Work with ESET NOD32 Antivirus.
Posted by Samuel Turi on 27 April 2011 01:59 PM
Work with ESET NOD32 Antivirus
Antivirus and antispyware protection Antivirus protection guards against malicious system attacks by controlling file, email and Internet communication. If a threat with malicious code is detected, the Antivirus module can eliminate it by first blocking it, and then cleaning, deleting or moving it to quarantine.
Real-time file system protection.
- Real-time file system protection controls all antivirus related events in the system. All files are scanned for malicious code at the moment they are opened, created or run on your computer. Real-Real-time file system protection is launched at system startup.
- The Real-time file system protection checks all types of media, and control is triggered by various events. Using ThreatSense technology detection methods (described in section 4.1.6, “ThreatSense engine parameter setup”), real-time file system protection may vary for newly created files and existing files. For newly created files, it is possible to apply a deeper level of control.
- To provide the minimum system footprint when using real-time protection, files which have already been scanned are not scanned repeatedly (unless they have been modified). Files are scanned again immediately after each virus signature database update. This behavior is configured using Smart optimization. If this is disabled, all files are scanned each time they are accessed. To modify this option, open the Advanced Setup window and click Antivirus and antispyware > Real-time file system protection from the Advanced Setup tree. Then click the Setup... button next to ThreatSense engine parameter setup, click Other and select or deselect the Enable Smart optimization option.
- By default, Real-time protection launches at system startup and provides uninterrupted scanning. In special cases (e.g., if there is a conflict with another real-time scanner), real-time protection can be terminated by deselecting the Start Real-time file system protection automatically option.
Media to scan
- By default, all types of media are scanned for potential threats.
- Local drives – Controls all system hard drives
- Removable media – Diskettes, USB storage devices, etc.
- Network drives – Scans all mapped drives
- We recommend that you keep the default settings and only modify them in specific cases, such as when scanning certain media significantly slows data transfers.
Scan on (Event triggered scanning)
- By default, all files are scanned upon opening, creation or execution. We recommend that you keep the default settings, as these provide the maximum level of real-time protection for your computer. The Diskette access option provides control of the diskette boot sector when this drive is accessed. The Computer shutdown option provides control of the hard disk boot sectors during computer shutdown. Although boot viruses are rare today, we recommend that you leave these options enabled, as there is still the possibility of infection by a boot virus from alternate sources.
Advanced scan options
- More detailed setup options can be found under Antivirus and antispyware > Real-time system protection > Advanced setup.
- Additional ThreatSense parameters for newly created and modified files – The probability of infection in newly created or modified files is comparatively higher than in existing files. That is why the program checks these files with additional scanning parameters. Along with common signature based scanning methods, advanced heuristics are used, which greatly improves detection rates.
- In addition to newly created files, scanning is also performed on self extracting files (.sfx) and runtime packers (internally compressed executable files). By default, archives are scanned up to the 10th nesting level and are checked regardless of their actual size. To modify archive scan settings, deselect the Default archive scan settings option.
- Additonal ThreatSense parameters for executed files – By default, advanced heuristics are not used when files are executed. However, in some cases you may want to enable this option (by checking the Advanced heuristics on file execution option). Note that advanced heuristics may slow the execution of some programs due to increased system requirements.
- The real-time protection has three cleaning levels (to access, click the Setup... button in the Real-time file system protection section and then click the Cleaning branch).
- The first level displays an alert window with available options for each infiltration found. You must choose an action for each infiltration individually. This level is designed for more advanced user who know what to do with every type of infiltration.
- The medium level automatically chooses and performs a predefined action (depending on the type of infiltration). Detection and deletion of an infected file is signaled by an information message located in the bottom right corner of the screen. However, an automatic action is not performed if the infiltration is located within an archive which also contains clean files, and it is not performed on objects for which there is no predefined action.
- The third level is the most “aggressive” – all infected objects are cleaned. As this level could potentially result in the loss of valid files, we recommended that it be used only in specific situations.