ESET NOD32 ANTIVIRUS 6 User Guide (intended for product version 6.
ESET NOD32 ANTIVIRUS Copyright 2013 by ESET, spol. s r. o. ESET NOD32 Antivirus was developed by ESET, spol. s r. o. For more information visit www.eset.com. All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without permission in writing from the author. ESET, spol. s r. o.
Contents 1. ESET NOD32 Antivirus 6 ..................................................5 1.1 What's ........................................................................5 new 1.2 System ........................................................................6 requirements 1.3 Prevention ........................................................................6 2. Installation ..................................................8 2.1 Live installer ...........................................................
5.6.2 5.6.2.1 5.6.2.2 5.6.2.2.1 5.6.2.3 5.6.3 5.6.4 5.6.4.1 5.6.4.2 5.6.4.3 5.6.5 5.6.6 User .................................................................................69 Interface and application usage Program .............................................................................69 Controls Navigating .............................................................................70 in ESET SysInspector Keyboard ...............................................................................
1. ESET NOD32 Antivirus 6 ESET NOD32 Antivirus 6 represents a new approach to truly integrated computer security. The most recent version of the ThreatSense® scanning engine utilizes speed and precision to keep your computer safe. The result is an intelligent system that is constantly on alert for attacks and malicious software that might endanger your computer. ESET NOD32 Antivirus 6 is a complete security solution that combines maximum protection and a minimal system footprint.
1.2 System requirements For seamless operation of ESET NOD32 Antivirus, your system should meet the following hardware and software requirements: Microsoft® Windows® XP 400 MHz 32-bit (x86) / 64-bit (x64) 128MB RAM of system memory 320 MB available space Super VGA (800 x 600) Microsoft® Windows® 8, 7, Vista, Home Server 1 GHz 32-bit (x86) / 64-bit (x64) 512MB RAM of system memory 320 MB available space Super VGA (800 x 600) 1.
Follow basic security rules This is the most useful and most effective rule of all – always be cautious. Today, many infiltrations require user intervention in order to be executed and distributed. If you are cautious when opening new files, you will save considerable time and effort that would otherwise be spent cleaning infiltrations from your computer. Here are some useful guidelines: Do not visit suspicious websites with multiple pop-ups and flashing advertisements.
2. Installation There are several methods for installing ESET NOD32 Antivirus on your computer. Installation methods may vary depending on country and means of distribution: Live installer can be downloaded from the ESET website. The installation package is universal for all languages (choose a desired language). Live installer itself is a small file; additional files required to install ESET NOD32 Antivirus will be downloaded automatically.
2.2 Offline installation Once you launch the offline installation (.msi) package, the installation wizard will guide you through the setup process. First, the program checks to see if a newer version of ESET NOD32 Antivirus is available. If a newer version is found you will be notified in the first step of the installation process. If you select Download and install new version, the new version will be downloaded and installation will continue. Next, the End-User License Agreement will be displayed.
2.2.1 Typical installation Typical installation mode provides configuration options appropriate for most users. These settings provide excellent security, easy setup and high system performance. Typical installation mode is the default option and is recommended for users who do not require specific settings. For more instructions about installation steps, ESET Live Grid and Detection of potentially unwanted applications, follow the instructions in the aforementioned section (see “Live installer”).
The next installation window offers the option to set a password to protect your program settings. Select Protect configuration settings with a password and enter your password into the the New password and Confirm new password fields. This password will be required to change or access the settings of ESET NOD32 Antivirus. When both password fields match, click Next to continue.
2.5 Upgrading to a more recent version New versions of ESET NOD32 Antivirus are issued to implement improvements or fix issues that cannot be resolved by automatic updates to program modules. Upgrading to a more recent version can be accomplished in several ways: 1. Automatically, by means of a program update.
3. Beginner's guide This chapter provides an initial overview of ESET NOD32 Antivirus and its basic settings. 3.1 Introducing user interface design The main program window of ESET NOD32 Antivirus is divided into two main sections. The primary window on the right displays information that corresponds to the option selected from the main menu on the left. The following is a description of options within the main menu: Home – Provides information about the protection status of ESET NOD32 Antivirus.
change the status of individual modules, click Setup and select the desired module. The red icon signals critical problems – maximum protection of your computer is not ensured.
