ESET NOD32 Antivirus 4for Mac Installation Manual and User Guide - Public Beta

ESET NOD32 Antivirus

Copyright © 2010 by ESET, spol. s.r.o.ESET NOD32 Antivirus 4 was developed by ESET, spol. s r.o. For more information visit www.eset.com.All rights reserved. No part of this documentation may bereproduced, stored in a retrieval system or transmitted inany form or by any means, electronic, mechanical,photocopying, recording, scanning, or otherwise withoutpermission in writing from the author.ESET, spol. s r.o. reserves the right to change any of thedescribed application software without prior notice.

Customer Care Worldwide: www.eset.eu/supportCustomer Care North America: www.eset.com/support

REV. 8. 6. 2010

Contents.................................................41. ESET NOD32 Antivirus 4

.................................................................4System requirements1.1

.................................................52. Installation.................................................................5Typical installation2.1.................................................................5Custom installation2.2.................................................................6Entering Username and password2.3.................................................................6On-demand computer scan2.4

.................................................73. Beginners guide.................................................................7Introducing user interface design - modes3.1.......................................................................................7Checking operation of the system3.1.1

.......................................................................................7What to do if the program doesn't workproperly

3.1.2

.................................................................8Update setup3.2

.................................................................8Proxy server setup3.3

.................................................................8Privileged Users3.4

.................................................94. Work with ESET NOD32 Antivirus.................................................................9Antivirus and antispyware protection4.1.......................................................................................9Real time file system protection4.1.1......................................................................................9Real-Time Protection setup4.1.1.1

....................................................................................9Control Targets4.1.1.1.1

....................................................................................9Scan on (Event triggered scanning)4.1.1.1.2

....................................................................................9Advanced scan options4.1.1.1.3

......................................................................................10When to modify real time protectionconfiguration

4.1.1.2

......................................................................................10Checking real time protection4.1.1.3

......................................................................................10What to do if real time protection does notwork

4.1.1.4

.......................................................................................10On-demand computer scan4.1.2......................................................................................11Type of scan4.1.2.1

....................................................................................11Smart scan4.1.2.1.1

....................................................................................11Custom scan4.1.2.1.2......................................................................................11Scan targets4.1.2.2......................................................................................11Scan profiles4.1.2.3

.......................................................................................11ThreatSense engine parameters setup4.1.3......................................................................................12Objects4.1.3.1......................................................................................12Options4.1.3.2......................................................................................12Cleaning4.1.3.3......................................................................................13Extensions4.1.3.4......................................................................................13Limits4.1.3.5......................................................................................13Others4.1.3.6

.......................................................................................13An infiltration is detected4.1.4.................................................................14Updating the program4.2.......................................................................................14Update setup4.2.1.......................................................................................14How to create update tasks4.2.2.................................................................15Scheduler4.3.......................................................................................15Purpose of scheduling tasks4.3.1.......................................................................................15Creating new tasks4.3.2.................................................................16Quarantine4.4.......................................................................................16Quarantining files4.4.1.......................................................................................16Restoring from Quarantine4.4.2.......................................................................................16Submitting file from Quarantine4.4.3.................................................................16Log files4.5.......................................................................................16Log maintenance4.5.1

.................................................................16User interface4.6.......................................................................................17Alerts and Notifications4.6.1.......................................................................................17Privileges4.6.2.......................................................................................17Context Menu4.6.3.................................................................17ThreatSense.Net4.7.......................................................................................18Suspicious files4.7.1.......................................................................................18Proxy server4.7.2

.................................................195. Advanced user.................................................................19Export / import settings5.1.......................................................................................19Import settings5.1.1.......................................................................................19Export settings5.1.2

.................................................206. Glossary.................................................................20Types of infiltrations6.1.......................................................................................20Viruses6.1.1.......................................................................................20Worms6.1.2.......................................................................................20Trojan horses6.1.3.......................................................................................21Adware6.1.4.......................................................................................21Spyware6.1.5.......................................................................................21Potentially unsafe applications6.1.6.......................................................................................21Potentially unwanted applications6.1.7

4

1. ESET NOD32 Antivirus 4

As a result of the increasing popularity of Mac-basedoperating systems, malware users are developing morethreats to target Mac users. ESET NOD32 Antivirus forMac offers users efficient protection against threats.ESET NOD32 Antivirus for Mac includes the ability todeflect Windows threats, protecting Mac users as theyinteract with Windows users and vice versa. Windowsmalware does not pose a direct threat to Mac, butdisabling malware that has infected a Mac machine willprevent its spread to Windows-based computersthrough a local network or the Internet.

1.1 System requirements

For the seamless operation of ESET NOD32 Antivirus,your system should meet the following hardware andsoftware requirements:

ESET NOD32 Antivirus:

ProcessorArchitecture

32bit, 64bit Intel®

System 10.5 and later

5

2. Installation

Once you have purchased a license, you can downloadthe ESET NOD32 Antivirus installation package fromESET’s website. Launch the installer and the installation wizard will guideyou through the basic setup. After agreeing with theEnd User License Agreement, you can choose the typeof installation. There are two installation types available,with different configurations and editing options:

Typical InstallationCustom Installation

2.1 Typical installation

Typical installation includes the configuration optionsthat are appropriate for most users. The settings provideexcellent security combined with ease of use and highsystem performance. Typical installation is the defaultoption and is recommended if you do not have particularrequirements for specific settings.

After selecting your preferred installation mode andclicking Next, you will be prompted to enter yourusername and password for automatic updates of theprogram. This plays a significant role in providingconstant protection of your system.

Enter your Username and Password (the authenticationdata you received after purchase or registration of yourproduct) into the corresponding fields. If you do notcurrently have your username and password available,you can select the Set update parameters later optionto continue your installation without it and insert yourauthentication data at any time later directly from theprogram.

The next step is configuration of the ThreatSense.NetEarly Warning System. The ThreatSense.Net EarlyWarning System helps ensure that ESET is immediatelyand continuously informed of new infiltrations in orderto quickly protect our customers. The system allows forsubmission of new threats to ESET‘s Threat Lab, wherethey are analyzed, processed and added to the virussignature database.

By default, the Enable ThreatSense.Net Early WarningSystem option is selected, which will activate thisfeature. Click Advanced setup... to modify detailedsettings for the submission of suspicious files. (For moreinformation see ThreatSense.Net ).

The next step in the installation process is to configure Detection of potentially unwanted applications.Potentially unwanted applications are not necessarilymalicious, but can often negatively affect the behavior ofyour operating system. These applications are oftenbundled with other programs and may be difficult tonotice during the installation process. Although theseapplications usually display a notification duringinstallation, they can easily be installed without yourconsent. Select the Enable detection of potentially

unwanted applications option to allow ESET NOD32Antivirus to detect this type of threat (recommended). Ifyou do not wish to Enable this feature, select the Disable detection of potentially unwantedapplications option.

The final step in Typical installation mode is to confirminstallation by clicking the Install button.

2.2 Custom installation

After selecting the Custom installation method andclicking Continue, you will need to enter your Usernameand Password. After entering your username andpassword, click Continue to configure your Internetconnection.

If you are using a proxy server you can define itsparameters now by selecting the I use a proxy serveroption. After clicking Continue, enter the IP address orURL of your proxy server in the Address field. In the Portfield, specify the port where the proxy server acceptsconnections (3128 by default). In the event that the proxyserver requires authentication, enter a valid Usernameand Password to grant access to the proxy server.

If you are sure that no proxy server is used, you canchoose the I do not use a proxy server option.If you arenot sure, you can let the program Use the samesettings as system.

In the next step you can define privileged users that willbe able to edit the program configuration by selectingthe Define privileged users option.

From the list of users on the left side, you can selectwhich users will have permission to edit the programconfiguration, and then simply Add them to thePrivileged users list on the right side of the window. Todisplay all system users, select the Show all option.

The next step is configuration of the ThreatSense.NetEarly Warning System. The ThreatSense.Net EarlyWarning System helps ensure that ESET is immediatelyand continuously informed about new infiltrations inorder to quickly protect its customers. The system allowsfor submission of new threats to ESET‘s Threat Lab,where they are analyzed, processed and added to thevirus signature database.

By default, the Enable ThreatSense.Net Early WarningSystem option is selected, which will activate thisfeature. Click Advanced setup... to modify detailedsettings for the submission of suspicious files (For moreinformation, see ThreatSense.Net )

The next step in the installation process is to configure Detection of potentially unwanted applications.Potentially unwanted applications are not necessarilymalicious, but can often negatively affect the behavior ofyour operating system.

These applications are often bundled with otherprograms and may be difficult to notice during the

5

5

17

17

6

installation process. Although these applications usuallydisplay a notification during installation, they can easilybe installed without your consent.

Select the Enable detection of potentially unwantedapplications option to allow ESET NOD32 Antivirus todetect this type of threat (recommended). If you do notwish to enable this feature, select the Disable detectionof potentially unwanted applications option.

Click Continue to proceed to the Standard install on"Macintosh HD" window to complete installation. Youcan choose to change the install location, or leave it asthe default and finish the installation process by clicking Install.

2.3 Entering Username and password

For optimal functionality, it is important to set theprogram to automatically download updates. This isonly possible if the correct username and password areentered in the Update setup.

If you did not enter your username and password duringinstallation, you can do so at any time. In the mainprogram window, click Update and then click Usernameand Password setup... . Enter the license data youreceived with your ESET security product in theappropriate fields in the License details window.

2.4 On-demand computer scan

After installing ESET NOD32 Antivirus, a computer scanfor malicious code should be performed. From the mainprogram window, click Computer scan and then clickSmart scan. For more information about On-demandcomputer scans, see the section On-demand computerscan .10

7

3. Beginners guide

This chapter provides an initial overview of ESET NOD32Antivirus and its basic settings.

3.1 Introducing user interface design -modes

The main program window of ESET NOD32 Antivirus isdivided into two main sections. The primary window onthe right displays information that corresponds to theoption selected from the main menu on the left.

The following is a description of options within the mainmenu:

Protection status – Provides information about theprotection status of ESET NOD32 Antivirus. If Advancedmode is activated, the Statistics submenu will display.Computer scan – This option allows you to configureand launch the On-demand computer scan. Update – Displays information about updates to thevirus signature database.Setup – Select this option to adjust your computer’ssecurity level. If Advanced mode is activated, theAntivirus and antispyware submenu will display.Tools – Provides access to Log files, Quarantine andScheduler. This option only displays in Advanced mode.Help – Provides access to help files, the ESETKnowledgebase, ESET’s website and links to open aCustomer Care support request.

The ESET NOD32 Antivirus user interface allows users totoggle between Standard and Advanced mode.Standard mode provides access to features required forcommon operations. It does not display any advancedoptions. To toggle between modes, click the plus iconnext to Activate advanced mode/Activate standardmode in the bottom left corner of the main programwindow.

The Standard mode provides access to featuresrequired for common operations. It does not display anyadvanced options.

Toggling to Advanced mode adds the Tools option tothe main menu. The Tools option allows you to accessthe submenus for Log files, Quarantine and Scheduler.

NOTE: All remaining instructions in this guide take placein Advanced mode.

Standard mode:

Advanced mode:

3.1.1 Checking operation of the system

To view the Protection status, click the top option fromthe main menu. A status summary about the operationof ESET NOD32 Antivirus will display in the primarywindow as well as a submenu with Statistics. Select itto view more detailed information and statistics aboutcomputer scans that have been performed on yoursystem. The Statistics window is available only inadvanced mode.

3.1.2 What to do if the program doesn't workproperly

If the modules enabled are working properly, they areassigned a green check icon. If not, a red exclamationpoint or orange notification icon is displayed, andadditional information about the module is shown in theupper part of the window. A suggested solution forfixing the module is also displayed. To change the statusof individual modules, click Setup in the main menu andclick on the desired module.

8

If you are unable to solve a problem using the suggestedsolutions, click Help to access the help files or search theKnowledgebase. If you still need assistance, you cansubmit an ESET Customer Care support request. ESETCustomer Care will respond quickly to your questionsand help determine a resolution.

3.2 Update setup

Updating the virus signature database and updatingprogram components are an important part of providingcomplete protection against malicious code. From themain menu, select Update and then click Update virussignature database in the primary window to check fora newer database update. Username and Passwordsetup... displays a dialog box where the username andpassword received at the time of purchase should beentered.

If the username and password were entered duringinstallation of ESET NOD32 Antivirus, you will not beprompted for them at this point.

The Advanced Setup window (click Setup from the mainmenu and then click Enter entire advanced setup tree...) contains additional update options. Click Update in theAdvanced setup window. The Update server drop-down menu should be set to Choose automatically. Toedit update servers click the Edit... button.

To enable the use of pre-release modules in ESET NOD32Antivirus click the Setup... button and select the Enablepre-release updates checkbox.

To delete all temporarily stored modules click the Clearbutton.

