NOD32 6.0.316.0 - Why user settings are not obeyed?

[just_a_tech 0]

Hi,

I'd like some technical answers to problems I have using NOD32 Antivirus version 6, 30 day trial version 6.0.316.0

Running on Windows XP with all service packs and updates.

 

NOD32 Antivirus seems like a fine product in so many ways, but unfortunately unless I can 'tame it' I will uninstall it rather than buy it.

 

I'm posting this so you can identify the problem, or make changes to it, so it will obey settings.

Or if its not going to be changed, tell me if beta version 7 has the same issues.

 

I am a very experience technical user

 

The problem I have is no matter what settings I put in advanced, NOD32 tries to update itself. And I do not want that. I only want manual updates.

In other words I wish it to do nothing until I select "check for updates". That's it.

 

Currently I actually have to block NOD32 from connecting to th internet for updates, I disable via my 3rd party (not a Eset product) firewall.

 

The reason I have settings like I do is I'm a very advanced user and I absolutely detest software that tries to "do things on its own". Or uses too many resources.

Eset seems good at low resources when it stays tame, but not when allowed to run wild with all the default settings.

Typically software that does stuff on its own (like connecting to internet) does so at the absolute wrong time. And unfortunately this seems to be the case with NOD32. Or maybe there is some setting I missed?

 

I've been working on several projects, requiring internet (otherwise I just turn my network  device off completely) , and programming something, very involved and at a critical moment, when I need the resources and there goes NOD32 trying to connect. And after I manually updated just a few minutes or hour ago. Its extremely annoying.

 

The settings I have;

 

Computer:

Real-time file system protection - enabled

HIPS - enabled

Anti-Stealth - enabled

 

Web and email

- all disabled

 

advanced settings, advanced setup, selected profile

there is a trial username and password

the radio check button is on regular update

 

(There doesn't seem to be any setting for 'no updates' at all)

 

advanced update settings,

update mode, program component update:

- never update program components

 

- never restart computer

 

regularly check for product version - unchecked

 

Eset Live Grid

- checkbox off

 

System updates,

notify about missing updates from level;

- no updates

 

idle state detection

- all checkboxes off

 

Thanks for any assistance.

 

(..I slightly edited for grammar)

Edited October 3, 2013 by just_a_tech

[SweX 871]

Hello and welcome.

 

It may not matter as much to you as it would to the average users. But I remember a post a while back where ESET said that if one chose to disable the Web protection in the product you disable around 40% of the protection. 

 

If I read correctly did you also disable the automatic traditional VSD (virus signature database) updates too that pings the update servers every 60 minutes?

 

ESET products starting in V6 get's real-time updates every 2-5 min, you may have disabled these too. But I'm not sure, since I don't know if they are connected to a module and/or setting in the product.

 

ESET may guide you further.

 

 

 

[just_a_tech 0]

Please note,

 

In all fairness I should apologize if made the wrong title to the topic, since I can't seem to find a definative answer to 'how to switch off all updating' - which is probaly what the topic should say

 

However, I have to say I went through every setting I could find many times and thought I had it set to switch off practically everything - yet still it was trying to connect to update.

Now, I find that since over 1 hour it has not attempted any connections. Strange. Maybe I changed a setting that 'worked' somehow?

On the other hand from what I've noticed this product is 'smart' and it my be my own perspective is incorrect, but it appeared to me that it tried to do what it wanted even if it means subverting the the user commands. The reason I say that is when I turned off various things, the behaivor of the program became different in the ways it would attempt to connect either at login or later.

The more I attempted to (reasonably - eg. process explorer, firewall, etc) monitor the program's actions it seemed it become more reactive. Thus I frankly got even more suspicious. I attributed this perhaps incorrectly to it being a trial product that was tracking the use of itself and the user reporting that back.

That coupled with the thought I actually had set settings that would stop all updating and finding it still trying to update I decided enough was enough and to put the company on the spot to answer directly the question.

I even though of asking someone in the security privacy industry to examine the program behaivor for irregularities.

 

Now after further examination I think it may be just a combination of bugs and mindset of the developers to make it both self-protecting and 'idiot proof'.. lol

 

I would change the title but there doesn't seem to be a way to do it in the 'edit' of the thread.

[just_a_tech 0]

SweX,

Thanks for reply,

Well I understand that it may not make much sense that I have disabled the Web protection by the product settings.

That's something that I would not recommend, as it is one of the most important features to have. I have only done so due to several factors while trying out NOD32.

- The main reason is with all the internet privacy issues lately I am wary of trusting any product I've never tried. Although I know Eset NOD32 has a great reputation and probably trustworthy, I am still unsure how much of my privacy may or not be protected by such a 'free trial' product.

Since I monitor and authorize all outgoing and incoming connections and most activity on my system, when I allowed NOD32 Web protection it became cumbersome.

Also the system resources on the old machine I'm using is limited. I have only 512MB RAM.

With Web protection disabled I find the ekrn.exe (main part of the product) using only from as low 37MB RAM to some reasonable amount like less than 100MB and up to maybe 120+ when its very busy. While using the Web protection enabled I found that figure at least doubled in general if not more during surfing much sites.

I normaly would not mind that and intend to use the feature in general, once I'm satisfied with the other issues and done with some work and just using internet / surfing normaly.

Its a sad thing that now-a-days one has to monitor everything - even one's antivirus.

When it gets to where I have to monitor or turn off most stuff in the program it basically defeats the purpose. But thats the way things are now.

If the vendors of products in general were not so catering to interests that wish to exploit and invade privacy in order to monopolize information technologies we all would be a bit more comfortable using new products.

