DESCRIPTION

IMON is a multifunctional monitor based on Winsock level. While controlling, it uses advanced heuristics, which is very useful when detecting new infiltrations. The IMON module is used for:

1. Checking e-mails received by POP3 protocol. IMON works is fully compatible with any POP3 client with no need of further configuration. Possible infiltrations are detected before they can get to the e-mail client. When receiving an infiltrated e-mail, a pop-up window displays. The window shows, what actions can be performed (this applies to the default configuration, but IMON can be set up to perform actions automatically). By default, IMON changes “Subject” of infiltrated e-mail – it inserts information about infiltration in front of the original subject. This feature can be also useful if you set up a filter in your e-mail client (e.g. your e-mail client may be set up to delete all messages with information from IMON in subjects of e-mails).

2. Controlling HTTP communication

3. Blocking exploits made by some worms (e.g. Lovsan, Nachi, Red Code and many others without needing to have the appropriate patch installed). This feature is by default turned on. In the IMON Setup tab you can set up logging intrusion to the virus log.

The IMON module works in two basic modes: “active” and “passive”. In passive mode, IMON continuously transfers parts of currently downloaded files to the target application, and saves a temporary copy for itself. After last part is downloaded, IMON scans the file. When an infiltration is found, IMON displays a warning window and terminates connection. The disadvantage of this method is that already transferred part of file may contain essential part of the harmful file. In addition, when the application repeatedly attempts to download the infected file, it can use already downloaded part of the file and download only the “rest”, which might be considered as not being harmful.

In active mode, IMON downloads and scans whole files and only after that transfers them to target applications. This method is more secure, because in case of infiltration no data will be transferred. The disadvantage is that the application does not get at once, so it can not display the download process correctly (that’s why IMON display a download process longer than 5 seconds in a separate dialog window). In addition, this mode is not fully compatible with some data types (e.g. multimedia) that require data streams.

Important note: The IMON module is compatible with server solutions. On servers, it can cause various conflicts. It is recommended to turn IMON off using the Quit button.

IMON module settings

POP3

The POP3 tab enables to set up scanning email received through the POP3 protocol.

Enable IMON email checking – check this check box to turn on/off scanning of email received through the POP3 protocol.

Ports used by the POP3 protocol – ports used by the POP3 protocol (delimited by a comma, semicolon or space).

Checked email confirmations – in this section you can choose, what confirmation will be appended to scanned and infected messages. In the section Append tag messages to email you can set up, whether a message confirming that email was scanned by the NOD32 antivirus System. You can choose No notification, Infected email only, All email. Also, you can Modify the subject of infected email with the string: – if enabled, IMON will insert the string specified in front of the original subject of each infected email (%VirusName% - a default value - is a variable and represents the name of the virus detected). In your email client, you can set up a filter (if supported) that will move such emails to a special folder.

Compatibility setup – the Setup button in the Compatibility Setup frame invokes a dialog window where you can adjust the way IMON interacts with email clients. Use this option only in case you experience problems receiving email with your mail client.. 

HTTP

The HTTP tab enables to set scanning all traffic through HTTP (web sites).

Enable HTTP checking – it if enabled, all traffic through HTTP is scanned.

Ports used by HTTP protocol – a list of ports used by the HTTP protocol (delimited by a comma, semicolon or space).

Automatically detect HTTP communication on other ports – enables automatic detection of HTTP communication also on other than the ports specified. The HTTP communication may depend on selected web site – that’s why it is recommended to control all ports.

Actions – In the Actions section you can specify how IMON will act if an incoming infiltration from the Internet is detected.

Client compatibility – displays a list of e-mail clients used on your computer.

Server compatibility – displays a list of internet sites.

Larger file download settings – in this frame you can set up criteria for switching to passive mode. 

MISCELLANOUS

The Miscellaneous tab provides further options common for all modules integrated in IMON.

Internet filter – in this frame you can enable the feature Log intrusion attempts to the virus log. Any attempt to infiltrate the computer will be recorded and listed in the virus log. Some infiltrations attempt to exploit bugs in the operating system by attacking ports of the computer. Disabling this option will not disable the packet worm scanner as such – only its logging.

Network configuration changes – by default, the option Automatically detect changes in network configuration and repair necessary settings is enabled, i.e. IMON automatically adapts to new situations.

Exclusion – click on the Edit button to display a list of applications excluded from scanning by the IMON module.

Display – You can move the slider to adjust the window transparency of a window with the information on file’s download process.

Scanner – click on the Setup button to display Scanner setup window.

Website access blocking – (by default enabled) - access to the websites known to contain only malicious code is automatically denied.