Timur Born

Yes, but scanning a million files is one of the tasks that *is* suitable for multithread processing. Here is a Full Scan of my C:\ (System + everything else) drive. ESET (initial scan): Windows Defender (on-demand Full Scan): Avira, Bitdefender and Kaspersky also do multi-threaded on-demand scans with much faster results than ESET. Not sure about the others (like Avast), as it has been some time ago that I checked them.

Unfortunately on-demand scanning (including the initial scan after installation) is still single-threaded and very slow in comparison (10-50 mb/s compared to 200-2000 mb/s for multi-threaded AV solutions). So that's something I will keep checking every few years.

I will check back in 2 years to see how ESET developed, while using another solution in the meantime.

Description : Default "Preserver last access timestamp" to enabled/on. Detail: There is little to no use in having last access timestamps of files be set to the last antivirus scan time, it provides us with no useful information while increasing disk utilization during scans. Furthermore having ESET overwrite last access times even removes useful information on when a file (like a document) was last accessed for real work. I appreciate that ESET offers an option to not overwrite last access times of scanned files, but this option should default to On, while currently it defaults to Off. What I don't know is: does enabling this option decrease disk utilization by System not having to write the timestamps to begin with, or does it even increase utilization by having to write the timestamps twice (first ESET scan and then restore to original)?

Description : Improve ESET update server capacities. Detail: Last week some connections to (some?) ESET update servers were abysmally slow, as in downloading at 0.01-0.1 mb/s while my internet line offers close to 13 mb/s. As a consequence download single update files took a *very* long time. According to e-mail support some major ESET module update caused high spikes, so the server/connectivity infrastructure should be improved to handle these spikes much better.

I just went through all windows again and curiously all windows that feature a "maximize" button are resizable today, even when it is quite difficult to hit their narrow 1 px border. When I tried this yesterday some (but not all) windows would not let me mouseover/hit their border in order to resize them, try as I might from all directions. So I change my suggestion to either increase the border size or offer a resize handle in the lower-right corner (and keep an eye on this one). There are some windows that are not resizable, though, and don't fit their content (115% scaling here). This is most problematic in windows featuring tabs at their top, like the Firewall rule window. Other windows not fitting their content: Network Attack Protection -> IDS Rules -> Add/Edit (only half a row missing) Web and Email -> Excluded Applications -> Add/Edit (only fits 5 rows of a scrollable list)

What is meant by "whitelisted" files in this context? I noticed that out of the 456 .exe files contained in the WSSC GUI (Nirsoft, Sysinternals) only those 5 are re-read after reboot that qualify as "potentially unsafe applications" (regardless of the respective settings and exceptions). All none exe files on my system seem to be re-read by ESET after each reboot, regardless of module updates. This includes all TTF (font) files, but also things like loading thousands of Lua addons files, hundreds of Toc files, dozends og TGA and font files when World of Warcraft is started for the first time after a reboot, plus NVidia and Battle.net client cache files. I assume that most of these files are only re-hashed instead of rescanned (analyzed)? But it's still re-reading of files that were already scanned when the PC was last turned on (or just before reboot a few minutes ago).

I understand the spinning platter situation, but modern systems don't use HDDs for system drives anymore. And even then, scanning network shares on my HDD based NAS is faster when done by multi-threaded AV products. All of my own and my customers' computers use SSDs for years already. Defender peaks at over 2500 mb/s during on-demand scans running 24 threads/files in parallel, meanwhile ESET is chugging along one file at a time. This should be brought up to more modern standards rather sooner than later. Furthermore large compressed archive files should be handled by multiple threads, too, especially for the uncompression part of the operation.

Description : Make all windows resizable. Detail: ESET is one of the few antivirus solutions that offer resizable windows for their UI and even meaningful columns/information in some list views (like firewall rules list). Unfortunately some windows only allow to be either fixed or maximized, but don't allow being resized via borders. Even worse, some windows' fixed size is just a little bit too small, so that scrolling is necessary for just 1-2 lines of content and then the tabs at the top are scrolled away (e.g. specific firewall rules window). Default sizes should fit the content (respecting Windows scaling) and all windows should be resizable if content doesn't fit.

Description : Keep scan cache persistent over reboots. Detail: After a reboot ESET re-reads most files again despite them not having changed and the drive not having been accessed in-between, even when the last scan/rehash was just minutes ago before the reboot. Some exceptions seem to apply to exe files only (as long as they are not in a category of potential risky/unwanted files regardless of settings). This causes ESET to daily re-read thousands of files on my system, which is unnecessary on an immobile desktop system with internal drive and one of the main reasons why I am looking for alternatives to Defender. Competitors manage to keep their cache persistent over reboots, some even after a nights' rest, as a consequence ESET causes more daily repeating CPU and disk load on unchanged files.

Description : Multi-threading/core for on-demand scans. Detail: ESET only uses a single CPU thread/core for on-demand scans, not utilizing my M.2 SSD even close to the limit. As a consequence on-demand scans take a *lot* longer than competing products that make use of multi-threading (up to 24 logical cores on my system).