Real Time Scanning Conflict Question

Discussion in 'NOD32 version 2 Forum' started by Escalader, Sep 27, 2009.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello:

    Background Information

    I currently use Outpost Firewall Pro 2009 (OP). During OP's normal install process it detects Nod32 2.7 and then defers to Nod32 for real time scanning protection.So OP defers it's own real time antispyware tool in favour of Nod32.
    time antispyware product defers to a specific real time antivirus product.

    My Question is to Eset ( nod32 2.7)

    Since the eset warning is for antivirus products can the user conclude that other NON AV real time scanners work in harmony with AMON?

    The fact that OP defers an ASW tool to the Real time AV make me think that OP believes the answer is NO.

    But for the sake of my SAS real time ASW product I would like Eset's official view on this matter.

    Comment

    The fact that some users say they do run more than 1 real time scanner with no impact is not convincing enough, as there could be conflict at a low level we would never notice. I would like the most effective possible zero conflict real time scanning set up as a goal.
     
  2. ASpace

    ASpace Guest

    It really doesn't matter if it is called Antivirus real time scanner or AntiSpyware real time scanner . If it is scanner , it is scanner and it doesn't matter if it will scan for worms/trojans and/or adware/riskware/hijackware , etc ..... simply because it is more or less the same - simple file/driver/service running , etc.

    It could be another antivirus or antispyware but they both have drivers loaded for their real-time protection operation .

    In order to ensure there are no conflicts , you must exclude all the files and folders of the (other) program + its drivers . For example - in AMON you could exclude all SAS folders and files + its drivers (you can check them with some utility like Autoruns or ESET SysInspector itself).

    You could do the same for SAS - exclude the ESET NOD32 folder + ESET drivers (files) that load on start-up
     
  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Thanks for the reply. FWIW I already have my 3 main security tools Nod32 2.7, OP FW Pro 2009 and SAS 4.29 mutually excluding each other. As you suggest, I will also check the drivers.

    But it is my understanding that all this does is prevent the tools from scanning each other's files and finding false positives or wasting time.

    The conflicts I am concerned about is when a set of real time scanners say Nod32 and SAS both attempt to scan other files just opening or being read NOT one of their own software files. My concern is that this file will be at a minimum read twice or worse in the dash to scan the file escapes all scanning. If that file is a trojan or a virus you see the point I'm sure.

    Anyway, I'm awaiting Eset's response.
     
  4. ASpace

    ASpace Guest

    Well , yes , you are right.

    Yep . Correct , again :) I have seen this situation numerous times (mostly in the past years) . F-prot and Panda installed together , attempt to run Eicar and have a look what's going on :D That is why it is recommended that you have only one real-time anti-virus/antimalware protection scanner at the same time .
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Thanks again.

    I have put this question to Eset directly and now wait for their comments on this matter.

    I would not be surprised if they confirm your 1 RT scanner only point. It's good to spend some time doing verification work/testing before drawing a conclusion. But I see how this is moving!

    But I can wait, a few days will not matter. FWIW, I only have one RT scanner running anyway.
     
  6. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello Thread:

    Well after reading many posts here and elsewhere and reviewing the feedback to the issue from 3 vendors, Agnitum, SAS, and Eset I have reached a "conclusion".

    To avoid conflict and speed problems and preserve realtime protection for my set up I will use only 1 RT Product at a time.

    So when OP defers to Eset and Avira and others for realtime protection they are indicating the best direction.

    Some say they do doubling of RT and I believe them BUT I have concluded it is unwise to attempt it. Pick 1 RT protector, maximize it and stick with it.

    So for me this means that although I could turn on 3 RT protection functions in 3 different products I only have 1 active.

    SAS real time OFF
    OP FW Pro 2009 real time OFF
    (Trial) Avira Antivir Premium real time guard ON and mail-guard ON heuristic at medium both settings ON.

    Your mileage may differ. :cool:
     
Thread Status:
Not open for further replies.