tedyy 0 Posted August 22, 2017 Share Posted August 22, 2017 (edited) Hello all, I'm testing the nod 32 antivirus, and I'd like to know how to configure it. In the installation I marked the option to detect potentially unwanted applications. Do I need another change?I'm using the translator. Edited August 26, 2017 by tedyy Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted August 22, 2017 Administrators Share Posted August 22, 2017 That's all. You can harden the system against infection by using additional HIPS rules, e.g. if you don't need to use wscript.exe, cscript.exe, mshta.exe, javaw.exe and powershell.exe, you can create block or at least ask rules so that you have control over script execution. Link to comment Share on other sites More sharing options...
tedyy 0 Posted August 22, 2017 Author Share Posted August 22, 2017 (edited) Hello again, I was looking at the advanced settings just out of curiosity and saw that you have a choice of suspicious apps. What would that be? Do you recommend me to enable or leave settings as they are? Edited August 22, 2017 by tedyy Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted August 22, 2017 Administrators Share Posted August 22, 2017 Those are detected by default and cover files protected by packers or protectors that were often seen to have been abused for protecting malware to evade emulation and detection. Link to comment Share on other sites More sharing options...
tedyy 0 Posted August 22, 2017 Author Share Posted August 22, 2017 Ok, last question, the potentially unsafe option, do you recommend me to activate, or leave default? Link to comment Share on other sites More sharing options...
novice 20 Posted August 24, 2017 Share Posted August 24, 2017 On 8/22/2017 at 1:45 AM, Marcos said: You can harden the system against infection by using additional HIPS rules, e.g. if you don't need to use wscript.exe, cscript.exe, mshta.exe, javaw.exe and powershell.exe, you can create block or at least ask rules so that you have control over script execution. Why don't we have these rules already created, leaving the user the option to enable or disable ? (like "click" in a square in front of the rule) Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted August 24, 2017 Administrators Share Posted August 24, 2017 3 hours ago, John Alex said: Why don't we have these rules already created, leaving the user the option to enable or disable ? (like "click" in a square in front of the rule) Because it would cause a lot of complaints from users. We already have experience with this when those rules were provided to business users via special anti-ransomware policies on demand. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted August 24, 2017 Administrators Share Posted August 24, 2017 On 8/22/2017 at 6:35 PM, tedyy said: Ok, last question, the potentially unsafe option, do you recommend me to activate, or leave default? It's up to you. Potentially unsafe applications cover legitimate tool that can be misused for malicious purpose. You can enable detection and see if it detects some of the apps that you use. You will be able to detect particular pot. unsafe app. from detection. Link to comment Share on other sites More sharing options...
novice 20 Posted August 24, 2017 Share Posted August 24, 2017 5 hours ago, Marcos said: Because it would cause a lot of complaints from users. We already have experience with this when those rules were provided to business users via special anti-ransomware policies on demand. Hi Markos, Maybe I was not clear enough; see here an example from my firewall rule A is there and active rule B is there and inactive All additional rules in HIPS should be inactive initially ( an nobody would complain ) . However if somebody wants additional protection, all they need to do is to just "tick" the rule to enable them. Is much easier this way , rather then expecting the user to create by himself complicated ( and at the same time correct) rules. A HIPS is a very powerful tool, but right now the HIPS does nothing ( in over 3 years of using NOD32 I never got an alert generated by HIPS) Think about! Link to comment Share on other sites More sharing options...
tedyy 0 Posted August 24, 2017 Author Share Posted August 24, 2017 16 hours ago, Marcos said: It's up to you. Potentially unsafe applications cover legitimate tool that can be misused for malicious purpose. You can enable detection and see if it detects some of the apps that you use. You will be able to detect particular pot. unsafe app. from detection. Ok Marcos, I'll test here, clarified doubts. Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts