My understanding is that real-time protection will scan a file anytime one is created, opened, or executed. My concern is with programs like Microsoft's search indexer, Windows Defender, other security scanning utilities, etc. These programs likely have to open nearly every file on the PC in order to perform their respective tasks. Aren't they forcing NOD32 real-time protection to kick-in every time too? This seems like somewhat needless overhead to me. I know that you can configure exclusions for the real-time protection; but, as I understand it, these exclusions function only to exclude those specific files and/or directories from being scanned by the real-time engine. The exclusions don't function in a way that they completely exempt another executable and it's activities from scanning when that said other executable does it's thing. For example, if I enter "C:\Windows\System32\SearchIndexer.exe" in the Exclusions list, will it exempt only those accesses to that specific file from real-time scanning, or will it exempt all accesses made by that executable from scanning? I would like to prevent the added overhead of NOD32 from kicking in, whenever the indexer kicks in, as this seems somewhat superfluous to me. Moreover, this leads to a bigger question in my mind... is it really a big security risk to require an AV scan on just a file open? It seems like file execution would have to be involved in 99+% of active AV threats? Yes, I'm aware of things like the jpeg vulnerability, but from my perspective that seems to be the exception and not the rule. Am I misunderstanding something? Is the overhead really that negligible that I shouldn't even worry about it? Are file open's really that risky?