3.3 Proxy server setup

If you use a proxy server to control Internet connectionson a system using ESET NOD32 Antivirus, it must bespecified in Advanced Setup. To access the Proxy serverconfiguration window, open the Advanced Setupwindow and click Miscellaneous > Proxy server. Selectthe Use proxy server option, and then fill in the Proxyserver (IP address) and Port field. If needed, select theProxy server requires authentication option and thenenter the Username and Password.

3.4 Privileged Users

ESET NOD32 Antivirus settings can be very important toyour organization’s security policy. Unauthorizedmodifications may endanger the stability and protectionof your system. Consequently, you can choose whichusers will have permission to edit the programconfiguration.

To set privileged users, enter the Advanced menu (Setup > Enter entire advanced setup tree...) > User >Privileges.

From the list of users on the left side you can selectwhich users will have the permission to edit the programconfiguration, and then simply click the Add button toadd them to the Privileged users list on the right side ofthe window. To remove Privileged users, highlight thedesired user(s) and click the Remove button. To displayall system users, select the Show all option. If you leavethe list empty, all users will be privileged.

9

4. Work with ESET NOD32Antivirus

4.1 Antivirus and antispyware protection

Antivirus protection guards against malicious systemattacks by modifying files that pose potential threats. If athreat with malicious code is detected, the Antivirusmodule can eliminate it by blocking it and then cleaningit, deleting it or moving it to quarantine.

4.1.1 Real time file system protection

Real-time file system protection controls all antivirus-related events in the system. All files are scanned formalicious code when they are opened, created or run onyour computer. Real-time file system protection islaunched at system startup.

4.1.1.1 Real-Time Protection setup

Real-time file system protection checks all types of mediaand the scan is triggered by various events. UsingThreatSense technology detection methods (describedin the section titled ThreatSense engine parameter setup

), real-time file system protection may vary for newlycreated files and existing files. For newly created files, it ispossible to apply a deeper level of control.

By default, Real-time protection launches at systemstartup and provides uninterrupted scanning. In specialcases (e.g., if there is a conflict with another real-timescanner), real-time protection can be terminated bydeselecting the Automatic Startup file check task inthe Scheduler (described in the section titled Scheduler

).

To modify advanced settings of the real-time protectionopen the Advanced setup window, navigate toProtection > Real-Time protection and click theSetup... button next to Advanced Options (described inthe section titled Advanced scan options ).

4.1.1.1.1 Control Targets

By default, all folders are scanned for potential threats.

We recommend that you keep the default settings andonly modify them in specific cases, such as situations inwhich scanning certain folders significantly slows datatransfers.

4.1.1.1.2 Scan on (Event triggered scanning)

By default, all files are scanned upon opening, creationor execution. We recommend that you keep the defaultsettings, as these provide the maximum level of real-time protection for your computer.

4.1.1.1.3 Advanced scan options

In this window you can define object types to bescanned by the ThreatSense engine and enable/disable Advanced heuristics as well as modify settings forarchives and file cache.

We do not recommend changing the default values inthe Default archives settings section unless needed tosolve a specific situation, as higher archive nesting valuescan impede system performance.

You can enable/disable ThreatSense Advanced heuristicsscanning for executed files as well as for created andmodified files separately by clicking the Advancedheuristics checkbox in each of the respectiveThreatSense parameters sections.

To provide the minimum system footprint when usingreal-time protection, you can define the size of theoptimization cache. This behavior is active when you areusing the Enable clean file cache option. If this isdisabled, all files are scanned each time they areaccessed. Files will not be scanned repeatedly after beingcached (unless they have been modified), up to thedefined size of the cache. Files are scanned againimmediately after each virus signature database update.

Click Enable clean file cache to enable/disable thisfunction. To set the amount of files to be cached simplyenter the desired value in the input field next to Cachesize.

Additional scanning parameters can be set in the ThreatSense Engine Setup window. You can definewhat type of Objects should be scanned, using whichOptions and Cleaning level, as well as definingExtensions and file-size Limits for real-time file system

11

15

9

10

protection.

You can enter the ThreatSense engine setup window byclicking the Setup... button next to ThreatSense Enginein the Advanced Setup window. For more detailedinformation about ThreatSense engine parameters see ThreatSense engine parameter setup .

4.1.1.2 When to modify real time protectionconfiguration

Real-time protection is the most essential component ofmaintaining a secure system. Use caution whenmodifying the real-time protection parameters. Werecommend that you only modify these parameters inspecific cases. For example, a situation in which there is aconflict with a certain application or real-time scanner ofanother antivirus program.

After installation of ESET NOD32 Antivirus, all settingsare optimized to provide the maximum level of systemsecurity for users. To restore the default settings, clickthe Default button located at the bottom-left of theReal-time file system protection window (AdvancedSetup window > Protection > Real-time protection).

4.1.1.3 Checking real time protection

To verify that real-time protection is working anddetecting viruses, use the eicar.com test file. This test fileis a special harmless file detectable by all antivirusprograms. The file was created by the EICAR company(European Institute for Computer Antivirus Research) totest the functionality of antivirus programs. The file eicar.com is available for download at http://www.eicar.org/download/eicar.com

4.1.1.4 What to do if real time protection doesnot work

In this chapter, we describe problem situations that mayarise when using real-time protection, and how totroubleshoot them.

Real-time protection is disabledIf real-time protection was inadvertently disabled by auser, it needs to be reactivated. To reactivate real-timeprotection, navigate to Setup > Antivirus andantispyware and click the Enable real-time file systemprotection link (to the right) in the main programwindow. You can alternatively enable the real-time filesystem protection in the Advanced setup window under Protection > Real-Time Protection by selecting theEnable real-time file system protection option.

Real-time protection does not detect and cleaninfiltrationsMake sure that no other antivirus programs are installedon your computer. If two real-time protection shields areenabled at the same time, they may conflict with eachother. We recommend that you uninstall any otherantivirus programs that may be on your system.

Real-time protection does not startIf real-time protection is not initiated at system startup,it may be due to conflicts with other programs. If this isthe case, please consult ESET‘s Customer Carespecialists.

4.1.2 On-demand computer scan

If you suspect that your computer is infected (it behavesabnormally), run an On-demand computer scan toexamine your computer for infiltrations. For maximumprotection, computer scans should be run regularly aspart of routine security measures , not just run when aninfection is suspected. Regular scanning can detectinfiltrations that were not detected by the real-timescanner when they were saved to the disk. This canhappen if the real-time scanner was disabled at the timeof infection, or if the virus signature database is not up-to-date.

We recommend that you run an On-demand computerscan at least once a month. Scanning can be configuredas a scheduled task from Tools > Scheduler.

