Global sites
SolutionsProductsPurchaseDownloadPartnersSupportCompanyThreat Center
SupportFAQ
Knowledge Base
Technical InformationContact Technical Support
Antivirus Software NOD32 > Support > Knowledge Base

Knowledge Base

Print this page

AMON

 

DESCRIPTION

 

The AMON module is a residential (i.e. it runs in the operation memory all the time) antivirus monitor, which automatically checks files in the moment they are opened, downloaded, or created. This system allows detecting all viruses, right in the moment of opening. Furthermore, it also checks removable disks in the moment of opening a file stored on it. This operation utilizes all advanced methods of a file-scan based on using the virus signature databases and also heuristics.

 

It is very important to enable automatic startup of AMON and to stay up-to-date with the most current virus signature database. If you switch it off, your computer could easily become infected.

 

AMON setup

 

DETECTION

 

AMON is monitoring user’s actions and actions of the system, which may be potentially dangerous. We do not recommend changing the default configuration.

 

The Scan on setting group enables setting up actions, which will trigger the file scan.

 

Open - the files will be tested when attempting to open (edit, display) them.

 

Execute - executable files (applications) will be tested when trying to run them.

 

Create - new files will be tested in the moment of creating. This option avoids spreading of a virus over local network by copying files.

 

Media – enables to select media that will be scanned.

 

Scan boot sectors on - allows to set up actions, by which the boot sector testing will be initialized (the system sectors on your hard disk). It is very important to scan computer on shutdown, especially when an infected diskette is left in the floppy drive at the shutdown.

 

Extensions - displays a dialog window with the list of tested file extensions.

 

OPTIONS

 

The Options tab enables setting up the options of ThreatSense scanning technology.

 

In the Options section you can select the methods of testing used when accessing existing files.

 

Signatures - the virus detection using virus signature database

 

Heuristics - an algorithm searching for viruses that analyses actions of programs

 

Adware / Spyware / Riskware - detection of malware

 

Potentially dangerous applications - detection of applications, which can be used against the user

 

In the Additional options on create section, you can set up the methods that will be used when creating a new file. Because creating of a new file is rarer than accessing an existing one, using advanced, though slowermethods will not cause the slowdown of computer.

 

Runtime packers - allows testing of internally compressed executive files

 

Self-extracting archives - allows testing of compressed self-extracting archives

 

Advanced heuristics - an algorithm searching for dangerous internet applications using application action analysis

 

Note: Since Heuristics and Advanced heuristics complement each other, it is recommended to use both methods.

 

Optimize testing - the NOD32 antivirus system remembers the applications, which have been tested since the last startup. If content of the file didn’t change, it won’t be scanned again on open.

 

ACTIONS

 

The Actions tab provides actions to be performed with infiltrations (viruses) detected by the AMON module.

 

Prohibit access & show alert window with action options – after detecting a virus, NOD32 will disable access to it and a warning window will be displayed. In this window, user can choose an action to be performed. To edit the list of actions, click on the Security tab.

 

Prohibit access – after a virus is detected, NOD32 will terminate access for all applications to infiltrated file. The file itself cannot be executed as well.

 

Clean automatically – after detecting a virus, system will try to clean it (remove the virus). If a file cannot be disinfected, system will block the access to the file.

 

Move newly created files to Quarantine – check this checkbox to automatically place infected files to the Quarantine folder. This option allows keeping both the infected and also cleaned version of a file. To set up the Quarantine directory, click on the Advanced tab in the NOD32 Control Center. The default directory is C:\Program Files\ESET\Infected.

 

EXCLUSION

 

The Exclusions tab enables adding files, directories and boot sectors, which will not be tested by the antivirus system. It is not recommended to use this option, if your NOD32 antivirus system works without problems.

 

How to exclude an object from testing by AMON module? Follow next few steps.

  • Click on the Add ... button
  • Enter path to the requested file, or use the Folder / File buttons.
  • Select in the Add to list section, whether object will be excluded permanently, or temporarily.
  • If you mark a File / Directory as temporarily excluded from scanning, exclusion will be cancelled after next restart, or when manually removed from the list.

 

Default – cancels all exclusions.

 

SECURITY

 

In the Security tab, you can set up the basic actions of the AMON module.

 

Actions supported in warning window - actions, which are offered to user when displaying the warning window upon alert (when AMON finds an infected file).

 

In the File system monitor (AMON) startup section you can set up the conditions for initializing the residential protection.

 

Enable automatic startup of AMON – enables automatic start of the residential protection at the startup.

 

Allow manual stopping - allows disabling of the residential protection by user

 

Load file system monitor dynamically - enables initializing of the residential protection to the memory in older MS Windows versions after initializing other system drivers, which decreases the possibility of conflicts with the older operating systems. With newer versions of MS Windows this problem does not occur, therefore this option is not available.

 

Enable instant Virus database update - allows replacing the old virus database with a new one shortly after downloading it from the internet.

 

FREQUENTLY ASKED QUESTIONS

 

How can I temporarily turn AMON off?

 

Some applications require turning off the antivirus protection for their installation. Please be careful when turning off AMON, since you lose protection against viruses. That’s why it is not recommended to turn AMON off for a longer period. Please do not forget to start AMON immediately after.

 

How to turn AMON off:

  • Open the NOD32 Control Center panel by clicking on the white-green icon in the system tray.
  • Select AMON from the Threat Protection group of options.
  • In the right panel uncheck the checkbox File system monitor (AMON) enabled.
  • Turning off AMON will cause the change the color of green Control Center icon to red.

Important note:

Do not turn off AMON module by clicking the Stop button. This would completely take away the AMON driver from memory and some operation systems cannot apply the driver again without restarting.

 

AMON keeps on displaying information about number of infected files, even though they have been cleaned / deleted.

 

Because the counter of infiltrated files is refreshed after each computer restart, the total number of infiltrated files will be displayed in the status window until the computer will be restarted, even if you already cleaned or deleted the infected files.