Quote Originally Posted by dj.turkmaster View Post
I have unchecked the option "Scan programs before they start" but live protection is still active. If it doesn't scan programs before they start, what does live protection actually do?

My second question is that I may check "Scan programs before they start" option, but I may leave the other two checkboxes (scan using AV and scan using AS) unchecked. What happens in this case?
Actually, the Scan using... checkboxes were intended to be removed in the final, but must have slipped through somehow. Scan using AS is the culprit that slows down a lot; using just Scan using AV, which is the default, it should be much faster. And without less protection - it scans just files really, but including AS files, and as soon as something was actually found, the additional full AS engine is included anyway (but doesn't need there when protecting starting apps). I apologize for that not having been removed from the user interface and the confusion it created!

With the Scan programs before they start checkbox unchecked, the Live Protection is still in place, but will simply allow programs to be started without any delays. This will come in useful in a later release when the Live Protection will not just monitor process starts (e.g. we have Live Protection hooks ready for scanning downloads of the typical wininet.dll malware downloader stub type). Currently, it's mostly a fast (no reboot needed) on/off method.

The notification window will only appear if the scan takes longer than a certain time, meaning if you've got the AV option checked, but not the AS one, it won't usually appear.

You can control it using unofficial settings by changing these registry settings:
Code:
HKEY_CURRENT_USER\Software\Safer Networking Limited\Spybot - Search & Destroy 2\OnAccess\
ShowPopup = 0/1
PopupShowDelay = <number of milliseconds>
PopupMinimumDuration = <milliseconds>
Location = 0=nowhere, 1=top, 2=bottom, 3=top left, 4=top right, 5 = bottom left, 6 = bottom right
Some types of optimization:
  • OS whitelist checks - if a file to be scanned is known to us as belong to an OS (by hash, files analyzed and listed by us), it won't be scanned. This works only on English, German, partially french Windows releases currently (and others where the language is MUI only).
  • Software whitelist checks - we've got a growing list of analyzed "good" software. Files identified as such won't be scanned.
  • MRU background scans - when the system is idle, Spybot will check various lists of most recently used programs and scan these in the background. There's a Windows Scheduled Task you can use to fine-tune the schedule for this.
  • Chrome shouldn't delay since once a process has been scanned, unless it was modified, it won't be fully scanned again. Unless there are updates downloading in the background - with each updated file, the cache remembering the sessions results is cleared (new signatures might indentify something that was previously missed)!