3.2 Updates Updating the virus signature database and updating program components is an important part of protecting your system against malicious code. Pay careful attention to their configuration and operation. In the main menu, click Update and then click Update virus signature database to check for a virus signature database update. If the Username and Password were not entered during activation of ESET NOD32 Antivirus you will be prompted for them at this point.
4. Work with ESET NOD32 Antivirus The ESET NOD32 Antivirus setup options allow you to adjust the protection levels of your computer. The Setup menu contains following: Computer Web and Email Click any component to adjust the advanced settings of the corresponding protection module. Computer protection setup allows you to enable or disable the following components: Real-time file system protection – All files are scanned for malicious code when they are opened, created or run on your computer.
Computer > Antivirus and antispyware > Document protection > Integrate into system). To re-enable the protection of the disabled security component, click Disabled and then Enable. NOTE: When disabling protection using this method, all disabled parts of protection will be enabled after a computer restart. There are additional options at the bottom of the setup window. Use the Product activation...
4.1.1 Antivirus and antispyware Antivirus and antispyware protection guards against malicious system attacks by controlling file, email and Internet communication. If a threat with malicious code is detected, the Antivirus module can eliminate it by first blocking it, and then cleaning, deleting or moving it to quarantine. Scanner options for all protection modules (e.g. Real-time file system protection, Web access protection, ...
By default, Real-time file system protection launches at system startup and provides uninterrupted scanning. In special cases (e.g., if there is a conflict with another real-time scanner), real-time protection can be terminated by deselecting Start Real-time file system protection automatically. Media to scan By default, all types of media are scanned for potential threats: Local drives – Controls all system hard drives. Removable media – Diskettes, CD/DVDs, USB storage devices, etc.
requirements. While the Advanced heuristics on executing files from removable media option is enabled, if you wish to exclude some removable media (USB) ports from being scanned by advanced heuristics on file execution, click Exceptions... to open the removable media drive exclusions window. In this window, you can customize the settings by selecting or deselecting the checkboxes that represent each port. 4.1.1.1.2 Cleaning levels Real-time protection has three cleaning levels (to access, click Setup...
4.1.1.1.4 Checking real-time protection To verify that real-time protection is working and detecting viruses, use a test file from eicar.com. This test file is a harmless file detectable by all antivirus programs. The file was created by the EICAR company (European Institute for Computer Antivirus Research) to test the functionality of antivirus programs. The file is available for download at http:// www.eicar.org/download/eicar.com 4.1.1.1.
targets drop-down menu and clicking Scan. See Scan progress for more information about the scanning process. We recommend that you run a computer scan at least once a month. Scanning can be configured as a scheduled task from Tools > Scheduler. 4.1.1.2.
4.1.1.2.2 Scan progress The scan progress window shows the current status of the scan and information about the number of files found that contain malicious code. NOTE: It is normal that some files, such as password protected files or files being exclusively used by the system (typically pagefile.sys and certain log files), cannot be scanned. The progress bar shows the percentage of already-scanned objects compared to objects still waiting to be scanned.
4.1.1.2.3 Scan profiles Your preferred scan parameters can be saved for future scanning. We recommend that you create a different profile (with various scan targets, scan methods and other parameters) for each regularly used scan. To create a new profile, open the Advanced setup window (F5) and click Computer > Antivirus and antispyware > Computer scan > Profiles....
4.1.1.4 Idle-state scanning Idle scanner can be configured and enabled in Advanced setup under Computer > Antivirus and antispyware > Idlestate scanning. When the computer is in idle state, then a silent computer scan is performed on all local drives. See also Idle state detection triggers (e.g. screen saver, user logoff), which must be met in order to run the Idle scanner. By default, Idle scanner does not run when the computer (notebook) is powered from the battery and is not connected to the power grid.
Path – Path to excluded files and folders. Threat – If there is a name of a threat next to an excluded file, it means that the file is only excluded for the given threat, not completely. If that file becomes infected later with other malware, it will be detected by the antivirus module.
4.1.1.6.2 Options Use the Options section to select the methods used when scanning the system for infiltrations. The following options are available: Heuristics – A heuristic is an algorithm analyzing the (malicious) activity of programs. The main advantage is the ability to identify malicious software which did not exist, or was not identified by previous virus signatures databases. The disadvantage is the small probability of false alarms.
