NOD32 & SpyAnywhere

[Marty1]

Trying to stop NOD32 from detecting SpyAnywhere as a potential infection on
a PC, any thoughts?

Running Win XP Pro SP2, NOD32 2.50.16 and SpyAnywhere 3.11 (in stealth mode)

I have added the SA file and directory into the AMON exclusions list, but
the NOD32 Kernell keeps detecting SpyAnywhere amongst the startup files and
presents the alert to the user. Naturally the whole idea of SpyAnywhere is
to operate in stealth mode so the user doesn't know it is there!!

So, any suggestions on solving this problem or easier to change AV????

 

[Vanguard]

Trying to stop NOD32 from detecting SpyAnywhere as a potential
infection on a PC, any thoughts?

Running Win XP Pro SP2, NOD32 2.50.16 and SpyAnywhere 3.11 (in stealth
mode)

I have added the SA file and directory into the AMON exclusions list,
but the NOD32 Kernell keeps detecting SpyAnywhere amongst the startup
files and presents the alert to the user. Naturally the whole idea of
SpyAnywhere is to operate in stealth mode so the user doesn't know it
is there!!

So, any suggestions on solving this problem or easier to change AV????

If the computer is YOUR property, or it is the property of your company
and you are acting as their IT agent in installing the spyware, it
doesn't matter if the user knows they are being watched and actually
SHOULD be told they are being watched.

 

[Marty1]

[SNIP]

If the computer is YOUR property, or it is the property of your company
and you are acting as their IT agent in installing the spyware, it doesn't
matter if the user knows they are being watched and actually SHOULD be
told they are being watched.

Well, it IS *MY* computer, being used by MY child, who has been caught doing
wrongs things on the internet and knows that they are being WATCHED..

What I am trying to stop is the constant warning messages from NOD32 that
pop up at various intervals warning of a virus infiltration. That has
NOTHING to do with the warning message that already pops up on boot up to
advise that the PC is under surveillance and is just damn annoying!

PLUS, you never know if it is a real virus that has triggered the alert, or
just the SpyAnywhere again, unless you go into the log file and check..

So, do YOU have any helpful advice or are you just one of those privacy
morons that likes to sprout what's right and wrong instead of actually
helping??

My best regards

 

[Max Wachtel]

[SNIP]

If the computer is YOUR property, or it is the property of your company
and you are acting as their IT agent in installing the spyware, it doesn't
matter if the user knows they are being watched and actually SHOULD be
told they are being watched.

Well, it IS *MY* computer, being used by MY child, who has been caught doing
wrongs things on the internet and knows that they are being WATCHED..

What I am trying to stop is the constant warning messages from NOD32 that
pop up at various intervals warning of a virus infiltration. That has
NOTHING to do with the warning message that already pops up on boot up to
advise that the PC is under surveillance and is just damn annoying!

PLUS, you never know if it is a real virus that has triggered the alert, or
just the SpyAnywhere again, unless you go into the log file and check..

So, do YOU have any helpful advice or are you just one of those privacy
morons that likes to sprout what's right and wrong instead of actually
helping??

My best regards

My best advice to you is:
Take away the computer and get both of you into some therapy.
-max

 

[Vanguard]

[SNIP]

If the computer is YOUR property, or it is the property of your
company and you are acting as their IT agent in installing the
spyware, it doesn't matter if the user knows they are being watched
and actually SHOULD be told they are being watched.

Well, it IS *MY* computer, being used by MY child, who has been caught
doing wrongs things on the internet and knows that they are being
WATCHED..

What I am trying to stop is the constant warning messages from NOD32
that pop up at various intervals warning of a virus infiltration.
That has NOTHING to do with the warning message that already pops up
on boot up to advise that the PC is under surveillance and is just
damn annoying!

PLUS, you never know if it is a real virus that has triggered the
alert, or just the SpyAnywhere again, unless you go into the log file
and check..

So, do YOU have any helpful advice or are you just one of those
privacy morons that likes to sprout what's right and wrong instead of
actually helping??

