Running NOD32 AV and Shadow Defender

Soon, I will either renew my NOD32 subscription or go with Avira Premium. Regarding running SD and NOD together, what folders do I need to exclude for NOD and thanks for your help.

Gary

 

Exclude just the NOD32 program folder will do

 

Thank you much.

Gary

 

Can same be done with SUPERAntiSpyware and Malwarebytes' Anti-Malware ?

Will it work? To exclude their folders and update?



And, is this better solution to exclude the folders of AV(Nod, etc) and/or Antispyware programs instead of exiting SD, reboot, update the definitions and then enter in shadow mode.

Thanks.

 

Hi there,

Your first question: Yes, It can.

Your second question:Yes, if it is done properly.

Your third question is interesting as it is the best way to check if it works (if it doesn't work, it means you've made a mistake in the exclusion tab): Say you exclude Nod32, when you are in shadow mode try to update it manually, once it is done, reboot into normal mode and try to update Nod32 again, if it's says no updates are available, it means your exclusion list works.

Keep in mind that updating any antimalware in shadow mode is not so urgent as when you are in normal mode. Virtualizers should shield you from 99% of malware, leaving you vulnerable with trojans phoning home during the time you are virtualized (in other words your privacy might be compromised).

 

Hi Osaban

Thanks for your reply.

I know that updating antimalware is not so urgent, but my point was another.

Let's suppose i want to stay shadowed all the time.

Besides daily AV update, i want to update it this case let's say SUPERAntiSpyware and Malwarebytes' Anti-Malware.
Their updates shouldn't be on a daily basis but on a 1-3 days dependence.

After couple of weeks ( 10-15) days i will do a restore with my imaging programs.

In the first scenario when i'm in shadow mode i only update AV and AS with exclusion list and nothing can get on my PC, if i'm not installing anything.

It's proven that exclusion of AV and AS it's working? And most important thing: Is it safe?
I mean can this folders be attacked or this is highly unlikely.

Where does AV and AS programs store their definitions updates?
Is it in their installation folder in program files.

For the second scenario: My meaning of interpretation of exit shadow mode, reboot, update and enter again in shadow mode was can something happen it those 10-15 minutes for the update of AV and AS ?

Let's say some internet attack, some infection or something similar that can compromise clean state of my PC?


I see that you too have SD so, would like to hear your experience about updating security programs with exclusion list and not exiting shadow mode?
Can you tell me something more about that?

And anyone else experience will be appreciated.

 

Renegade08, Luckily there was an avira update that mine had not picked up yet on its scheduled update. So I placed C:\program files\avira\* in SD Exclusion list; Went into shadow mode did update and rebooted and the update went through. I guess it would be the same for other AVs or programs. I learned something new myself.

 

There is no system that is 100% safe. Antivirus by themselves can give you 99% security of KNOWN malware. AVs + virtualizers/sandboxes can give you 99.9 % of KNOWN AND UNKNOWN malware. There are a few nasties designed specifically for virtualizers, but they are usually neutralized by the AV.

I have used for years ShadowUser(similar to Shadow Defender) + NOD32 with XP, Nod has always updated in shadowmode. I'm using Shadow Defender + Avira, and Avira updates in shadow mode (obviously putting Avira's folder in the exclusion list).

My approach to shadow mode is that I prefer regular reboots (2-3 daily, exiting shadowmode) as a further precaution against undetected malware. Particularly if I'm using my credit card (Start my computer, enter shadow mode, use very quickly my credit card, exit and reboot my computer).

As for the AV folder being attacked successfully because it's not shadowed, I don't see any dire consequences as the AV can be disabled, but everything else is shadowed.

 

It all depends on the user. I like to make use of the exclusion list. And it's probably the best way to go if you know users with little computer knowledge will be using the computer. You don't want them having to go through this time consuming process. Let alone having to constantly remind them how to..

I think you'd be safer updating in Shadow Mode where most of your files would be protected ,simple reboot will rid of any nasty (just hope they don't get into your excluded folders). Whereas regular mode you'd be more exposed.