4.1.1.6.5 Limits The Limits section allows you to specify the maximum size of objects and levels of nested archives to be scanned: Maximum object size – Defines the maximum size of objects to be scanned. The given antivirus module will then scan only objects smaller than the size specified. This option should only be changed by advanced users who may have specific reasons for excluding larger objects from scanning. Default value: unlimited. Maximum scan time for object (sec.
Each uses the standard cleaning level and will attempt to clean the file and move it to Quarantine or terminate the connection. A notification window is displayed in the notification area at the bottom right corner of the screen. For more information about cleaning levels and behavior, see Cleaning. Cleaning and deleting If there is no predefined action to take for Real-time file system protection, you will be prompted to select an option in the alert window.
4.1.1.8 Document protection The Document protection feature scans Microsoft Office documents before they are opened, as well as files downloaded automatically by Internet Explorer such as Microsoft ActiveX elements. Document protection provides a layer of protection in addition to Real-time file system protection, and can be disabled to enhance performance on systems that are not exposed to a high volume of Microsoft Office documents. Integrate into system activates the protection system.
4.1.2.1 Filtering rules The Filter device access window displays existing extended rules for removable media. Category – Removable media type (CD/DVD/USB...). Description – Filter device rules description. Rights – Associated permissions of given devices, that match the criteria set by filter. New – Create a new filtering removable media rule. Edit – Select one row and click this button to change the existing rule. Delete (Del) – Removes the selected rule. 4.1.2.
Note: Filtering parameters in all text fields are handled case-sensitive and no wildcards (*, ?) are supported. They have to be written exactly as delivered by the vendor. Click the Populate with connected device parameters... option to choose/fill with removable media device parameters for devices connected to your computer. Rights Deny access – Access to the device will not be granted. A device blocking information window will appear when an attempt to access a device will be performed.
If you select Ask as the default action, ESET NOD32 Antivirus will display a dialog window every time an operation is run. You can choose to Deny or Allow the operation. If you do not choose an action, an action will be selected based on the pre-defined rules. The Allow access to another application dialog window allows you to create a rule based on any new action that HIPS detects and then define the conditions under which to allow or deny that action.
4.2 Web and email Web and email configuration can be found in the Setup pane by clicking on Web and email. From here you can access more detailed settings of the program. Internet connectivity is a standard feature for personal computers. Unfortunately, the Internet has become the primary medium for distributing malicious code. For this reason it is essential that you carefully consider your Web access protection settings.
are: Never – No tag messages will be added at all. To infected email only – Only messages containing malicious software will be marked as checked (default). To all scanned email – The program will append messages to all scanned email. Append note to the subject of received and read/sent infected email – Select this checkbox if you want email protection to include a virus warning in the subject of an infected email.
4.2.1.2 IMAP, IMAPS scanner The Internet Message Access Protocol (IMAP) is another Internet protocol for email retrieval. IMAP has some advantages over POP3, e.g., multiple clients can simultaneously connect to the same mailbox and maintain message state information such as whether or not the message has been read, replied to or deleted. ESET NOD32 Antivirus provides protection for this protocol regardless of the email client used.
Use POP3S protocol checking for selected ports – Check this option to enable POP3S checking only for ports defined in Ports used by POP3S protocol. Ports used by POP3S protocol – A list of POP3S ports to check (995 by default). 4.2.2 Web access protection Internet connectivity is a standard feature in a personal computer. Unfortunately, it has also become the main medium for transferring malicious code.
4.2.2.1.1 Active mode for web browsers ESET NOD32 Antivirus also contains the Active mode submenu, which defines the checking mode for web browsers. Active mode is useful because it examines data transferred from applications accessing the Internet as a whole, regardless of whether they are marked as web browsers or not (for more information, see Web and email clients). If Active mode is disabled, communication from applications is monitored gradually in batches.
Remove/Remove all – Click Remove to delete the selected address from the list. To delete all addresses, select Remove all. Export... – Save addresses from the current list to a simple text file. 4.2.3 Protocol filtering Antivirus protection for the application protocols is provided by the ThreatSense scanning engine, which seamlessly integrates all advanced malware scanning techniques. The control works automatically, regardless of the Internet browser or email client used.
