Simple General Questions V.5

[mike21]

Hello, I am using windows 7 x64 and I am trying since yesterday the new Eset Smart Security 5. I have some very straightforward questions (I hope)

1. I want to permanently disable (forever) Web access protection, Email client protection and Antispam protection. How do I do this without the tray icon becomes orange and how to stop the (!) notification when I exit the screen saver. I want the tray icon (if possible) to show that I am protected, eventhough I disabled the whole "web and email" protection. FYI the "Web access protection" now shows "Non-functional" instead of Disabled and Email protection & Antispam protection show "Disabled".

2. I want the AV to scan all files when they are opened and not when they are created. I go advanced setup>Real-time file system protection>scan on> and then I disable the "File Creation" option. Is it enough? Because I want absolutely no scan on my downloads or files creation and only when these are launched to be scanned. Also in the same options window, what is the difference between Scan on "File open" and Scan on "File execution"? Isn't the opened file executed? Can you clarify?

3. Archives: I want to not real-time scan archives. How do I disable it? I went to advanced options>real-time file system protection>ThreatSense parameter setup>extensions and from there I made sure that the "zip" and "rar" extensions are not in the list. Is it enough to disable the scanning of archives?

BTW the new HIPS function is really powerful, it reminds me of Malware Defender. Congrats for that.

[Marcos]

Quote:

Originally Posted by mike21

1. I want to permanently disable (forever) Web access protection, Email client protection and Antispam protection. How do I do this without the tray icon becomes orange and how to stop the (!) notification when I exit the screen saver. I want the tray icon (if possible) to show that I am protected, eventhough I disabled the whole "web and email" protection. FYI the "Web access protection" now shows "Non-functional" instead of Disabled and Email protection & Antispam protection show "Disabled".

This behavior is correct. By disabling web access protection you significantly lower the overall protection against Internet-born threats and expose the computer at reasonably high risk.

Quote:

2. I want the AV to scan all files when they are opened and not when they are created. I go advanced setup>Real-time file system protection>scan on> and then I disable the "File Creation" option. Is it enough? Because I want absolutely no scan on my downloads or files creation and only when these are launched to be scanned. Also in the same options window, what is the difference between Scan on "File open" and Scan on "File execution"? Isn't the opened file executed? Can you clarify?

Again, disabling any of the options exposes your computer at risk. If you disable scan on open but only leave scan on execution enabled, for instance malicious dlls could be loaded without being detected.

Quote:

3. Archives: I want to not real-time scan archives. How do I disable it? I went to advanced options>real-time file system protection>ThreatSense parameter setup>extensions and from there I made sure that the "zip" and "rar" extensions are not in the list. Is it enough to disable the scanning of archives?

Real-time protection does not scan archives with the exception of self-extracting archives that are only scanned upon creation.

Quote:

BTW the new HIPS function is really powerful, it reminds me of Malware Defender.

HIPS is subject to further development. I've created a couple of very basic rules that protects me from running malicious files unwittingly and that would prompt me when something was attempting to inject a dll into a running process or to change file associations.

[mike21]

Hi Macros and thanks for your detailed reply.

Quote:

Originally Posted by Marcos

Again, disabling any of the options exposes your computer at risk. If you disable scan on open but only leave scan on execution enabled, for instance malicious dlls could be loaded without being detected.

Real-time protection does not scan archives with the exception of self-extracting archives that are only scanned upon creation.

Please clarify, if I uncheck the checkbox "Scan on File Creation", I disable completely the scanning of newly created files (without them being opened) or I have to change another setting also?

[Marcos]

Quote:

Originally Posted by mike21

Please clarify, if I uncheck the checkbox "Scan on File Creation", I disable completely the scanning of newly created files (without them being opened) or I have to change another setting also?

That should suffice. However, wouldn't it be easier to disable the whole real-time protection than disabling just scanning "on create" which is essential ? Unfortunately, you haven't mentioned any reason why you want to limit ESET's detection and protection capabilities that much so I'm unable to give you any further hints.

[mike21]

Quote:

Originally Posted by Marcos

That should suffice. However, wouldn't it be easier to disable the whole real-time protection than disabling just scanning "on create" which is essential ? Unfortunately, you haven't mentioned any reason why you want to limit ESET's detection and protection capabilities that much so I'm unable to give you any further hints.

Thanks.

To tell you the true, I do not feel that its essential to scan files on creation. If I won't open/execute it, why should I care of what lies inside an archive file? NOD32 will eventually scan it if I decide to open it/execute it.

Just FYI I set up similarly my AVs years now, I do not suggest other users to do so, but I feel well protected this way, I never use Web-Scanning and File Creation Scanning.