Excluding HTTP Sites from NOD32 Version 3.0

Mark Berry June 2, 2009

I’m running NOD32 Antivirus Business Edition version 3.0.684.0.

Zenith Infotech monitoring sometimes downloads files that trip NOD32’s HTTP filter (e.g. SpyBot and BitDefender executables). Zenith recommends excluding “update.itsupport247.net” from antivirus scanning. It’s not hard to do in NOD32, but it is hard to find someone who knows how to do it!

Here’s the basic procedure:

1. Open the NOD32 client interface and press F5 to load the Advanced dialog. Navigate to Antivirus and antispyware > Web access protection > HTTP > Excluded addresses.
2. Add “update.itsupport247.net/*” to the list.

Note:  do not put “http://” in front of the address, but do put “/* ” after it! If you forget the “/*”, the exclusion won’t work:  NOD32 will block Zenith from downloading files.

Deploy Using ESET Remote Administrator Console

Want to deploy that from a configuration file? Here is where things really get strange.

First, even though you don’t own the firewall product, to set up an HTTP exclusion, open the ESET Configuration Editor and navigate to ESET Smart Security, ESET NOD32 Antivirus > Personal firewall > Setup > List of URL addresses excluded from filtering. Click on Edit to add “update.itsupport247.net/*”.

The problem is, when you deploy that, the exclusion will not show up in the client’s user interface if that client has never had an HTTP exclusion. However, if you first set up any HTTP exclusion on the client, then deploy the correct exclusion from the ESET Remote Administrator Console, the correct exclusion will appear on the client.

I have not been able to figure out why the exclusions don’t appear until one is first added to the client. But hopefully, with that annoying manual effort, the exclusion will at least work and allow the clients to download the Zenith updates as necessary.