My best regards

From first post:

"NOD32 Kernell keeps detecting SpyAnywhere amongst the startup files and
presents the alert to the user"

So you were getting "the" alert on startup. Then it changed to:

"the constant warning messages from NOD32 that pop up at various
intervals warning of a virus infiltration"

Hmm, looks we were supposed to divine that one alert was actually many
repeated alerts. Bulletin windows on a program's load is hardly rare
but a one-time nuisance per bootup, not the repeated nuisance that you
now identify.

Some possible solutions:

- When the alert appears, is there an option to Leave? It doesn't
remember that choice?

- I suppose you could disable the "Potentially dangerous applications"
setting under the AMON options tab (see
http://www.wilderssecurity.com/showpost.php?p=201881&postcount=16) since
that is probably the category in which you application is detected.
However, this will also no longer detect other nasty programs, like
remote admin programs.

- I would think easiest would be to add the file on which NOD32 alerts
to its exclusion list under the AMON options
(http://www.wilderssecurity.com/showpost.php?p=201883&postcount=18). If
it alerts on several files comprising your application, you'll have to
list them all. Have you tried excluding the file(s) on which NOD32
alerts?

 

[Marty1]

news:[email protected]...

[SNIP]

Some possible solutions:

- When the alert appears, is there an option to Leave? It doesn't
remember that choice?

Nope - NOD32 on that PC is in 'silent' mode so it gives the alert in the
baloon but no options - also notifies my PC by network....

- I suppose you could disable the "Potentially dangerous applications"
setting under the AMON options tab (see
http://www.wilderssecurity.com/showpost.php?p=201881&postcount=16) since
that is probably the category in which you application is detected.
However, this will also no longer detect other nasty programs, like remote
admin programs.

If no other option but I'd really like to avoid this if possible.. for
obvious reasons.

- I would think easiest would be to add the file on which NOD32 alerts to
its exclusion list under the AMON options
(http://www.wilderssecurity.com/showpost.php?p=201883&postcount=18). If
it alerts on several files comprising your application, you'll have to
list them all. Have you tried excluding the file(s) on which NOD32
alerts?

Yep - I have added the actual file AND the entire folder to the exclusions
list. This seems to have stopped NOD32 from trying to quarantine/delete the
file on detection but doesn't stop the baloon alerts that pop up every (xx)
minutes (whatever the interval is, haven't actually timed it yet).

Hmm - so far Spytech haven't come up with any solution either other than to
say that they test their software with various AV packages for stealth,
however they haven't actually tested it against NOD32! Real helpful guys!

I was kinda hoping someone else had experienced a similar problem and found
a solution, other than changing to another AV program that is..

 

[Marty1]

[SNIP]

My best advice to you is:
Take away the computer and get both of you into some therapy.
-max

Therapy? Therapy?? Therapy..

Could you recommend your Phsyciatrist? Obviously if they've let you loose on
the community they must be rather easy going!

 

[jonah]

news:[email protected]...

[SNIP]

Some possible solutions:

Personally I don't think reducing the protection level of your AV is a
good idea, its doing exactly what it is supposed to do despite many
attempts to stop it, proves how good NOD 32 is + what are these AVs
that allow this spyware to run in stealth mod anyway? I don't want
them.

I can see your point though, you want to monitor juniors net usage, I
just don't think the sort of net monitoring software you are using is
any good in a home environment. Normally this stuff is run by a sys
admin on a company domain network where everyone is on limited
accounts and the AV / Firewall stuff is done by dedicated commercial
solutions that are way more configureable than basic home stuff even
if it does boast of Pro credentials.

On a home PC network where you really need security software the only
way any spyware is gonna work is by compromising security in the first
place..........................innit?

I would suggest trying it from a different angle - instead of spyware
put junior on a limited account then use content management to block
places you do not wish junior to get into. There is a lot of software
/ literature etc out there to do just that even, windows has content
blocking built in if you can be arsed to mess about with it for weeks.
For example Norton Personal Firewall 2003 which you can use with NOD
32 and a Router is easy to set up and has pretty good parental control
features that should be ideal.