4.2.3.2 Excluded applications To exclude communication of specific network-aware applications from content filtering, select them in the list. HTTP/ POP3/IMAP communication of the selected applications will not be checked for threats. We recommend using this option only for applications that do not work properly with their communication being checked. Running applications and services will be available here automatically. Click the Add...
4.2.3.3 Excluded IP addresses The entries in the list will be excluded from the protocol content filtering. HTTP/POP3/IMAP communication from/to the selected addresses will not be checked for threats. We recommend using this option only for addresses that are known to be trustworthy. Add IPv4/IPv6 address – This options allows you to add an IP address/address range/subnet of a remote point for which the rule is to be applied. Remove – Remove selected entries from the list. 4.2.3.3.
4.2.3.4 SSL protocol checking ESET NOD32 Antivirus enables you to check protocols encapsulated in SSL protocol. You can use various scanning modes for SSL protected communications using trusted certificates, unknown certificates, or certificates that are excluded from SSL-protected communication checking. Always scan SSL protocol – Select this option to scan all SSL protected communications except communications protected by certificates excluded from checking.
4.2.3.4.1.2 Excluded certificates The Excluded certificates section contains certificates that are considered safe. The content of encrypted communications utilizing the certificates in the list will not be checked for threats. We recommend only excluding web certificates that are guaranteed to be safe and the communication utilizing the certificates does not need to be checked. To delete selected items from the list, click the Remove button.
NOTE: Potential phishing websites that have been whitelisted will expire after several hours by default. To allow a website permanently, you can use the URL address management tool. From the Advanced setup (F5) click Web and email > Web access protection > URL address management and from the URL address management drop-down menu select List of allowed addresses and add your website to this list.
Last successful update – The date of the last update. If you do not see a recent date, your virus signature database may not be current. Virus signature database version – The virus signature database number, which is also an active link to ESET’s website. Click it to view a list of all signatures added within the given update. Click Check to detect the latest available version of ESET NOD32 Antivirus. Update process After clicking Update virus signature database, the download process begins.
Important: Under normal circumstances, when updates are downloaded properly the message Update is not necessary – Virus signature database is up to date will appear in the Update window. If this is not the case, the program is out of date and more vulnerable to infection. Please update the virus signature database as soon as possible.
4.3.1 Update setup Update setup options are available from the Advanced setup tree (F5 key) by clicking Update > Update. This section specifies update source information, such as the update servers and authentication data for these servers. By default, the Update server drop-down menu is set to Choose automatically to ensure that update files will automatically download from the ESET server with the least network traffic.
Pre-release updates (the Pre-release update option) are updates which have gone through thorough internal testing and will be generally available soon. You can benefit from enabling pre-release updates by having access to the most recent detection methods and fixes. However, pre-release updates might not be stable enough at all times and SHOULD NOT be used on production servers and workstations where maximum availability and stability is required.
will display a notification. The Regularly check for latest product version option will enable the Regular checking for latest product version scheduled task (see Scheduler). 4.3.1.2.2 Proxy server To access the proxy server setup options for a given update profile, click Update in the Advanced setup tree (F5) and then click the Setup... button to the right of Advanced update setup.
4.3.1.3 Update rollback If you suspect that a new update of the virus database and/or program modules may be unstable or corrupt, you can roll back to the previous version and disable updates for a set period of time. Alternatively, you can enable previously disabled updates if you had postponed them indefinitely. ESET NOD32 Antivirus records snapshots of virus signature database and program modules for use with the rollback feature.
4.3.2 How to create update tasks Updates can be triggered manually by clicking Update virus signature database in the primary window displayed after clicking Update from the main menu. Updates can also be run as scheduled tasks. To configure a scheduled task, click Tools > Scheduler. By default, the following tasks are activated in ESET NOD32 Antivirus: Regular automatic update Automatic update after dial-up connection Automatic update after user logon Each update task can be modified to meet your needs.
displayed after clicking this option is described in the Submission of files for analysis section. ESET SysRescue – Launches the ESET SysRescue creation wizard. Note: ESET SysRescue is currently not available in ESET NOD32 Antivirus version 6. We recommend that you create an ESET SysRescue disk on another version of Microsoft Windows or with ESET products version 5.x. ESET Social Media Scanner – Link to a social media application (e.g. Facebook) intended to protect social media users against threats.