11

11

4.1.2.1 Type of scan

Two types of On-demand computer scans are available. Smart scan quickly scans the system with no need forfurther configuration of the scan parameters. Customscan allows you to select any of the predefined scanprofiles, as well as choose specific scan targets.

4.1.2.1.1 Smart scan

Smart scan allows you to quickly launch a computer scan and clean infected files with no need for userintervention. Its main advantages are easy operationwith no detailed scanning configuration. Smart scanchecks all files in all folders and automatically cleans ordeletes detected infiltrations. The cleaning level isautomatically set to the default value. For more detailedinformation on types of cleaning, see the section on Cleaning .

4.1.2.1.2 Custom scan

Custom scan is optimal if you would like to specifyscanning parameters such as scan targets and scanningmethods. The advantage of running a Custom scan isthe ability to configure the parameters in detail. Differentconfigurations can be saved as user-defined scanprofiles, which can be useful if scanning is repeatedlyperformed with the same parameters.

To select scan targets, select Computer scan > Customscan and select specific Scan targets from the treestructure. A scan target can also be more preciselyspecified by entering the path to the folder or file(s) youwish to include. If you are only interested in scanning thesystem without additional cleaning actions, select the Scan without cleaning option. Furthermore, you canchoose from three cleaning levels by clicking Setup... >Cleaning.

Performing computer scans with Custom scan isrecommended for advanced users with previousexperience using antivirus programs.

4.1.2.2 Scan targets

The Scan targets tree structure allows you to select filesand folders to be scanned for viruses. Folders may alsobe selected according to a profile's settings.

A scan target can be more precisely defined by enteringthe path to the folder or file(s) you wish to include inscanning. Select targets from the tree structure that listsall available folders on the computer.

4.1.2.3 Scan profiles

Your preferred scan settings can be saved for futurescanning. We recommend that you create a differentprofile (with various scan targets, scan methods andother parameters) for each regularly used scan.

To create a new profile, go to Setup > Enter entireadvanced setup tree ... > Protection > Computer Scanand click Edit... next to the list of current profiles.

To help you create a scan profile to fit your needs, seethe ThreatSense engine parameters setup section fora description of each parameter of the scan setup.

Example: Suppose that you want to create your ownscan profile and the Smart scan configuration is partiallysuitable, but you do not want to scan runtime packers orpotentially unsafe applications and you also want toapply Strict cleaning. In the On-demand ScannerProfiles List window, write the profile name, click theAdd... and confirm by OK. Then adjust the parametersto meet your requirements by setting ThreatSenseEngine and Scan Targets.

4.1.3 ThreatSense engine parameters setup

ThreatSense is the name of the technology consisting ofcomplex threat detection methods. This technology isproactive, which means it also provides protectionduring the early hours of the spread of a new threat. Ituses a combination of several methods (code analysis,code emulation, generic signatures, virus signatures)which work in concert to significantly enhance systemsecurity. The scanning engine is capable of controllingseveral data streams simultaneously, maximizing theefficiency and detection rate. ThreatSense technologyalso successfully eliminates rootkits.

12

11

12

The ThreatSense technology setup options allow you tospecify several scan parameters:

File types and extensions that are to be scanned

The combination of various detection methods

Levels of cleaning, etc.

To enter the setup window, click Setup > Antivirus andantispyware > Advanced Antivirus and Antispywareprotection setup and then click the Setup... buttonlocated in the System Protection, Real-TimeProtection and Computer Scan wildcards, which all useThreatSense technology (see below). Different securityscenarios could require different configurations. Withthis in mind, ThreatSense is individually configurable forthe following protection modules:

System Protection > Automatic startup file check

Real-Time Protection > Real-time file system protection

Computer Scan > On-demand computer scan

The ThreatSense parameters are specifically optimizedfor each module, and their modification can significantlyinfluence system operation. For example, changingsettings to always scan runtime packers, or enablingadvanced heuristics in the real-time file systemprotection module could result in a slower system .Therefore, we recommend that you leave the defaultThreatSense parameters unchanged for all modulesexcept Computer scan.

4.1.3.1 Objects

The Objects section allows you to define whichcomputer files will be scanned for infiltrations.

Files – Provides scanning of all common file types(programs, pictures, audio, video files, database files,etc.).

Symbolic links - Scans special type of files that contain atext string that is interpreted and followed by theoperating system as a path to another file or directory.

Email files – Scans special files where email messagesare contained.

Mailboxes - Scans user mailboxes in the system.

Archives – Provides scanning of files compressed inarchives (.rar, .zip, .arj, .tar, etc.).

Self-extracting archives – Scans files which arecontained in self-extracting archive files.

Runtime packers – Runtime packers (unlike standardarchive types) decompress in memory, in addition tostandard static packers (UPX, yoda, ASPack, FGS, etc.).

4.1.3.2 Options

In the Options section, you can select the methods usedduring a scan of the system for infiltrations. Thefollowing options are available:

Virus signature database – Signatures can exactly andreliably detect and identify infiltrations by name usingthe virus signature database.

Heuristics – Heuristics use an algorithm that analyzesthe (malicious) activity of programs. The main advantageof heuristic detection is the ability to detect newmalicious software which did not previously exist, or wasnot included in the list of known viruses (virus signaturesdatabase).

Advanced heuristics – Advanced heuristics comprise aunique heuristic algorithm, developed by ESET,optimized for detecting computer worms and trojanhorses written in high-level programming languages.The program's detection ability is significantly higher asa result of advanced heuristics.

Adware/Spyware/Riskware – This category includessoftware that collects sensitive information about userswithout their informed consent. This category alsoincludes software which displays advertising material.

Potentially unwanted applications – Potentiallyunwanted applications are not necessarily intended tobe malicious, but may affect the performance of yourcomputer in a negative way. Such applications usuallyrequire consent for installation. If they are present onyour computer, your system behaves differently(compared to the way it behaved before theseapplications were installed). The most significantchanges include unwanted pop-up windows, activationand running of hidden processes, increased usage ofsystem resources, changes in search results, andapplications communicating with remote servers.

Potentially unsafe applications – Potentially unsafeapplications refer to commercial, legitimate software.The classification includes programs such as remoteaccess tools, which is why this option is disabled bydefault.

4.1.3.3 Cleaning

The cleaning settings determine the manner in which thescanner cleans infected files. There are 3 levels ofcleaning:

No cleaning – Infected files are not cleanedautomatically. The program will display a warningwindow and allow you to choose an action.

Standard cleaning – The program will attempt toautomatically clean or delete an infected file. If it is notpossible to select the correct action automatically, theprogram will offer a choice of follow-up actions. Thechoice of follow-up actions will also be displayed if apredefined action could not be completed.