Hopefully Eset follows a good standard in that regards, And AFAIK they do. If so, then I may be a loyal customer and even refer the product. But I don't know yet for sure. It takes time to develop trust thats simply a fact.

I am right in the middle of several projects and simply need some AV (Anti-virus) protection. I have some protection from browser threats due to other measures and limited internet use. I'm not 'surfing' around, just going to limited sites I know and mainly using https.

I had a problem with another vendor's product I used for years now becoming a huge resource hog and not obeying commands. So I removed it.

[just_a_tech 0]

Well no sooner I speak then the program just tryed to update again. Blocked by my firewall though..

So that is @ 1 hour and 20 minutes from my first post.

[SweX 871]

Please note,

 

In all fairness I should apologize if made the wrong title to the topic, since I can't seem to find a definative answer to 'how to switch off all updating' - which is probaly what the topic should say

 

However, I have to say I went through every setting I could find many times and thought I had it set to switch off practically everything - yet still it was trying to connect to update.

Now, I find that since over 1 hour it has not attempted any connections. Strange. Maybe I changed a setting that 'worked' somehow?

On the other hand from what I've noticed this product is 'smart' and it my be my own perspective is incorrect, but it appeared to me that it tried to do what it wanted even if it means subverting the the user commands. The reason I say that is when I turned off various things, the behaivor of the program became different in the ways it would attempt to connect either at login or later.

The more I attempted to (reasonably - eg. process explorer, firewall, etc) monitor the program's actions it seemed it become more reactive. Thus I frankly got even more suspicious. I attributed this perhaps incorrectly to it being a trial product that was tracking the use of itself and the user reporting that back.

That coupled with the thought I actually had set settings that would stop all updating and finding it still trying to update I decided enough was enough and to put the company on the spot to answer directly the question.

I even though of asking someone in the security privacy industry to examine the program behaivor for irregularities.

 

Now after further examination I think it may be just a combination of bugs and mindset of the developers to make it both self-protecting and 'idiot proof'.. lol

 

I would change the title but there doesn't seem to be a way to do it in the 'edit' of the thread.

Well the product is not designed to be installed and then almost completely shutdown by the user, then what's the purpose in using the product in the first place? Even though I can somewhat understand why you do (try to) do it in this case, but still.

 

I don't know but perhaps an "on-demand" AV without any realtime modules at all would suite your needs better. If you are very concerned about your privacy that is 

Edited October 4, 2013 by SweX

[Marcos 5,074]

You can disable automatic updates in Scheduler. Of course, this will change the protection status as this action puts the computer at risk if the user forgets to update ESET on a regular basis (updates are usually released in 3-4 hour interval).

[just_a_tech 0]

Thanks Marcos, the problem is solved. I guess I should have read the manual. I actually did change those settings to begin with, must have changed them back.

I also assumed that a setting like that set from tools, would be also controlled by enter advanced setup.

 

SweX, Thanks for your input.

Yes maybe it does not make much sense.

 

My concern is not so much my own privacy as far as any concerns to be 'hiding' something, but overall privacy and security of my system or data from all third parties that are not authorized by my policies to access that data.

 

Its a very simple concern and I am not alone in that concern. I think most people are concerned or should be.

The more upfront companies,etc. are to not 'hiding' stuff is what can ease that concern and develop trust.

 

That said, I'll take the lesson I learned here to my own software project.

It would have been very simple during the install to offer some options geared toward user level, such as advanced ; 'Do you wish to control updates yourself or automatic updates?" y/n

or 'never connect to the internet without my permission'.

Edited October 4, 2013 by just_a_tech

[SweX 871]

Thanks Marcos, the problem is solved. I guess I should have read the manual. I actually did change those settings to begin with, must have changed them back.

I also assumed that a setting like that set from tools, would be also controlled by enter advanced setup.

 

SweX, Thanks for your input.

Yes maybe it does not make much sense.

 

My concern is not so much my own privacy as far as any concerns to be 'hiding' something, but overall privacy and security of my system or data from all third parties that are not authorized by my policies to access that data.

 

Its a very simple concern and I am not alone in that concern. I think most people are concerned or should be.

The more upfront companies,etc. are to not 'hiding' stuff is what can ease that concern and develop trust.

Yes of course I am concerned too but not really in the same way, and not to the extent that I am willing to disable stuff in the product. Then I would rather not use the product at all, and go more in the way of adding policy software like Sandboxie, Appguard, or something like that. But I don't think they are convenient to use and I don't acutally need them so I don't use them.

 

It would have been very simple during the install to offer some options geared toward user level, such as advanced ; 'Do you wish to control updates yourself or automatic updates?" y/n

or 'never connect to the internet without my permission'.

 

By adding that sort of choices during install is only asking for trouble for ESET IMO.

 

"Hey why doesn't the product update?  Well we do have this advanced option during install where you can disable....maybe you ticked that" 

 

Then it's much better that the "advanced" users like you seek up info to be able to go through what you want to do. Since you are the first ever that I have seen since I started to use ESET around V 3.0 that have asked how you could do things like this in the product.

 

No offence, but asking ESET to add such choices during install because of the things you want to do with the product is simply asking too much I think. If you don't trust the product and/or ESET then as I said don't use it.

 

An Antivirus/Antimalware product is something you install and in most cases it's fine to go with the default settings. But disabling stuff due to privacy concerns is not the way to go in a product like this, as it only makes it harder for the product to do its job...protecting the user.

And that's what this product does very well if one doesn't disable 75% of it. 

 

But you do what you feel is best for you of course, just be aware of what it does to the product functionality as well.

 

Good luck

Edited October 5, 2013 by SweX