4.4.1.1 Log maintenance The Logging configuration of ESET NOD32 Antivirus is accessible from the main program window. Click Setup > Enter advanced setup... > Tools > Log files. The logs section is used to define how the logs will be managed. The program automatically deletes older logs in order to save hard disk space.
4. Depending on the timing option you choose in the previous step, one of the following dialog windows will be displayed: Once – The task will be performed at the predefined date and time. Repeatedly – The task will be performed at the specified time interval. Daily – The task will run repeatedly each day at the specified time. Weekly – The task will be run on the selected day and time. 5.
4.4.4 Watch activity To see the current File system activity in graph form, click Tools > Watch activity. At the bottom of the graph is a timeline which records File system activity real-time based on the selected time span. To change the time span, click the Step: 1... option located at the bottom-right of the window.
The following actions are available: Compare – Compares two existing logs. Create... – Creates a new log. Please wait until the ESET SysInspector log is complete (Status shown as Created). Delete – Removes selected logs from the list. After right-clicking one or more selected logs, the following options are available from the context menu: Show – Opens the selected log in ESET SysInspector (same function as double-clicking a log). Delete all – Deletes all logs. Export... – Exports the log to an .
you if further information is required for analysis. Please note that you will not receive a response from ESET unless more information is needed. Select the Enable logging option to create an event log to record file and statistical information submissions. It enables logging to the Event log when files or statistics are sent. 4.4.7 Running processes Running processes displays the running programs or processes on your computer and keeps ESET immediately and continuously informed about new infiltrations.
By clicking a given application at the bottom, the following information will appear at the bottom of the window: File – Location of an application on your computer. File size – File size in B (bytes). File description – File characteristics based on the description from the operating system. Company name – Name of the vendor or application process. File version – Information from the application publisher. Product name – Application name and/or business name.
Quarantine window and select Quarantine.... Restoring from Quarantine Quarantined files can also be restored to their original location. Use the Restore feature for this purpose, which is available from the context menu by right-clicking a given file in the Quarantine window. If a file is marked as Potentially unwanted application, the Restore and exclude from scanning option is enabled. Read more about this type of application in the glossary. The context menu also offers the Restore to...
4.4.10 Alerts and notifications ESET NOD32 Antivirus supports sending emails if an event with the selected verbosity level occurs. Click the Send event notifications by email checkbox to enable this feature and activate email notifications. SMTP server – The SMTP server used for sending notifications. Note: SMTP servers with SSL/TLS encryption are not supported by ESET NOD32 Antivirus.
4.4.10.1 Message format Here you can set up the format of event messages that are displayed on remote computers. Threat alert and notification messages have a predefined default format. We advise against changing this format. However, in some circumstances (for example, if you have an automated email processing system), you may need to change the message format. Keywords (strings separated by % signs) are replaced in the message by the actual information as specified.
4.4.12 System updates The Windows update feature is an important component of protecting users from malicious software. For this reason, it is vital to install Microsoft Windows updates as soon as they become available. ESET NOD32 Antivirus notifies you about missing updates according to the level you specify. The following levels are available: No updates – No system updates will be offered for download. Optional updates – Updates marked as low priority and higher will be offered for download.
4.5.2 Alerts and notifications The Alerts and notifications section under User interface allows you to configure how threat alerts and system notifications (e.g. successful update messages) are handled by ESET NOD32 Antivirus. You can also set display time and the level of transparency of system tray notifications ( applies only to the systems supporting system tray notifications). Deselect the check box next to Display alerts to cancel all alert windows. This is only suitable in certain situations.
4.5.5 Program menu Some of the most important setup options and features are available in the main program menu. Frequently used – Displays the most frequently used parts of ESET NOD32 Antivirus. You can quickly access these from the program menu. Temporarily disable protection – Displays the confirmation dialog box that disables Antivirus and antispyware protection, which guards against malicious system attacks by controlling file, web and email communication.