13

Strict cleaning – The program will clean or delete allinfected files (including archives). The only exceptions aresystem files. If it is not possible to clean them, you will beoffered an action to take in a warning window.

Warning: In the Default Standard cleaning mode, theentire archive file is deleted only if all files in the archiveare infected. If the archive also contains legitimate files, itwill not be deleted. If an infected archive file is detectedin Strict cleaning mode, the entire archive will be deleted,even if clean files are present.

4.1.3.4 Extensions

An extension is the part of the file name delimited by aperiod. The extension defines the type and content ofthe file. This section of the ThreatSense parameter setuplets you define the types of files to be excluded fromscanning.

By default, all files are scanned regardless of theirextension. Any extension can be added to the list of filesexcluded from scanning. Using the Add and Removebuttons, you can enable or prohibit scanning of desiredextensions.

Excluding files from scanning is sometimes necessary ifscanning of certain file types prevents the properfunction of a program that is using the extensions. Forexample, it may be advisable to exclude the .log, .cfgand .tmp extensions.

4.1.3.5 Limits

The Limits section allows you to specify the maximumsize of objects and levels of nested archives to bescanned:

Maximum size: Defines the maximum size of objects tobe scanned. The antivirus module will then scan onlyobjects smaller than the size specified. We do notrecommend changing the default value, as there isusually no reason to modify it. This option should onlybe changed by advanced users who have specificreasons for excluding larger objects from scanning.

Maximum scan time: Defines the maximum timeallotted for scanning an object. If a user-defined valuehas been entered here, the antivirus module will stopscanning an object when that time has elapsed, whetheror not the scan has finished.

Maximum nesting level: Specifies the maximum depthof archive scanning. We do not recommend changingthe default value of 10; under normal circumstances,there should be no reason to modify it. If scanning isprematurely terminated due to the number of nestedarchives, the archive will remain unchecked.

Maximum file size: This option allows you to specify themaximum file size for files contained in archives (whenthey are extracted) that are to be scanned. If scanning isprematurely terminated as a result of this limit, thearchive will remain unchecked.

4.1.3.6 Others

With Smart Optimization enabled the most optimalsettings are used to ensure the most efficient scanninglevel, while simultanneously maintaining the highestscanning speeds. The various protection modules scanintelligently, making use of different scanning methodseach, applying them to specific file types. The SmartOptimization is not rigidly defined within the product.Quite on the contrary, the ESET Development Teamkeeps it flexible implementing new changes continuoslywhich get then integrated into the ESET securitysolution via the regular updates. Is the SmartOptimization disabled, only the user-defined settings inthe ThreatSense core of the particular modules areapplied when performing a scan.

Scan alternative data streams (Computer scan only)Alternate data streams (resource/data forks) used by thefile system are file and folder associations which areinvisible from ordinary scanning techniques. Manyinfiltrations try to avoid detection by disguisingthemsleves as alternative data streams.

4.1.4 An infiltration is detected

Infiltrations can reach the system from various entrypoints; webpages, shared folders, email or removablecomputer devices (USB, external disks, CDs, DVDs,diskettes, etc.).

If your computer is showing signs of malware infection,e.g., it is slower, often freezes, etc., we recommend thefollowing steps:

Open ESET NOD32 Antivirus and click Computer scan.

Click Smart scan (for more information, see the Smartscan section).

After the scan has finished, review the log for thenumber of scanned, infected and cleaned files.

If you only wish to scan a certain part of your disk, click Custom scan and select targets to be scanned forviruses.

As a general example of how infiltrations are handled inESET NOD32 Antivirus, suppose that an infiltration isdetected by the real-time file system monitor, whichuses the Default cleaning level. It will attempt to clean ordelete the file. If there is no predefined action to take forthe real-time protection module, you will be asked toselect an option in an alert window. Usually, the options Clean, Delete and No action are available. Selecting Noaction is not recommended, since the infected file(s)would be left untouched. An exception to this is whenyou are sure that the file is harmless and has beendetected by mistake.

Cleaning and deleting – Apply cleaning if a file has beenattacked by a virus that has attached malicious code to

11

14

it. If this is the case, first attempt to clean the infected filein order to restore it to its original state. If the fileconsists exclusively of malicious code, it will be deleted.

Deleting files in archives – In the Default cleaningmode, the entire archive will be deleted only if it containsinfected files and no clean files. In other words, archivesare not deleted if they also contain harmless clean files.However, use caution when performing a Strictcleaning scan – with Strict cleaning the archive will bedeleted if it contains at least one infected file, regardlessof the status of other files in the archive.

4.2 Updating the program

Regular updates of ESET NOD32 Antivirus are necessaryto maintain the maximum level of security. The Updatemodule ensures that the program is always up to dateby updating the virus signature database.

By clicking Update from the main menu, you can findthe current update status, including the date and time ofthe last successful update and if an update is needed.The primary window also contains the virus signaturedatabase version. This numeric indicator is an active linkto ESET’s website, listing all signatures added during thegiven update.

In addition, the option to manually begin the updateprocess – Update virus signature database – isavailable, as well as basic setup options such as theusername and password used to access ESET’s updateservers.

NOTE: Your username and password are provided byESET after purchasing ESET NOD32 Antivirus.

4.2.1 Update setup

The update setup section specifies update sourceinformation such as the update servers andauthentication data for these servers. By default, the Update server drop-down menu is set to Chooseautomatically to ensure that update files willautomatically download from the ESET server with theleast network traffic.

The list of available update servers is accessible via theUpdate server drop-down menu. To add a new updateserver, click Edit... Then enter the address of the newserver in the Update Server input field and click the Addbutton. Authentication for update servers is based onthe Username and Password generated and sent to youafter purchase.

To enable the use of test mode (downloads pre-releaseupdates) click the Setup... button next to AdvancedOptions, select the Enable pre-release updatescheckbox in the dialog and confirm by pressing OK.

To delete all temporarily stored update data click the Clear button next to Clear update cache. Use thisoption in the case of problems with the update.

4.2.2 How to create update tasks

Updates can be triggered manually by clicking Updatevirus signature database in the primary windowdisplayed after clicking Update from the main menu.

Updates can also be run as scheduled tasks. To configurea scheduled task, click Tools > Scheduler. By default, thefollowing tasks are activated in ESET NOD32 Antivirus:

Regular automatic update

Automatic update after user logon

Each of the aforementioned update tasks can bemodified to meet your needs. In addition to the defaultupdate tasks, you can create new update tasks with a

15

user-defined configuration. For more details aboutcreating and configuring update tasks, see the sectiontitled Scheduler .

