Jump to content
P220ST

First Chance Prevention: difference in startup/shutdown?

Recommended Posts

Presently, I have Real Time Protection enabled as well as First Chance Prevention. Is it redundant to run First Chance Prevention both on system shutdown, then again on system startup?

My question stems from the fact that I don't understand if there are discrete types of malicious apps: ones that execute only during system shutdown while others execute only during system startup.

Or, is the starup/shutdown option with First Chance Prevention a matter of personal preference as to where you prefer your slower operation?

Thanks,

-P220ST

Share this post


Link to post
Share on other sites
Presently, I have Real Time Protection enabled as well as First Chance Prevention. Is it redundant to run First Chance Prevention both on system shutdown, then again on system startup?

My question stems from the fact that I don't understand if there are discrete types of malicious apps: ones that execute only during system shutdown while others execute only during system startup.

Or, is the starup/shutdown option with First Chance Prevention a matter of personal preference as to where you prefer your slower operation?

Thanks,

-P220ST

The scan on shutdown can "catch" applications that fresh write themselves out and may not be "hooked" into the system, but could load before us on startup - that is why we provide both options to scan on startup and shutdown.

Share this post


Link to post
Share on other sites

SAS - Thank you so much for taking the time to write. BTW, I use Windows XP-Pro. When you say

fresh write themselves out and may not be "hooked" into the system
is that synonymous with no longer operating from the NT kernel (the unhooked aspect)? Which leads me to two questions:

1. is my level of protection higher with both options (startup and shutdown) enabled?

2. is there any sense or logic to layering SAS with something else that operates from within the NT kernel?

My computer's running smoothly, appears well protected and my memory footprint (versus Spy Sweeper) is cut almost in half from 7MB to 3.7MB (idle w/RTP enabled). Got to love that.

Thanks,

-P220ST

Share this post


Link to post
Share on other sites
SAS - Thank you so much for taking the time to write. BTW, I use Windows XP-Pro. When you say
fresh write themselves out and may not be "hooked" into the system
is that synonymous with no longer operating from the NT kernel (the unhooked aspect)? Which leads me to two questions:

1. is my level of protection higher with both options (startup and shutdown) enabled?

2. is there any sense or logic to layering SAS with something else that operates from within the NT kernel?

My computer's running smoothly, appears well protected and my memory footprint (versus Spy Sweeper) is cut almost in half from 7MB to 3.7MB (idle w/RTP enabled). Got to love that.

Thanks,

-P220ST

You are better protected doing the startup and shutdown scanning. Our startup scanning operates before most things load - it never hurts to have layers of protection, as no progam will ever be able to catch everything on a given day.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×