Technically the MSE UI you see in the systray is just the configuration engine. The virus and malware scanning engines work through a filter driver
, which loads alongside the kernel. The system is technically protected almost right after boot, just as it would be with any decent antivirus product. If it's affecting the shell, you might have an issue with the APC software getting a global lock on some object that the MSE tray engine wants as well, but it wouldn't make you vulnerable due to the way antivirus products work on Windows.