Self protection in task manager?

Hi all, I'm running the latest version (or what I hope is the latest version) of NOD32 in the US 2.70.39 as the free trial. So far I love it, it frees up my system resources and appears to protect me fairly well.

One thing I've discovered is that it doesn't seem to protect itself from getting shut down by malware from the task manager. Near as I can tell both processes nod32kui.exe and nod32krn.exe are both able to be shut down just by going to end process.

If I can do it so easily, can't some sort of virus or other malware?

Is there an option I can check to enable it, short of installing a separate program that would do just that? (i'm trying to keep my running processes and CPU usage low)

I think I will keep nod32 regardless of what the answer is, but I'm thinking that could be an added benefit (as I'm sure someone has mentioned before). I'm using Comodo Firewall and I've noticed that can't be shut down from the task manager, at least not so simply (there might be another way, but as somewhat of a novice I'm clueless).


Thanks

psych

 

Hi !

NOD32 runs as a service (nod32krn.exe) and it cannot be totally stopped . Normally , when you press the "End Process" button , nod32krn.exe immediately regenerates so malware cannot stop it that way .

NOD32 is known to catch (either by signatures or with its powerful heuristics) all threats that have ever tried to disable it so if you don't turn it off manually you'll be OK .

Other vendors flaunts with their techniques of self-defence . NOD32 does have self-defence but it is not so special because no matter what kind of "self-protection" a softwate may have , any user that runs as admin or software with admin rights can disable or eliminate the programs . So "self-defence" is more marketing than real feauture , I believe .

As I said , no known threats that can disable NOD32 and remain live

 

Hey, I appreciate the quick response HiTech_boy. That answered my current question and then some.

Completely separate question, but does anyone know of any places where I can just throw fake viruses or something to see if Nod actually does stop them.. I just always like to be sure. I've already seen eicar but I can't dig up anything else.

Psych1610

 

www.virustotal.com

 

http://virusscan.jotti.org/


http://wiki.castlecops.com/Online_antivirus_scans

 

Guys, I think he's not looking for an online scanner, but for "demo" malware like the Eicar test.

Kaspersky has a few samples which include some malware-like beahvoiur at http://tav.kaspersky.fr/.

They're all detected by IMON using the Nod32 heuristics.

 

Trojan Simulator
www.misec.net/trojansimulator

I can give him real threats (detected by NOD32) if he wants to play

 

Cpt. Sparrow, you're exactly right I was looking for "demo" malware like what you mentioned I just couldn't think of the right way to say it. I apologize for the lack of clarity there. Appreciate all the responses.

psych1610