Jump to content

Solved - Configure nod antivirus


tedyy

Recommended Posts

Hello all, I'm testing the nod 32 antivirus, and I'd like to know how to configure it. In the installation I marked the option to detect potentially unwanted applications. Do I need another change?
I'm using the translator
.

Edited by tedyy
Link to comment
Share on other sites

  • Administrators

That's all. You can harden the system against infection by using additional HIPS rules, e.g. if you don't need to use wscript.exe, cscript.exe, mshta.exe, javaw.exe and powershell.exe, you can create block or at least ask rules so that you have control over script execution.

Link to comment
Share on other sites

Hello again, I was looking at the advanced settings just out of curiosity and saw that you have a choice of suspicious apps. What would that be? Do you recommend me to enable or leave settings as they are?

Edited by tedyy
Link to comment
Share on other sites

  • Administrators

Those are detected by default and cover files protected by packers or protectors that were often seen to have been abused for protecting malware to evade emulation and detection.

Link to comment
Share on other sites

On ‎8‎/‎22‎/‎2017 at 1:45 AM, Marcos said:

You can harden the system against infection by using additional HIPS rules, e.g. if you don't need to use wscript.exe, cscript.exe, mshta.exe, javaw.exe and powershell.exe, you can create block or at least ask rules so that you have control over script execution.

Why don't we have these rules already created, leaving the user the option to enable or disable ? (like "click" in a square in front of the rule)

Link to comment
Share on other sites

  • Administrators
3 hours ago, John Alex said:

Why don't we have these rules already created, leaving the user the option to enable or disable ? (like "click" in a square in front of the rule)

Because it would cause a lot of complaints from users. We already have experience with this when those rules were provided to business users via special anti-ransomware policies on demand.

Link to comment
Share on other sites

  • Administrators
On 8/22/2017 at 6:35 PM, tedyy said:

Ok, last question, the potentially unsafe option, do you recommend me to activate, or leave default?

It's up to you. Potentially unsafe applications cover legitimate tool that can be misused for malicious purpose. You can enable detection and see if it detects some of the apps that you use. You will be able to detect particular pot. unsafe app. from detection.

Link to comment
Share on other sites

5 hours ago, Marcos said:

Because it would cause a lot of complaints from users. We already have experience with this when those rules were provided to business users via special anti-ransomware policies on demand.

Hi Markos,

Maybe I was not clear enough; see here an example from my firewall

rule A is there and active

rule B is there and inactive

All additional rules in HIPS should be inactive initially ( an nobody would complain ) . However if somebody wants additional protection, all they need to do is to just "tick" the rule to enable them.

Is much easier this way , rather then expecting the user to create by himself complicated ( and at the same time correct) rules.

A HIPS is a very powerful tool, but right now the HIPS does nothing ( in over 3 years of using NOD32 I never got an alert generated by HIPS) 

Think about!

 

RULES.jpg

Link to comment
Share on other sites

16 hours ago, Marcos said:

It's up to you. Potentially unsafe applications cover legitimate tool that can be misused for malicious purpose. You can enable detection and see if it detects some of the apps that you use. You will be able to detect particular pot. unsafe app. from detection.

Ok Marcos, I'll test here, clarified doubts. Thank you.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...