NOD32 2.7 and Vista - Anti Stealth Technology

I *think* the reason is because the full scan (if using Blackguard's settings) is spawned by the nod32krn process, which has elevated permissions when it starts at bootup. When you launch an on-demand scan, you're initiating the process yourself as a limited user (which is why certain functions won't work on that type of scan).

Could someone more knowledgeable confirm this?

 

This has not much to do with limited account.
Always "user does not have administrator priviledges" bla bla, even I am logged in as administrator... every other program popup UAC if needed, why can Nod32 not do that?

 

No, I agree with you on that - It would be nice if it gave you the popup. I just think that's the reason why its happening.

Having said that, one reason it may not is for corporate / network customers; I'm pretty sure you can lock Vista down so you don't get UAC messages. If NOD32's on-demand scanning required elevated privileges, it wouldn't run in those circumstances. And if you build in logic to check for both -- Well, now we run into the tradeoff of that kind of flexibility vs. the super-small footprint it has.

 

Just to be sure though -- Could someone confirm the real-time scanners ARE running Anti-Stealth (i.e. the kernel process) at all times? When I run an on-demand scan I'm just looking for viruses in files. My real-time and full scans are where I want to check for spyware etc; If its doing that (which I hope someone can confirm) in Vista I'm golden.

 

Yes , it does . Anti-stealth technology runs perfectly in AMON and in the full on-demand scanner . It does scan even for (active and passive) rootkints in real-time .