21
conguration option (‘av_enabled‘). For detailed information on these conguration options, please refer to the nod32.
cfg(5) manual page.
Every object processed by NOD32LFS/NOD32BFS is at rst handled with respect to the setting of the conguration
option ’action_on_processed’. Once this parameter is set to ’accept’, the object is handled according to the setting of
conguration option ’av_enabled’. Note that this parameter is of paramount importance if combined with so-called
User Specic Conguration mechanism. In this case various types of black-lists and white-lists can be
Once ’av_enabled’ is enabled the object processed is scanned for virus inltrations and set of action conguration
options ’action_on_infected’, ’action_on_uncleanable’ and ’action_on_notscanned’ is taken into account to evaluate
further handling of the object. If action ’accept’ has been taken as a result of the three above action options or ’av_
enabled’ is disabled the object is accepted i.e. the access to the object is allowed. On the other hand if any of action
conguration options caused other than ’accept’ value, the object is blocked.
5.3. Samples Submission System
Sample submission system is functionality that provides catching of the infected objects found by advanced
heuristics method and delivering these objects to the sample submission system server. All virus samples catched by
the sample submission system will be processed by the team of NOD32 virus laboratory department and consequently
added into the NOD32 virus database, if necessary.
NOTE: ACCORDING TO OUR LICENSE AGREEMENT, BY ENABLING SAMPLE SUBMISSION SYSTEM YOU ARE AGREEING
TO ALLOW THE COMPUTER AND/OR PLATFORM ON WHICH THE NOD32D IS INSTALLED TO COLLECT DATA (WHICH MAY
INCLUDE PERSONAL INFORMATION ABOUT YOU AND/OR THE USER OF THE COMPUTER) AND SAMPLES OF NEWLY
DETECTED VIRUSES OR OTHER THREATS AND SEND THEM TO OUR VIRUS LAB. THIS FEATURE IS TURNED OFF BY DEFAULT.
WEWILL ONLY USE THIS INFORMATION AND DATA TO STUDY THE THREAT AND WILL TAKE REASONABLE STEPS TO PRESERVE
THE CONFIDENTIALITY OF SUCH INFORMATION.
In order to turn on this feature, enable both parameters ’samples_enabled’ and ’samples_send_enabled’ in global
section of main conguration le.
ThreatSense.NET technology is able to send infected samples also via http proxy server with basic authentication.
See the nod32d manual page for details.
chapter 5 / Important NOD32LFS/NOD32BFS Mechanisms
Figure 5-1. Scheme of Handle Object Policy mechanism.
accept defer, discard, reject
action_on_processed
object not accepted
NO YES
av_enabled
accept defer, discard, reject
action_on_infected
action_on_uncleanable
action_on_notscanned
object not accepted
object accepted
To Next Page
Loading...
Need help?
General
