Exclusions - Please help/advise

Discussion in 'ESET NOD32 Antivirus' started by Sunshine803, Dec 15, 2009.

Thread Status:
Not open for further replies.
  1. Sunshine803

    Sunshine803 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    38
    I am a bit confused when it comes to excluding something from NOD32 scanning and/or real-time monitoring/scanning.

    To make my questions clearer, let me define 2 words (in the context of my questions):
    SCAN=Go through a file sitting on the disk and check if it is infected
    MONITOR=Watch a process or executable program while it is active and stop it from doing anything that is not safe for my system

    I am using NOD32 (all options activated) together + Malwarebytes with active protection + Online Armor firewall. Given that I fully trust the above 3 programs, I would like to exclude each one of them from being MONITORED by the other two. I will restrict my question to the settings of NOD32.

    How can I get:
    1. NOD32 NOT to MONITOR the activities of the other two while they are active (they are always active)
    2. NOD32 to SCAN all contents of the folders of the other two when I do a complete in-depth system scan, ie NOT to exclude their folders from SCANNING.

    In the NOD32 manuals it is not clear what is 'excluded'. I can only 'think' it means exclude from SCANNING which is not what I want. I want to exclude them from MONITORING and include them in the SCANNING because I think I'll be saving on resources during normal, routine operations while I don't mind a few extra seconds (or minutes) in the in-depth scan.

    Same considerations would apply to any other trusted program, eg Photoshop. I would like NOD32 to SCAN all Photoshop components during the in-depth scan (in case something was infected), but I wouldn't like it to waste its time/resources on MONITORING every single process I initiate while working with Photoshop.

    I apologize if my understanding of the terminology (or of the NOD32 actions) is wrong. I'll be grateful for a clarification and advice.

    (FYI, Online Armor makes it clear that when you exclude a folder, all processes originated by any of the folder's contents are excluded from monitoring, ie they are marked as safe and instantly allowed)

    Thank you for your time and patience in reading and replying to this... :)
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello,

    Excluding files according to the article is keeping the real-time scanner from scanning them. This would be the same as the term monitoring. The on-demand scanner is configured by a different set of settings. You should add all the software you mentioned to the list of exclusions so they will perform better and when a scan is done, those directories will still be checked.

    I hope I have answered your question as clearly as possible. If not, let me know and I'll try again.
     
  3. Sunshine803

    Sunshine803 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    38
    Hi Wayne,
    Thanks for your reply which was perfectly clear.

    I added the MalwareBytes and Online Armor folders to the 'exclude' list of NOD32. I cannot really tell whether NOD32 is MONITORING the processes generated by programs running from within those two folders, but I'll take your word for it that it does not.

    However, as far as SCANNING is concerned, when I ask NOD32 to scan the two folders (through the contents menu) it gives me the result:

    Files read=0
    Errors found=0

    which is an obvious indication that it does not SCAN them. It seems that adding a folder to the 'exclude' list stops the folder from being MONITORED AND SCANNED. If indeed it is not MONITORED, I'll still be happy even at the expense of not having them SCANNED, hoping that those two folders are not likely to be infected by malware.

    Can I have your further thoughts on the subject please?
    Thanks :)
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Thread Status:
Not open for further replies.