Real-Time Exlcusions & Indexers, Defender, etc.

Discussion in 'ESET NOD32 Antivirus' started by Alec, Jul 24, 2008.

Thread Status:
Not open for further replies.
  1. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    My understanding is that real-time protection will scan a file anytime one is created, opened, or executed. My concern is with programs like Microsoft's search indexer, Windows Defender, other security scanning utilities, etc. These programs likely have to open nearly every file on the PC in order to perform their respective tasks. Aren't they forcing NOD32 real-time protection to kick-in every time too? This seems like somewhat needless overhead to me.

    I know that you can configure exclusions for the real-time protection; but, as I understand it, these exclusions function only to exclude those specific files and/or directories from being scanned by the real-time engine. The exclusions don't function in a way that they completely exempt another executable and it's activities from scanning when that said other executable does it's thing. For example, if I enter "C:\Windows\System32\SearchIndexer.exe" in the Exclusions list, will it exempt only those accesses to that specific file from real-time scanning, or will it exempt all accesses made by that executable from scanning?

    I would like to prevent the added overhead of NOD32 from kicking in, whenever the indexer kicks in, as this seems somewhat superfluous to me. Moreover, this leads to a bigger question in my mind... is it really a big security risk to require an AV scan on just a file open? It seems like file execution would have to be involved in 99+% of active AV threats? Yes, I'm aware of things like the jpeg vulnerability, but from my perspective that seems to be the exception and not the rule.

    Am I misunderstanding something? Is the overhead really that negligible that I shouldn't even worry about it? Are file open's really that risky?
     
  2. mongatu

    mongatu Registered Member

    Joined:
    May 19, 2007
    Posts:
    36
    I don't know the answer to your "overhead" question, but it is my understanding that once one adds a file or folder to ESET's exclusions, it will not be scanned at all even if one manually attempt to directly scan it. If I am wrong about this, I hope someone will correct me.
     
    Last edited: Jul 25, 2008
Thread Status:
Not open for further replies.