4.3 Scheduler

The Scheduler is available if Advanced mode in ESETNOD32 Antivirus is activated. The Scheduler can befound in the ESET NOD32 Antivirus main menu under Tools. The Scheduler contains a list of all scheduledtasks and configuration properties such as thepredefined date, time, and scanning profile used.

By default, the following scheduled tasks are displayed inthe Scheduler:

Regular automatic update

Automatic update after user logon

Automatic startup file check after user logon

Automatic startup file check after successful update ofthe virus signature database

Log maintenance (after enabling the Show systemtasks option in the scheduler setup)

To edit the configuration of an existing scheduled task(both default and user-defined), right-click the task andclick Edit... or select the desired task you wish to modifyand click the Edit... button.

4.3.1 Purpose of scheduling tasks

The Scheduler manages and launches scheduled taskswith predefined configurations and properties. Theconfiguration and properties contain information suchas the date and time as well as specified profiles to beused during execution of the task.

4.3.2 Creating new tasks

To create a new task in the Scheduler, click the Add...button or right-click and select Add... from the contextmenu. Five types of scheduled tasks are available:

Run application UpdateLogs maintenanceOn-demand scan

System startup file check

Since Update is one of the most frequently usedscheduled tasks, we will explain how to add a newupdate task.

From the Scheduled task drop-down menu, selectUpdate. Enter the name of the task into the Task namefield. Select the frequency of the task from the Run thetask drop-down menu. The following options areavailable: User defined, Once, Repeatedly, Daily,Weekly and Event triggered. Based on the frequencyselected, you will be prompted with different updateparameters. Next, define what action to take if the taskcannot be performed or completed at the scheduledtime. The following three options are available:

Wait until the next scheduled time

Run task as soon as possible

Run the task immediately if the time since its lastexecution exceeds specified interval (the interval canbe defined using the Minimum task interval scroll box)

In the next step, a summary window with informationabout the current scheduled task is displayed. Click the Finish button.

The new scheduled task will be added to the list ofcurrently scheduled tasks.

The system, by default, contains essential scheduledtasks to ensure correct product functionality. Theseshould not be altered, and are hidden by default. Tochange this option and make these tasks visible, enterthe Setup > Enter entire advanced setup tree > Tools >Scheduler and select the Show system tasks option.

15

16

4.4 Quarantine

The main task of quarantine is to safely store infectedfiles. Files should be quarantined if they cannot becleaned, if it is not safe or advisable to delete them, or ifthey are being falsely detected by ESET NOD32 Antivirus.

You can choose to quarantine any file. This is advisable ifa file behaves suspiciously but is not detected by theantivirus scanner. Quarantined files can be submitted foranalysis to ESET’s Threat Lab.

Files stored in the quarantine folder can be viewed in atable which displays the date and time of quarantine, thepath to the original location of the infected file, its size inbytes, reason (e.g., added by user…), and number ofthreats (e.g., if it is an archive containing multipleinfiltrations). The quarantine folder with quarantinedfiles (/Library/Application Support/Eset/cache/esets/quarantine) remains in the system even after uninstallingESET NOD32 Antivirus. Quarantined files are stored in asafe encrypted form and can be restored again afterinstalling ESET NOD32 Antivirus.

4.4.1 Quarantining files

ESET NOD32 Antivirus automatically quarantines deletedfiles (if you have not cancelled this option in the alertwindow). If desired, you can quarantine any suspiciousfile manually by clicking the Quarantine... button. Thecontext menu can also be used for this purpose – right-click in the Quarantine window and select Open.

4.4.2 Restoring from Quarantine

Quarantined files can also be restored to their originallocation. Use the Restore button for this purpose;Restore is also available from the context menu by right-clicking on the given file in the Quarantine window,then clicking Restore. The context menu also offers theoption Restore to, which allows you to restore a file to alocation other than the one from which it was deleted.

4.4.3 Submitting file from Quarantine

If you have quarantined a suspicious file that was notdetected by the program, or if a file was incorrectlyevaluated as infected (e.g., by heuristic analysis of thecode) and subsequently quarantined, please send the fileto ESET‘s Threat Lab. To submit a file from quarantine,right-click the file and select Send for analysis from thecontext menu.

4.5 Log files

The Log files contain information about all importantprogram events that have occurred and provide anoverview of detected threats. Logging acts as anessential tool in system analysis, threat detection andtroubleshooting. Logging is performed actively in thebackground with no user interaction. Information isrecorded based on the current log verbosity settings. Itis possible to view text messages and logs directly fromthe ESET NOD32 Antivirus environment, as well as toarchive logs.

Log files are accessible from the ESET NOD32 Antivirusmain menu by clicking Tools > Log files. Select thedesired log type using the Log drop-down menu at thetop of the window. The following logs are available:

1. Detected threats – Use this option to view allinformation about events related to the detection ofinfiltrations.

2. Events – This option is designed for systemadministrators and users to solve problems. Allimportant actions performed by ESET NOD32Antivirus are recorded in the Event logs.

3. On-demand computer scan – Results of all completedscans are displayed in this window. Double-click anyentry to view details of the respective On-demandcomputer scan.

In each section, the displayed information can be directlycopied to the clipboard by selecting the entry andclicking on the Copy button.

4.5.1 Log maintenance

The logging configuration for ESET NOD32 Antivirus isaccessible from the main program window. Click Setup >Enter entire advanced setup tree... > Tools > Log files.You can specify the following options for log files:

Delete old records automatically: Log entries olderthan the specified number of days are automaticallydeleted

Optimize log files automatically: Enables automaticdefragmentation of log files if the specified percentage ofunused records has been exceeded

To configure the Log Records Default Filter click theEdit... button and select/deselect log types as required.

4.6 User interface

The user interface configuration options in ESET NOD32Antivirus allow you to adjust the working environmentto fit your needs. These configuration options areaccessible from the User > Interface section of the ESETNOD32 Antivirus Advanced Setup window.

In this section, the Advanced mode option gives users

17

the ability to allow toggling to Advanced mode.Advanced mode displays more detailed settings andadditional controls for ESET NOD32 Antivirus.

To enable the startup splash screen functionality selectthe Show splash-screen at startup option.

In the Use standard menu section you can select the Instandard mode/In advanced mode options to enablethe use of the standard menu in the main programwindow in the respective display mode(s).

To enable the use of tool tips select the Show tooltipsoption. The Show hidden files option allows you to seeand select hidden files in the Scan Targets setup of aComputer Scan .