4.5.6 Context menu The context menu is displayed after right-clicking an object. The menu lists all options available to perform on the object. It is possible to integrate ESET NOD32 Antivirus control elements into the context menu. More detailed setup options for this functionality are available in the Advanced setup tree under User Interface > Context menu. Integrate into the context menu – Integrate the ESET NOD32 Antivirus control elements into the context menu.
5. Advanced user 5.1 Profile manager Profile manager is used in two places within ESET NOD32 Antivirus – in the Computer scan section and in the Update section. Computer scan Your preferred scan parameters can be saved for future scanning. We recommend that you create a different profile (with various scan targets, scan methods and other parameters) for each regularly used scan.
5.3 Diagnostics Diagnostics provides application crash dumps of ESET's processes (e.g. ekrn). If an application crashes, a dump will be generated. This can help developers to debug and fix various ESET NOD32 Antivirus problems. Two dump types are available: Complete memory dump – Records all the contents of system memory when the application stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected.
5.6 ESET SysInspector 5.6.1 Introduction to ESET SysInspector ESET SysInspector is an application that thoroughly inspects your computer and displays gathered data in a comprehensive way. Information like installed drivers and applications, network connections or important registry entries can help you to investigate suspicious system behavior be it due to software or hardware incompatibility or malware infection.
5.6.2 User Interface and application usage For clarity the main program window is divided into four major sections – Program Controls located on the top of the main program window, Navigation window to the left, the Description window to the right and the Details window at the bottom of the main program window. The Log Status section lists the basic parameters of a log (filter used, filter type, is the log a result of a comparison etc.). 5.6.2.
with. In "Basic" mode, you have access to information used to find solutions for common problems in your system. In the "Medium" mode, the program displays less used details. In "Full" mode, ESET SysInspector displays all the information needed to solve very specific problems. Item filtering Item filtering is best used to find suspicious files or registry entries in your system. By adjusting the slider, you can filter items by their Risk Level.
its hash. Important Registry Entries Contains a list of selected registry entries which are often related to various problems with your system like those specifying startup programs, browser helper objects (BHO), etc. In the Description window you may find which files are related to specific registry entries. You may see additional details in the Details window. Services The Description window Contains a list of files registered as windows Services.
View Ctrl+5 Ctrl+6 Ctrl+7 Ctrl+3 Ctrl+2 Ctrl+1 BackSpace Space Ctrl+W Ctrl+Q view by vendor, all vendors view by vendor, only Microsoft view by vendor, all other vendors displays full detail displays medium detail basic display moves one step back moves one step forward expands tree collapses tree Other controls Ctrl+T Ctrl+P Ctrl+A Ctrl+C Ctrl+X Ctrl+B Ctrl+L Ctrl+R Ctrl+Z Ctrl+F Ctrl+D Ctrl+E goes to the original location of item after selecting in search results displays basic information about an ite
marked by a were present only in the opened log and are missing in the active one.
5.6.4 Service Script Service script is a tool that provides help to customers that use ESET SysInspector by easily removing unwanted objects from the system. Service script enables the user to export the entire ESET SysInspector log, or its selected parts. After exporting, you can mark unwanted objects for deletion. You can then run the modified log to delete marked objects. Service Script is suited for advanced users with previous experience in diagnosing system issues.
Example: 02) Loaded modules: - c:\windows\system32\svchost.exe - c:\windows\system32\kernel32.dll + c:\windows\system32\khbekhb.dll - c:\windows\system32\advapi32.dll [...] In this example the module khbekhb.dll was marked by a “+”. When the script runs, it will recognize the processes using that specific module and end them. 03) TCP connections This section contains information about existing TCP connections. Example: 03) TCP connections: - Active connection: 127.0.0.1:30606 -> 127.0.0.
Example: 06) Important registry entries: * Category: Standard Autostart (3 items) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - HotKeysCmds = C:\Windows\system32\hkcmd.exe - IgfxTray = C:\Windows\system32\igfxtray.exe HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - Google Update = “C:\Users\antoniak\AppData\Local\Google\Update\GoogleUpdate.exe” /c * Category: Internet Explorer (7 items) HKLM\Software\Microsoft\Internet Explorer\Main + Default_Page_URL = http://thatcrack.com/ [...