(Note I said Norton Personal Firewall 2003).

This way you get to put the stoppers on iffy surfing + your security
is enhanced not compromised.

Jonah

 

[Marty1]

Personally I don't think reducing the protection level of your AV is a
good idea, its doing exactly what it is supposed to do despite many
attempts to stop it, proves how good NOD 32 is + what are these AVs
that allow this spyware to run in stealth mod anyway? I don't want
them.

I tend to agree, I don't really want to reduce the level of protection if it
can be avoided, after all the whole purpose of putting an AV on is to
protect! AFAIK most of the AV products do not detect SpyAnywhere in stealth
mode, according to the manufacturers anyway I haven't tested any other AV
products, I just know that NOD32 doesn't give a damn if it is in stealth
mode or not, it still detects it, and even if you add it to the exclusions
list it still pops a warning up regularly to let you know the application is
there! I guess that could get annoying for some people in other
circumstances and I would've thought that adding an application to the
exclusions list would stop the AV from doing anything about that
application, including pop-up warnings...... oh well...

I can see your point though, you want to monitor juniors net usage, I
just don't think the sort of net monitoring software you are using is
any good in a home environment. Normally this stuff is run by a sys
admin on a company domain network where everyone is on limited
accounts and the AV / Firewall stuff is done by dedicated commercial
solutions that are way more configureable than basic home stuff even
if it does boast of Pro credentials.

I understand, it was just good as it provided access to the files and
e-mails and chats, plus screen-shots, all in one package whereas things like
Net Nanny may block access to sites but still doesn't stop some of the other
problems we were having, which I won't go into here but it was desirable to
be able to check on files and some other activities if possible - which was
why SpyAnywhere/SpyAgent was being considered as well as Net Nanny (strange
that NOD32 doesn't detect SpyAgent in stealth mode but does detect
SpyAnywhere??? hmmm....)

On a home PC network where you really need security software the only
way any spyware is gonna work is by compromising security in the first
place..........................innit?

I would suggest trying it from a different angle - instead of spyware
put junior on a limited account then use content management to block
places you do not wish junior to get into. There is a lot of software
/ literature etc out there to do just that even, windows has content
blocking built in if you can be arsed to mess about with it for weeks.
For example Norton Personal Firewall 2003 which you can use with NOD
32 and a Router is easy to set up and has pretty good parental control
features that should be ideal.

(Note I said Norton Personal Firewall 2003).

This way you get to put the stoppers on iffy surfing + your security
is enhanced not compromised.

Yes, well, as I said above the sus net surfing was just part of the problem
but is currently controlled by Net Nanny. There were some other concerns
that this doesn't solve though and although the spy software I know is
intended for different markets it did provide what we needed (and more,
which just wasn't used) without having to use a separate package for each
task... We are running behind a router but I still don't want to reduce the
level of AV protection if it can be avoided - so far Spytech (who make
SpyAnywhere) have been unable to offer any help, other than to ask NOD32 why
their AV detects spy software (??WTF??)

Thanks for your comments, it was nice to see another sensible response to
the question!

 

[ib]

Help! Maybe someone can help me out fixing my PC - virus problems...!?

A. Nötzel ([email protected])

Thanx!

(e-mail address removed)

 

[jonah]

Snip

Yes, well, as I said above the sus net surfing was just part of the problem
but is currently controlled by Net Nanny. There were some other concerns
that this doesn't solve though and although the spy software I know is
intended for different markets it did provide what we needed (and more,
which just wasn't used) without having to use a separate package for each
task... We are running behind a router but I still don't want to reduce the
level of AV protection if it can be avoided - so far Spytech (who make
SpyAnywhere) have been unable to offer any help, other than to ask NOD32 why
their AV detects spy software (??WTF??)

Don't know weather to laugh or cry really

Thanks for your comments, it was nice to see another sensible response to
the question!

No problem Marty - interesting problem. I use NOD32 and I have had no
occasion to tell it to ignore anything, if I ever do you will be the
first guy I ask.

Jonah