Here's the second part of my question.  (I didn't see an Edit button).     How can you tell if the rootkit scan ran?   Will there be some indication in the results box even on a negative scan?  I tried to run one, did the restart, etc., but I couldn't tell if it did the rootkit scan or not, but I could see it scanning the file system.   Maybe the first part was so quick I just didn't see it.  Thanks.

NPE needs the internet connection, NIS will allow it access to do what it needs to do.  There should be a report of what it finds on completion of the scan.  Don't "fix" anything without checking to see if there are false positives.

Also, there is no need to disconnect from the Internet while turning off or booting the computer. The NIS service and firewall loads much earlier than the Windows desktop or the Norton icon appears, and protects you well before Windows has loaded.

If internet connectivity requires user interaction after reboot (non-automatic), doesn't that tame the NPE's usefulness?

In my case, the NPE was done less than a minute after reboot.  I will assume the rootkit scan was done.

Does that suggest one should skip the rootkit scan and the NPE will then do the full scan without rebooting?

Hello

The NPE isn't a tool just to use to see if your system is clean. It's an advanced tool that should be used after trying other means of getting your system cleaned. It should only be used if you suspect some dangerous malware. Thanks.

huylym, I think for up to two hours after you create a post, if you click on Options then Edit Reply, you can make changes to your post.  I've had to make changes several times, after I read what I thought I meant to post

  Oops,,,  floplot's correct, it is only one hour .  Thanks for the correction.

Hello

I believe the time limit is 1 hour to edit your post unless that has changed. Thanks.

---

floplot wrote:

 

The NPE isn't a tool just to use to see if your system is clean. It's an advanced tool that should be used after trying other means of getting your system cleaned. It should only be used if you suspect some dangerous malware. Thanks.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

---

Yes, I understand that, but I was having to restore a disk image for another reason, and thought I would run the NPE just to become familiar with its interface and how it works--in case (God forbid) that I ever really have to use it.  So at least I know what to expect now should I ever have to run it.

I selected for it to do a rootkit scan as well, and hit the reboot button.  While Win XP was shutting down, there was a quick tiny window of a "Windows Protection Fault" that was actually too fast to read the fault address.   The computer re-started and the file scans were done, and the report given.  it didn't mention whether the rootkit scan was done or not, so I have no way of knowing whether it occurred, or whether the protection fault at the Windows restart had affected that aspect.  Norton only found 1 file in the file scan that it *thought* was bad, but I recognized it as one I've had for years--but just to check it I used the feature to have Symantec's server analyze it, and it was OK.

It would be nice if the results section of the NPE would give its report in 2 parts so that people would know if the rootkit scan was actually performed.  e.g.:

1)  Rootkit scan results.

2)  File report.

Also, any idea what caused the Windows Protection Fault and its significance?  It did it both times I tried.

Thanks.