5.6.4.3 Executing Service scripts Mark all desired items, then save and close the script. Run the edited script directly from the ESET SysInspector main window by selecting the Run Service Script option from the File menu. When you open a script, the program will prompt you with the following message: Are you sure you want to run the service script “%Scriptname%”? After you confirm your selection, another warning may appear, informing you that the service script you are trying to run has not been signed.
What is Anti-Stealth technology ? Anti-Stealth technology provides effective rootkit detection. If the system is attacked by malicious code that behaves as a rootkit, the user may be exposed to data loss or theft. Without a special anti-rootkit tool, it is almost impossible to detect rootkits.
5.7.1 Minimum requirements ESET SysRescue works in the Microsoft Windows Preinstallation Environment (Windows PE) version 2.x, which is based on Windows Vista. Windows PE is part of the free Windows Automated Installation Kit (Windows AIK) or Windows Assesment and Deployment Kit (WADK) and therefore Windows AIK or WADK must be installed before creating ESET SysRescue ( http://go.eset.eu/AIK, http://www.microsoft.com/en-us/download/details.aspx?id=30652).
5.7.4 Settings Before initiating ESET SysRescue creation, the install wizard displays compilation parameters. These can be modified by clicking the Change... button. The available options include: Folders ESET Antivirus Advanced Internet protocol Bootable USB device (when the target USB device is selected) Burning (when the target CD/DVD drive is selected) The Create option is inactive if no MSI installation package is specified, or if no ESET Security solution is installed on the computer.
introduced into the compilation so you do not need to look for it later. 5.7.4.4 Internet protocol This section allows you to configure basic network information and set up predefined connections after running ESET SysRescue. Select Automatic private IP address to obtain the IP address automatically from DHCP (Dynamic Host Configuration Protocol) server. Alternatively, this network connection can use a manually specified IP address (also known as a static IP address).
5.7.5.1 Using ESET SysRescue Suppose that computers in the network have been infected by a virus which modifies executable (.exe) files. ESET Security solution is capable of cleaning all infected files except for explorer.exe, which cannot be cleaned, even in Safe mode. This is because explorer.exe, as one of the essential Windows processes, is launched in Safe mode as well. ESET Security solution would not be able to perform any action with the file and it would remain infected.
/no-unsafe /unwanted /no-unwanted /pattern /no-pattern /heur /no-heur /adv-heur /no-adv-heur /ext=EXTENSIONS /ext-exclude=EXTENSIONS /clean-mode=MODE /quarantine /no-quarantine do not scan for potentially unsafe applications (default) scan for potentially unwanted applications do not scan for potentially unwanted applications (default) use signatures (default) do not use signatures enable heuristics (default) disable heuristics enable Advanced heuristics (default) disable Advanced heuristics scan only EXTE
6. Glossary 6.1 Types of infiltration An Infiltration is a piece of malicious software trying to enter and/or damage a user’s computer. 6.1.1 Viruses A computer virus is a piece of malicious code that is pre-pended or appended to existing files on your computer. Viruses are named after biological viruses because they use similar techniques to spread from one computer to another. As for the term “virus”, it is often used incorrectly to mean any type of a threat.
6.1.4 Rootkits Rootkits are malicious programs that grant Internet attackers unlimited access to a system, while concealing their presence. Rootkits, after accessing a system (usually exploiting a system vulnerability), use functions in the operating system to avoid detection by antivirus software: they conceal processes, files and Windows registry data. For this reason, it is almost impossible to detect them using ordinary testing techniques. There are two levels of detection to prevent rootkits: 1.
6.1.8 Potentially unsafe applications There are many legitimate programs whose function is to simplify the administration of networked computers. However, in the wrong hands, they may be misused for malicious purposes. ESET NOD32 Antivirus provides the option to detect such threats. Potentially unsafe applications is the classification used for commercial, legitimate software.
6.2.2 Hoaxes A hoax is misinformation which is spread across the Internet. Hoaxes are usually sent via email or communication tools like ICQ and Skype. The message itself is often a joke or Urban Legend. Computer Virus hoaxes try to generate fear, uncertainty and doubt (FUD) in the recipients, bringing them to believe that there is an “undetectable virus“ deleting files and retrieving passwords, or performing some other harmful activity on their system.