Port Explorer v1.200 and NOD32

Pitbull,
The resident part of Nod32 (ie. amon.exe) is an extremely aggressive resident scanner - it basically scans everything on your system immediately upon access. The advantage of this is that virus detection is very fast and thus decreases the likelihood of infection - the virus would usually be detected as soon as a file has finished downloading, or as soon as you click on a file. The disadvantage is that because it has so many 'triggers' which activate the scanner, the scanner is nearly always at work, leading to system and app slowdown/lack of response (no mouse movement, etc), and problems in some other cases. On a Pentium test system here even poor old explorer.exe was having a hard time, and it seems setup/install programs also have a rocky ride.

The problem relating to Port Explorer was due to amon.exe scanning a couple of Port Explorer's DLL files basically every second or so, as Port Explorer was accessing them every refresh, which brought the speed of Port Explorer down to a slow grind. We've managed to find a workaround for this by where Nod32 only scans PE at startup so PE runs smoothly after that. It's not exactly solving the problem - it's more avoiding the problem... - but we can only modify PE, not Nod32. I'd be very surprised if Port Explorer is the only program that has problems with amon.exe, but tonight/tomorrows release should fix all Nod32-related issues with Port Explorer.

Pitbull, I can't give you a reason why Nod32 would be scanning autoexec.bat repeatedly, but if it's scanning smc.exe repeatedly then it's almost certainly the same issue as the one we had - smc.exe would simply be accessing the same file(s) every second or so (use Sysinternals freeware Filemon utility to verify), and with every access comes a scan, even if the file has been scanned only one second earlier.

Best regards,
Wayne

[Edit - also note that you can add smc.exe and Port Explorer to Nod32's scan exclusion list - Phil reported that this solved the problem on his system, but if you don't want to do that then just wait for tonight/tomorrows update of Port Explorer]

 

That's great news, Wayne. Looking forward to the update. Also, many thanks to both you and Jason for the assistance provided via email on this and other issues. That's what I call FIRST CLASS support.

Phil

 

That's certainly a great explanation. As many TDS and PE users also are using NOD32 this info and work around will help many people!
Thanks again a lot.
Hope to read your results with the new update too Phil and all the others.

 

Here is a list of programmes that I have in my NOD32 exclude list.
I found the first three of these before the PE problem appeared.

Sygate Firewall - SMC.exe
WinMX - winmx.exe
sysem32 - DMDBG.dll - Not sure what process this is (have not looked )
Sytem32 - PSAPI.dll
And I have the PE directory excluded.

Win XP Pro, AMD2200+

NOD32 (AMON) now uses negligable resources resources

 

Yes yes yes, the new 1,25 works for me.

bibbe

 

Hi Jooske,

general question: I enjoy this forum but it takes a lot of time to read the different
threads concerning some major problems f.e. with PE.

Why not a temporarely helpfile to download / to actualize with known conflicts
under chapter "Troubleshooting" ?
Of course only with these programs everyone should have on his system like
virus-scanner etc.
I am using NOD32 too.So I read every posting here and copied the tips to try out
wether it helps.
What about a summery from you diamond-master-brains ?

-Hank-

 

Working on a TDS- SS3 script with direct brain tapping connected to Wayne, Jason and Gavin on a 24/7 basis, but we're not experienced enough to succeed yet.
But they fill in that gap rather well themselves with frequenting the various forums and posting adequately.

There is a part in the PE - Helpfile about troubleshooting; not sure what has been solved between this thread for originally version 1.200 and nthe current 1.350 in relation to your possible items; hope all is well at the moment.
Wondering how the former NOD32 - relation to PE will be now also NOD32 came with a new beta.

You might have seen Jason's later recommendation for installing a new PE version not to uninstall but leave that part to the new version install. Sounds great of course, and i do hope it works fine that way in case of trouble with other programs......
Thought there was some actualisation on the PE site on problems as well?

 

The NOD32 problems have been fixed in Port Explorer since v1.200
-Jason-