYSTEM privileges.
Steps to troubleshoot: Reinstall NOD32 from an Administrator account
and re-run the scan.
Message: "Anti-Stealth technology initialization
failed. The Anti-Stealth technology is working in limited mode."
Reason: This message may be displayed when the
NOD32 On-Demand Scanner is run under Microsoft Windows 95, 98SE or
Me. Some of the anti-stealth technologies used by NOD32 are not
compatible with these operating systems and NOD32 will display a
warning message when run under them.
Steps to troubleshoot: None. These operating systems are not
compatible with all of the anti-stealth technologies used by NOD32.
NOTE: If NOD32 is run in a virtual environment or
used in conjunction with security tools designed to quarantine,
sandbox or otherwise virtualize access to the operating environment
then warning messages may be displayed saying the Anti-Stealth
technology cannot be initialized. This is normal behavior for NOD32
when used in conjunction with these types of programs.
-
How does
NOD32’s Anti-Stealth technology work?
NOD32's anti-stealth technology uses a variety of techniques to
bypass the changes made by rootkits to operating systems to mask
their presence. API hooks, Interrupts, SysCalls and other techniques
used by rootkit authors to wrest control away from the operating
system are negated, allowing NOD32 to see the rootkit using its
On-Demand and On-Access (AMON) scanners.
-
What new
command-line options are available in NOD32 v2.7?
NOD32 v2.7 introduces two new command line options for the
On-Demand Scanner, /UNWANTED and /ANTISTEALTH.
Adding /UNWANTED to the command-line tells NOD32 to check the target
being scanned for Potentially Unwanted Applications (or PUwA, for
short). By default, NOD32 does not check for Potentially Unwanted
Applications because they are a classification for low-risk threats.
Adding /ANTISTEALTH+ to the command-line tells NOD32 to use
Anti-Stealth technology when checking the target. By default,
NOD32's On-Demand Scanner does check targets using Anti-Stealth
technology. To disable it, specify /ANTISTEALTH- on the command
line.
-
What Rootkits
does NOD32 v2.7 protect against?
NOD32 protects against a variety of rootkits, including FU,
HackerDefender, AFXRootkit, and Vanquish. A comprehensive report
discussing NOD32 v2.7's ability to protect against specific rootkits
will be available in a few weeks.
-
What kind of a
threat is a rootkit?
A rootkit is a program (or set of programs) designed to hide itself
and possibly other, companion programs from being detected on an
infected computer. Originally the term was used to describe existing
binary program files on UNIX-based systems which had been modified
to hide the presence of unauthorized users, allowing them to
re-enter the system at any time with "root" privileges (the highest
level allowed on a UNIX system). Today, the term rootkit is most
often used to describe discreet programs for Windows-based systems
that use "stealth" techniques to mask their own presence as well as
that of other software such as adware, keyloggers, remote access
tools, spyware and other forms of malicious software. While this
technique is not new, it has become more prevalent today. Rootkits
allow attackers to stay in control of affected computers longer,
which means increased access to information from the compromised
host and possibly a better revenue stream from adware and browser
hijacking.
-
Does NOD32 have
to be specifically able to identify a rootkit to protect against it,
or can they be proactively dedicated by NOD32’s heuristics?
A combination of both, actually: NOD32's anti-threat technology
works against both known and unknown rootkits. During its creation,
the technology was successful in proactively detecting new,
previously-unknown rootkits. However, just like the other
components in NOD32, the anti-threat technology will be updated as
the threat landscape evolves.
Back to Top | 
