Solved - Configure nod antivirus

[tedyy 0]

Hello all, I'm testing the nod 32 antivirus, and I'd like to know how to configure it. In the installation I marked the option to detect potentially unwanted applications. Do I need another change?
I'm using the translator.

Edited August 26, 2017 by tedyy

[Marcos 5,259]

That's all. You can harden the system against infection by using additional HIPS rules, e.g. if you don't need to use wscript.exe, cscript.exe, mshta.exe, javaw.exe and powershell.exe, you can create block or at least ask rules so that you have control over script execution.

[tedyy 0]

Hello again, I was looking at the advanced settings just out of curiosity and saw that you have a choice of suspicious apps. What would that be? Do you recommend me to enable or leave settings as they are?

Edited August 22, 2017 by tedyy

[Marcos 5,259]

Those are detected by default and cover files protected by packers or protectors that were often seen to have been abused for protecting malware to evade emulation and detection.

[tedyy 0]

Ok, last question, the potentially unsafe option, do you recommend me to activate, or leave default?

[novice 20]

On ‎8‎/‎22‎/‎2017 at 1:45 AM, Marcos said:

You can harden the system against infection by using additional HIPS rules, e.g. if you don't need to use wscript.exe, cscript.exe, mshta.exe, javaw.exe and powershell.exe, you can create block or at least ask rules so that you have control over script execution.

Why don't we have these rules already created, leaving the user the option to enable or disable ? (like "click" in a square in front of the rule)

[Marcos 5,259]

3 hours ago, John Alex said:

Why don't we have these rules already created, leaving the user the option to enable or disable ? (like "click" in a square in front of the rule)

Because it would cause a lot of complaints from users. We already have experience with this when those rules were provided to business users via special anti-ransomware policies on demand.

[Marcos 5,259]

On 8/22/2017 at 6:35 PM, tedyy said:

Ok, last question, the potentially unsafe option, do you recommend me to activate, or leave default?

It's up to you. Potentially unsafe applications cover legitimate tool that can be misused for malicious purpose. You can enable detection and see if it detects some of the apps that you use. You will be able to detect particular pot. unsafe app. from detection.

[novice 20]

5 hours ago, Marcos said:

Because it would cause a lot of complaints from users. We already have experience with this when those rules were provided to business users via special anti-ransomware policies on demand.

Hi Markos,

Maybe I was not clear enough; see here an example from my firewall

rule A is there and active

rule B is there and inactive

All additional rules in HIPS should be inactive initially ( an nobody would complain ) . However if somebody wants additional protection, all they need to do is to just "tick" the rule to enable them.

Is much easier this way , rather then expecting the user to create by himself complicated ( and at the same time correct) rules.

A HIPS is a very powerful tool, but right now the HIPS does nothing ( in over 3 years of using NOD32 I never got an alert generated by HIPS) 

Think about!

 

[tedyy 0]

16 hours ago, Marcos said:

It's up to you. Potentially unsafe applications cover legitimate tool that can be misused for malicious purpose. You can enable detection and see if it detects some of the apps that you use. You will be able to detect particular pot. unsafe app. from detection.

Ok Marcos, I'll test here, clarified doubts. Thank you.