real time file protection crippling windows update

Discussion in 'ESET NOD32 Antivirus' started by chrcol, Sep 16, 2009.

Thread Status:
Not open for further replies.
  1. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    I used to run nod32 2.7 without realtime file scanning but did use IMON. Today I upgraded to v4 and then ran windows update for this month.

    I am running windows XP 32bit with SP3

    It downloads the windows update files and then applies the patches.

    The http scanner scans the files as they downloaded without any noticeable problem.

    I then noticed the apply part going very slowly, so looked at the statistics part of nod32 and seen it scanning things like inf files at very slow speeds (about 2 or 3 inf files per second), task manager showed ekrn.exe maxed out cpu utilisation and the overall speed of the updates was severely compromised in my view. When I unticked real time protection box the rest of the updates flew by.

    Is this typical behaviour for real time protection and windows updates?

    PC spec if anyone is thinking it some crappy 486 or something is 4 gig ram (3 gig useable) core 2 duo 6420 and raptor hdd.
     
  2. bradtech

    bradtech Guest


    Are you using the default NOD32 settings?
     
  3. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    I was at the time yes. basically I installed and left it, decided to give it a chance and would keep full protection enabled if no performance impact, unfortenatly it wasn't the case.

    Right now the settings I have since changed are.

    to always prompt me when a positive is found, rather than auto fix.
    enable ssl http/pop scanning.
    some update settings such as to auto disconnect from update server when done and my username/password.
    disabled real time file scanning.
     
  4. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Any time your installing something big like a large game, or updates or service packs, you ALLWAYs right click and shut down your antivirus protection temporarily, or else besides the fact it will slow to a crawl, you also stand a 50% chance of the install screwing up or otherwise something getting corrupt because of constant interuption from the scanning process.This includes and should also be done for installing large programs like microsoft office suites.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You might want to set size limits for archives. V2 didn't scan larger archives, v4 enables to set the limits yourself. Of course, any limits you set will make scanning less secure as threats may slip through in larger archives.
     
  6. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    ok so I guess normal behaviour then with windows update been large files usually.

    is the http scanning as good as it was in nod32 2.7 IMON? if yes I will be happy just using that.

    What setting would you reccomend for max size of scanning?
     
  7. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    hmm, ok I am still using v4 as before but just had to turn of the https scanning. Shame really as thought was a good new feature over v2.

    A billing page wouldnt work with it, even when I added it to the exception list, I had to disable https scanning completely.

    As I understand it, if I skip checking of large archives, the files inside would still be scanned if extracted (since new files created on disk). The risk would be if executing a file directly from the archive?
     
  8. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    ok discovered a couple of things.

    1 - seems when upgrading nod32 I was supposed to reboot twice, nothing telling me to do this but I read about it here, I checked device manager hidden files and see a nod32drv device that is not working, I guess due to not doing the double reboot. also same for nod32 kernel service. This is the error.

    Currently, this hardware device is not connected to the computer. (Code 45)

    2 - it seems a bunch of files are supposed to be excluded in relation to windows update as reccomended by microsoft here.

    http://support.microsoft.com/kb/822158

    many people here have misreported these to be for server OS versions only but microsoft list windows XP as one of the operating systems.

    So I have real scanning back on now with these exclusions and will see how things go next time I run windows update.
     
  9. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    guys on my laptop in win7 on the 4.0.467 build 64bit, and with the reccomended exclussions in place from microsoft, windows update was a smooth process. :)

    I have just updated my winxp 32bit box to 4.0.467 now.

    Also I did test this against microsoft's MSE on my laptop and in my view nod32 v4 beat it hands down. So not so negative now.
     
Thread Status:
Not open for further replies.