Jump to content

Some gaps in understanding the web and email modules


Using
 Share

Recommended Posts

In the description below I am referring to NOD32 AV's web and email modules as

the user manual for advanced configuration use these terms. All this is about NOD32 AV 7.x.

 

Please help to fill the gaps in my understanding how the relations

and behavior of these modules are.

 

- user manual is using two terms, "scanning" and "filtering"

  What is the difference between them two?

  "will be filtered", or "is filtered" - what does this exactly mean?

 

- email client integration. Does this integration produce just additional

  toolbar in the enabled email client and nothing more?

  How is the advanced configuration module "email clients" related to

  "email client integration" ? No direct relation, just two quite independent modules,

  also in their services?

 

- Some advanced options are not available on Windows versions where WFP

  is used. For instance, Web and email clients.

  How is then the behavior of "Use HTTPS protocol checking for selected ports"

  on thoses systems? It is not described in user manual.

 

- NOD32 AV seems to use some internal proxy server on systems where WFP

  is not available. Where to find more details about reasons, function, purpose

  and pitfalls of that proxy?

 

- How does resulting grade of protection look if to

  check "Protocol filtering - Integrate into system", and

  uncheck "Protocol filtering - Enable application protocol content filtering"

Edited by Using
Link to comment
Share on other sites

  • Administrators

- user manual is using two terms, "scanning" and "filtering"

  What is the difference between them two?

Filtering means that the data will be routed to ekrn by ESET's tdi / wfp driver while scanning means that the data will actually be scanned for malware by ekrn.

 

- email client integration. Does this integration produce just additional toolbar in the enabled email client and nothing more?

Enabling integration with email clients will install a plug-in for a particular email client. This will enable spam filtering as well as scanning email received by the email client regardless of the protocol used.

 

- Some advanced options are not available on Windows versions where WFP is used. For instance, Web and email clients.  How is then the behavior of "Use HTTPS protocol checking for selected ports" on thoses systems? It is not described in user manual.

 

On systems with WFP support, all HTTP(S)/POP3(S)/IMAP(S) traffic is scanned.

- NOD32 AV seems to use some internal proxy server on systems where WFP is not available. Where to find more details about reasons, function, purpose and pitfalls of that proxy?

Probably the only disadvantage of using the local proxy is that you won't be able to make firewall rules for applications communicating via http/pop3 as the firewall will see ekrn.exe as the application initiating the communication.

 

- How are resulting measures of protection if to check "Protocol filtering - Integrate into system", and uncheck "Protocol filtering - Enable application protocol content filtering"

The effect of disabling either of them is that potential malware received via http/pop3 will not be detected by web protection and access to blocked websites will not work either.

Link to comment
Share on other sites

Thank you for your answers in very short time.

 

 

 

A) Filtering means that the data will be routed to ekrn by ESET's tdi / wfp driver ...

 


 

b..) ...This will enable spam filtering as well as scanning email received by the email client regardless of the protocol used.

 


C) On systems with WFP support, all HTTP(S)/POP3(S)/IMAP(S) traffic is scanned.

 


D) Probably the only disadvantage of using the local proxy is that you won't be able to make firewall rules for applications communicating via http/pop3 as the firewall will see ekrn.exe as the application initiating the communication.
 


E) The effect of disabling either of them is that potential malware received via http/pop3 will not be detected by web protection and access to blocked websites will not work either.

 

 

A) That's means, no filtering - no scans possible.

 

b..) Great facility, unfortunately not supported for current version of my mail client.

 

C) It means, named ports are scanned regardless to used browser.

 

D) Yeah, I could observe it long time ago, after that given up and used without protocol filtering - not the optimal solution.

    One is forced to choose between traffic control or av, malware protection

    It seems no improvement possible for systems before WFP.

    It must also mean, on systems with WFP such routing is no more necessary.

 

E) So in my opinion, these two could be reduced to one single option

   - "Protocol filtering - Integrate into system", and

   - "Protocol filtering - Enable application protocol content filtering"

Edited by Using
Link to comment
Share on other sites

  • ESET Insiders

E) So in my opinion, these two could be reduced to one single option

   - "Protocol filtering - Integrate into system", and

   - "Protocol filtering - Enable application protocol content filtering"

 

These are different options

The first options control data routing,,,,,, is the Installation Level of the Firewall;  

     is the same as Advanced Setup>Network>Personal Firewall>System integration>Only scan application protocols

The second is for actually scan the routed data

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...