4.6.1 Alerts and Notifications

The Notifications setup section under User interfaceallows you to configure how threat alerts and systemnotifications are handled in ESET NOD32 Antivirus.

Disabling the Display alerts option will cancel all alertwindows and is only suitable in specific situations. Formost users, we recommend that this option be left to itsdefault setting (enabled).

4.6.2 Privileges

To protect the program configuration, you can define alist of privileged users that will have permission to editit.

In order to provide maximum security for your system, itis essential that the program be correctly configured.Unauthorized modifications could result in the loss ofimportant data. To set a list of privileged users, simplyselect them from the Users list on the left side and clickthe Add button. To remove a user simply select his/hername in the Privileged Users list on the right side andclick Remove.

NOTE: If the list of privileged users is empty, all users ofthe system will have permission to edit the programsettings.

4.6.3 Context Menu

The context menu integration can be enabled in the Advanced setup window > User > Context Menusection by enabling the Integrate into the contextmenu checkbox.

4.7 ThreatSense.Net

The ThreatSense.Net Early Warning System keeps ESETimmediately and continuously informed about newinfiltrations. The bidirectional ThreatSense.Net EarlyWarning System has a single purpose – to improve theprotection that we can offer you. The best way to ensurethat we see new threats as soon as they appear is to“link“ to as many of our customers as possible and usethem as our Threat Scouts. There are two options:

1. You can decide not to enable the ThreatSense.NetEarly Warning System. You will not lose anyfunctionality in the software, and you will still receivethe best protection that we offer.

2. You can configure the ThreatSense.Net Early WarningSystem to submit anonymous information about newthreats and where the new threatening code iscontained. This file can be sent to ESET for detailedanalysis. Studying these threats will help ESET updateits database of threats and improve the program'sthreat detection ability.

The ThreatSense.Net Early Warning System will collectinformation about your computer related to newly-detected threats. This information may include a sampleor copy of the file in which the threat appeared, the pathto that file, the filename, the date and time, the processby which the threat appeared on your computer andinformation about your computer‘s operating system.

While there is a chance this may occasionally disclosesome information about you or your computer(usernames in a directory path, etc.) to ESET’s ThreatLab, this information will not be used for ANY purposeother than to help us respond immediately to newthreats.

The ThreatSense.Net setup is accessible from the

18

Advanced Setup window, under Tools > ThreatSense.Net. Select the Enable ThreatSense.Net Early WarningSystem option to activate and then click the Setup...button beside the Advanced Options heading.

4.7.1 Suspicious files

The Suspicious files option allows you to configure themanner in which threats are submitted to ESET‘s ThreatLab for analysis.

If you find a suspicious file, you can submit it to ourThreat Labs for analysis. If it is a malicious application, itsdetection will be added to the next virus signaturedatabase update.

Submission of Suspicious Files - You can choose tosend these files During Update, meaning they will besubmitted to ESET's Threat Lab during a regular virussignature database update. Alternatively, you canchoose to send them As soon as possible – this settingis suitable if a permanent Internet connection isavailable.

If you do not want any files to be submitted, select the Do not submit option. Selecting not to submit files foranalysis does not affect submission of statisticalinformation, which is configured in a separate area.

The ThreatSense.Net Early Warning System collectsanonymous information about your computer related tonewly detected threats. This information may includethe name of the infiltration, the date and time it wasdetected, the ESET security product version, youroperating system version and the location setting. Thestatistics are typically delivered to ESET‘s servers once ortwice a day.

Below is an example of a statistical package submitted:

# utc_time=2005-04-14 07:21:28

# country=“Slovakia“

# language=“ENGLISH“

# osver=9.5.0

# engine=5417

# components=2.50.2

# moduleid=0x4e4f4d41

# filesize=28368

# filename=Users/UserOne/Documents/Incoming/rdgFR1463[1].zip

Submission of Anonymous Statistical Information You can define when the statistical information will besubmitted. If you choose to submit As soon as possible,statistical information will be sent immediately after it iscreated. This setting is suitable if a permanent Internetconnection is available. If the During update option isselected, all statistical information will be submittedduring the update following its collection.

If you would not like to send anonymous statisticalinformation, you can select the Do not submit option.

Submission Distribution - You can select how files andstatistical information will be submitted to ESET. Selectthe Remote Administrator Server or ESET option forfiles and statistics to be submitted by any available

means. Select the Remote Administrator Server optionto submit files and statistics to the remote administratorserver, which will then submit them to ESET’s ThreatLab. If the option ESET is selected, all suspicious files andstatistical information will be sent to ESET’s virus labdirectly from the program.

Exclusion filter – The Exclusion filter allows you toexclude certain files/folders from submission. Forexample, it may be useful to exclude files which maycarry confidential information, such as documents orspreadsheets. The most common file types are excludedby default (.doc, etc.). You can add file types to the list ofexcluded files.

Contact email – Your Contact email [optional] can besent with any suspicious files and may be used tocontact you if further information is required for analysis.Please note that you will not receive a response fromESET unless more information is needed.

4.7.2 Proxy server

Proxy server settings can be configured under Miscellaneous > Proxy server. Specifying the proxyserver at this level defines global proxy server settingsfor all of ESET NOD32 Antivirus. Parameters here will beused by all modules requiring connection to theInternet.

To specify proxy server settings for this level, select the Use proxy server check box and then enter the addressof the proxy server into the Proxy server: field, alongwith the Port number of the proxy server.

If communication with the proxy server requiresauthentication, select the Proxy server requiresauthentication check box and enter a valid Usernameand Password into the respective fields.

19

5. Advanced user

5.1 Export / import settings

Importing and exporting configurations of ESET NOD32Antivirus is available in Advanced mode under Setup.

Both import and export use archive file to store theconfiguration. Import and export are useful if you needto backup the current configuration of ESET NOD32Antivirus to be able to use it later. The export settingsoption is also convenient for users who wish to use theirpreferred configuration of ESET NOD32 Antivirus onmultiple systems - they can easily import configurationfile to transfer the desired settings.

5.1.1 Import settings

Importing a configuration is very easy. From the mainmenu, click Setup > Import and export settings, andthen select the Import settings option. Enter the nameof the configuration file or click the ... button to browsefor the configuration file you wish to import.

5.1.2 Export settings

The steps to export a configuration are very similar.From the main menu, click Setup > Import and exportsettings.... Select the Export settings option and enterthe name of the configuration file. Use the browser toselect a location on your computer to save theconfiguration file.

20

6. Glossary

6.1 Types of infiltrations

An Infiltration is a piece of malicious software trying toenter and/or damage a user’s computer.

