ESET NOD32 Antivirus 9 Review - Close, but No Cigar
key review info
- Application: ESET NOD32 Antivirus 9.0.318.0
- Reviewed on:
- Redesigned UI
- (5 more, see all...)
ESET NOD32 Antivirus just got updated to version 9 a couple of days ago. Since we can't contain our excitement any longer, we're just going to dive into the application to explore the new and improved features.
Developed to protect computers from all popular types of malware, this program features preset and custom scan profiles, advanced heuristics and configuration settings, web access, email client and anti-phishing protection, along with extra security tools.
As in the previous edition, you can enable or disable PUP (potentially unwanted programs) detection during setup. Installation is faster than before and an initial scan is auto-triggered 20 minutes after setup completion or reboot.
The interface got redesigned. The developer keeps the neatly organized structure that it has already familiarized us with, while trying to make ESET NOD32 Antivirus friendlier than before. We think it succeeded. This can be noticed by putting the configuration settings in contrast with version 8, for instance. The AV tool now has slide buttons for enabling and disabling features, along with tooltip descriptions next to each option.
The licensing model is different too, as the classical method with username and password required for activation is replaced with a license key. Plus, ESET NOD32 Antivirus improved its botnet protection component, in order to automatically allow network signatures quickly detect and block malicious traffic related to bots and exploit packs, thus eliminating user intervention.
Other than that, it implements a troubleshooting wizard for resolving firewall issues with specific programs or devices, which suggests a new set of rules. A dynamic help documentation available online jumps to the page of your current location in the GUI. Right-to-left languages, such as Hebrew or Arabic, are now supported.
Predefined and custom scan profiles
There are multiple scan profiles available. The preset ones cannot be modified and they instruct ESET NOD32 Antivirus to check all local disks, or removable media devices like USB, CD and DVD. The custom profiles make room for customization when it comes to the settings of the smart, contextual or in-depth scan.
ThreatSense represents a proprietary technology that combines various threat detection methods and detects yet unknown malware in its early development stages. It's possible to modify its parameters to tell the antivirus application the types of objects to scan (operating memory, boot sectors, emails, archives, self-extracting archives, packets, alternate data streams), to analyze the activity of programs (regular heuristics and ESET's), as well as to prompt for action or auto-clean on malware detection.
Furthermore, you can exclude files by extension, run background scans with low priority to favor resources consumption, log all objects, enable smart optimization (ESET's recommended settings), or keep the original file access timestamp. Other options focus on limiting object and archive size.
Real-time, idle-state, and startup scan
The ThreatSense preferences can be separately customized for the real-time protection guard, in addition to the types of media to scan (local and network drives, removable media), as well as events (file open, creation or execution, removable media access, PC shutdown).
Scans may be scheduled to autorun when the computer is idle. Aside from the ThreatSense parameters, you can ask the tool to run even if the laptop is powered by battery, the computer is locked, the user logs off, or the screensaver is launched. Idle-state scanning activity can be logged to file.
Since ESET NOD32 Antivirus autoruns at every Windows boot to continuously protect your computer from viruses, worms, Trojans, rootkits, adware, spyware and packets, along with potentially unwanted and unsafe applications, the startup scan mode can have personalized ThreatSense settings too.
HIPS and document protection
HIPS (Host-based Intrusion Prevention System) uses advanced behavioral analysis to filter the network and monitor running processes, files and registry keys for suspicious activity. It's not a firewall and it's separated from the real-time guard.
By default, this module is enabled, along with the advanced memory scanner, exploit blocker, and self-defense mode that prevents malware from attempting to disable ESET NOD32 Antivirus. Further adjustments can be made to the HIPS filtering, by turning on automatic mode (enabled operations), smart mode (receive notifications on suspicious events only), interactive mode (receive prompts to confirm operations), policy-based mode (blocked operations), or learning mode (set rules after each operation).
The software utility integrates a security feature that scans Microsoft Office documents before opening them, along with files auto-downloaded by Internet Explorer (like ActiveX objects).
Web access, email client, and anti-phishing protection
Internet protection is facilitated for web access, email clients, and anti-phishing. Apart from the fact that any of the three components can be disabled, you can deactivate HTTP and HTTPS verification, change ports used by HTTPS, configure ThreatSense, and manage a list with allowed and blocked addresses, along with URLs excluded from checkups.
The email client guard can be integrated with Microsoft Outlook, Outlook Express, Windows Mail, and Windows Live Mail. It's enabled for sent, received and read email, together with IMAP, IMAPS, POP3 and POP3S. Infected messages can be auto-deleted or moved to another folder after appending notes to the email subject.
ESET NOD32 Antivirus provides logs about important program events, reputation of running processes based on popularity among other ESET users, threat and spam statistics, and graphs with file system activity in real time (read and written data). A manager lets you disable ESET tasks or create new ones for running external apps or log maintenance, checking files at system startup, creating a snapshot with the PC status, executing on-demand scans or the first scan, as well as updating.
Moreover, it can analyze the system to create detailed reports about running processes, network connections, important registry entries, services, drivers, critical files, system scheduled tasks, system information, and file details. You can download ESET SysRescue Live (free) to remove malware from heavily infected machines using a CD, DVD or USB, as well as investigate, delete or restore quarantine files.
Measuring malware detection ratio, scan speed, and resources usage
We tested ESET NOD32 Antivirus 9 on an Intel Core i5-3470 CPU @ 3.20Ghz, 12GB RAM and 465GB Seagate ST500DM002-1BD142, running Windows 10 Pro.
To measure malware detection ratio, we asked the tool to scan a 687MB folder with 5,000 malware files and maximized ThreatSense settings (for the custom and real-time scanners). The real-time protection module had an excellent response time and started removing files at incredible speed. In the end, 1,030 malware files were left undetected by the program, which means that it was 79,4% successful in malware detection.
To test scan speed and resources usage, we asked the tool to scan a 10GB drive with default settings. The task was over in 4 minutes and 1 second, during which ESET NOD32 Antivirus used roughly 25,8% CPU and 2,6% RAM. When the program was idle, it used roughly 0,1% CPU and 2,7% RAM.
Although it has the same advanced settings as before, these are more approachable, thanks to how they're organized in the redesigned GUI, as well as the new dynamic online help guide that explains everything.
Any component can be enabled or disabled, including the real-time guard and ESET's scheduled tasks.
It has a gaming mode for silencing all notifications.
ESET NOD32 Antivirus excels at scan speed and resources consumption.
The price for a 1-year license for 1 PC stays the same: $39,99 / €29,95.
It takes a while to execute a pausing or canceling command.