Using 1 Posted November 16, 2013 Share Posted November 16, 2013 (edited) In the description below I am referring to NOD32 AV's web and email modules as the user manual for advanced configuration use these terms. All this is about NOD32 AV 7.x. Please help to fill the gaps in my understanding how the relations and behavior of these modules are. - user manual is using two terms, "scanning" and "filtering" What is the difference between them two? "will be filtered", or "is filtered" - what does this exactly mean? - email client integration. Does this integration produce just additional toolbar in the enabled email client and nothing more? How is the advanced configuration module "email clients" related to "email client integration" ? No direct relation, just two quite independent modules, also in their services? - Some advanced options are not available on Windows versions where WFP is used. For instance, Web and email clients. How is then the behavior of "Use HTTPS protocol checking for selected ports" on thoses systems? It is not described in user manual. - NOD32 AV seems to use some internal proxy server on systems where WFP is not available. Where to find more details about reasons, function, purpose and pitfalls of that proxy? - How does resulting grade of protection look if to check "Protocol filtering - Integrate into system", and uncheck "Protocol filtering - Enable application protocol content filtering" Edited November 16, 2013 by Using Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 16, 2013 Administrators Share Posted November 16, 2013 - user manual is using two terms, "scanning" and "filtering" What is the difference between them two? Filtering means that the data will be routed to ekrn by ESET's tdi / wfp driver while scanning means that the data will actually be scanned for malware by ekrn. - email client integration. Does this integration produce just additional toolbar in the enabled email client and nothing more? Enabling integration with email clients will install a plug-in for a particular email client. This will enable spam filtering as well as scanning email received by the email client regardless of the protocol used. - Some advanced options are not available on Windows versions where WFP is used. For instance, Web and email clients. How is then the behavior of "Use HTTPS protocol checking for selected ports" on thoses systems? It is not described in user manual. On systems with WFP support, all HTTP(S)/POP3(S)/IMAP(S) traffic is scanned. - NOD32 AV seems to use some internal proxy server on systems where WFP is not available. Where to find more details about reasons, function, purpose and pitfalls of that proxy? Probably the only disadvantage of using the local proxy is that you won't be able to make firewall rules for applications communicating via http/pop3 as the firewall will see ekrn.exe as the application initiating the communication. - How are resulting measures of protection if to check "Protocol filtering - Integrate into system", and uncheck "Protocol filtering - Enable application protocol content filtering" The effect of disabling either of them is that potential malware received via http/pop3 will not be detected by web protection and access to blocked websites will not work either. Link to comment Share on other sites More sharing options...
Using 1 Posted November 16, 2013 Author Share Posted November 16, 2013 (edited) Thank you for your answers in very short time. A) Filtering means that the data will be routed to ekrn by ESET's tdi / wfp driver ... b..) ...This will enable spam filtering as well as scanning email received by the email client regardless of the protocol used. C) On systems with WFP support, all HTTP(S)/POP3(S)/IMAP(S) traffic is scanned. D) Probably the only disadvantage of using the local proxy is that you won't be able to make firewall rules for applications communicating via http/pop3 as the firewall will see ekrn.exe as the application initiating the communication. E) The effect of disabling either of them is that potential malware received via http/pop3 will not be detected by web protection and access to blocked websites will not work either. A) That's means, no filtering - no scans possible. b..) Great facility, unfortunately not supported for current version of my mail client. C) It means, named ports are scanned regardless to used browser. D) Yeah, I could observe it long time ago, after that given up and used without protocol filtering - not the optimal solution. One is forced to choose between traffic control or av, malware protection It seems no improvement possible for systems before WFP. It must also mean, on systems with WFP such routing is no more necessary. E) So in my opinion, these two could be reduced to one single option - "Protocol filtering - Integrate into system", and - "Protocol filtering - Enable application protocol content filtering" Edited November 16, 2013 by Using Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted November 18, 2013 ESET Insiders Share Posted November 18, 2013 E) So in my opinion, these two could be reduced to one single option - "Protocol filtering - Integrate into system", and - "Protocol filtering - Enable application protocol content filtering" These are different options The first options control data routing,,,,,, is the Installation Level of the Firewall; is the same as Advanced Setup>Network>Personal Firewall>System integration>Only scan application protocols The second is for actually scan the routed data Link to comment Share on other sites More sharing options...
Recommended Posts