6.1.1 Viruses

A computer virus is an infiltration that corrupts existingfiles on your computer. Viruses are named afterbiological viruses, because they use similar techniques tospread from one computer to another.

Computer viruses mainly attack executable files, scriptsand documents. To replicate, a virus attaches its “body“to the end of a target file. In short, this is how acomputer virus works: after execution of the infectedfile, the virus activates itself (before the originalapplication) and performs its predefined task. Only afterthat is the original application allowed to run. A viruscannot infect a computer unless a user, eitheraccidentally or deliberately, runs or opens the maliciousprogram by him/herself.

Computer viruses can range in purpose and severity.Some of them are extremely dangerous because of theirability to purposely delete files from a hard drive. On theother hand, some viruses do not cause any damage –they only serve to annoy the user and demonstrate thetechnical skills of their authors.

It is important to note that viruses (when compared totrojans or spyware) are increasingly rare because theyare not commercially enticing for malicious softwareauthors. Additionally, the term “virus” is often usedincorrectly to cover all types of infiltrations. This usage isgradually being overcome and replaced by the new,more accurate term “malware” (malicious software).

If your computer is infected with a virus, it is necessaryto restore infected files to their original state – i.e., toclean them by using an antivirus program.

Examples of viruses are: OneHalf, Tenga, and YankeeDoodle.

6.1.2 Worms

A computer worm is a program containing maliciouscode that attacks host computers and spreads via anetwork. The basic difference between a virus and aworm is that worms have the ability to replicate andtravel by themselves – they are not dependent on hostfiles (or boot sectors). Worms spread through emailaddresses in your contact list or exploit securityvulnerabilities in network applications.

Worms are therefore much more viable than computerviruses. Due to the wide availability of the Internet, theycan spread across the globe within hours of their release– in some cases, even in minutes. This ability to replicateindependently and rapidly makes them more dangerous

than other types of malware.

A worm activated in a system can cause a number ofinconveniences: It can delete files, degrade systemperformance, or even deactivate programs. The natureof a computer worm qualifies it as a “means of transport“for other types of infiltrations.

If your computer is infected with a worm, werecommend you delete the infected files because theylikely contain malicious code.

Examples of well-known worms are: Lovsan/Blaster,Stration/Warezov, Bagle, and Netsky.

6.1.3 Trojan horses

Historically, computer trojan horses have been definedas a class of infiltrations which attempt to presentthemselves as useful programs, tricking users intoletting them run. Today, there is no longer a need fortrojan horses to disguise themselves. Their sole purposeis to infiltrate as easily as possible and accomplish theirmalicious goals. “Trojan horse” has become a verygeneral term describing any infiltration not falling underany specific class of infiltration.

Since this is a very broad category, it is often divided intomany subcategories:

Downloader – A malicious program with the ability todownload other infiltrations from the Internet.

Dropper – A type of trojan horse designed to drop othertypes of malware onto compromised computers.

Backdoor – An application which communicates withremote attackers, allowing them to gain access to asystem and to take control of it.

Keylogger – (keystroke logger) – A program whichrecords each keystroke that a user types and sends theinformation to remote attackers.

Dialer – Dialers are programs designed to connect topremium-rate numbers. It is almost impossible for a userto notice that a new connection was created. Dialers canonly cause damage to users with dial-up modems, whichare no longer regularly used.

Trojan horses usually take the form of executable files. Ifa file on your computer is detected as a trojan horse, werecommend deleting it, since it most likely containsmalicious code.

Examples of well-known trojans are: NetBus,Trojandownloader.Small.ZL, Slapper

21

6.1.4 Adware

Adware is a shortened term for advertising-supportedsoftware. Programs displaying advertising material fallunder this category. Adware applications oftenautomatically open a new pop-up window containingadvertisements in an Internet browser, or change thebrowser’s home page. Adware is frequently bundledwith freeware programs, allowing creators of freewareprograms to cover development costs of their (usuallyuseful) applications.

Adware itself is not dangerous – users may only bebothered by the advertisements. The danger lies in thefact that adware may also perform tracking functions (asspyware does).

If you decide to use a freeware product, please payparticular attention to the installation program. Theinstaller will most likely notify you of the installation ofan extra adware program. Often you will be allowed tocancel it and install the program without adware.

Some programs will not install without adware, or theirfunctionality will be limited. This means that adware mayoften access the system in a “legal” way, because usershave agreed to it. In this case, it is better to be safe thansorry. If there is a file detected as adware on yourcomputer, it is advisable to delete it, since there is a highprobability that it contains malicious code.

6.1.5 Spyware

This category covers all applications which send privateinformation without user consent/awareness. Spywareuses tracking functions to send various statistical datasuch as a list of visited websites, email addresses fromthe user‘s contact list, or a list of recorded keystrokes.

The authors of spyware claim that these techniques aimto find out more about users’ needs and interests andallow better-targeted advertisement. The problem isthat there is no clear distinction between useful andmalicious applications and no one can be sure that theretrieved information will not be misused. The dataobtained by spyware applications may contain securitycodes, PINs, bank account numbers, etc. Spyware isoften bundled with free versions of a program by itsauthor in order to generate revenue or to offer anincentive for purchasing the software. Often, users areinformed of the presence of spyware during a program‘sinstallation to give them an incentive to upgrade to apaid version without it.

Examples of well-known freeware products which comebundled with spyware are client applications of P2P(peer-to-peer) networks. Spyfalcon or Spy Sheriff (andmany more) belong to a specific spyware subcategory –they appear to be antispyware programs, but in factthey are spyware programs themselves.

If a file is detected as spyware on your computer, werecommend deleting it, since there is a high probabilitythat it contains malicious code.

6.1.6 Potentially unsafe applications

There are many legitimate programs whose function isto simplify the administration of networked computers.However, in the wrong hands they may be misused formalicious purposes. ESET NOD32 Antivirus provides theoption to detect such threats.

“Potentially unsafe applications” is the classification usedfor commercial, legitimate software. This classificationincludes programs such as remote access tools,password-cracking applications, and keyloggers (aprogram that records each keystroke a user types).

If you find that there is a potentially unsafe applicationpresent and running on your computer (and you did notinstall it), please consult your network administrator orremove the application.

6.1.7 Potentially unwanted applications

Potentially unwanted applications are not necessarilyintended to be malicious, but may affect theperformance of your computer in a negative way. Suchapplications usually require consent for installation. Ifthey are present on your computer, your systembehaves differently (compared to the way it behavedbefore their installation). The most significant changesare:

New windows you haven’t seen previously are opened

Activation and running of hidden processes

Increased usage of system resources

Changes in search results

Application communicates with remote servers