How long should a full system scan take with Kaspersky 6.0.1.411 take roughly? I have a 3.62Ghz Machine with 1024MB RAM. Also installed Is Webroot SpySweeper 5.2/Comodo Firewall Pro 2.4.16.174/Super AdBlocker 4.2.0.102 and Rollback Rx Pro 7.2.1 Along with Kaspersky,all these run with Windows Startup. I just installed Kaspersky today,and found that when I ran a scan it was taking a long time, it had already scanned over 100000 files and stuff,but period the start to finish time was 90 minutes :blink: Is this normal? cause its a bloody long time if it is :blink: Everything is at default I havent changed anything in settings except the option to auto Disinfect/Block and Delete instead of prompt user and I enabled registry guard, everything else is as it was when it installed. :lurking: If something is wrong with this I'll use Rollback Rx to go back to my NOD32, I have subscriptions for both, but this Kaspersky subscription is new, I got a 3yr one from the US site :P

First scan always takes a long time. Following scans will be faster, depending on signature updates.

It is normal because kav engine scan very slow.
The second scan and other it won't take that long only if u will check "scan new and changed files" because av will pass/skip the files that were not changed(it suppose that were clean on first scan).
Otherwise, every time scan will be the same, it will take long.

It not depending on signature updates.

Yes it depends on signature updates. A signature update will make KAV rescan files, while a scan with the same signatures will make KAV skip files that it scanned earlier.

Even without the option "scan new and changed files" activated, KAV will skip files and use a random scan pattern to speed up scanning.

well my first scan with 411 build took 3hours!
but second scan with icheckers and iswift ticked took only 30minutes
third scan took 15minutes
fourth took about 7minutes.
so the first scan is slow but after its the fastest scans around.
lodore

-{ Quote: "Following scans will be faster, depending on signature updates." }-
That explains to me, why MWAV Free scans my HDD 40 minutes each time. Thanks for info.
MWAV unpacks into TEMP folder each launch time, so it does not remember anything, too bad.

if malware can infect other 'safe programs' on ones machine, using the ichecker swift or whatever its called, it wont pick up on it.

if i were a kaspersky user, i would not use that feature, all files should be scanned, just because it was safe on full scan, doesnt mean it is now.

you dont understand how the technlogy works.
the option is called "scan new and changed files only"
which means if something changes e.g. infects those files they will get rescanned and detect the malware.
some files it has to keep rescanning since they change such as system files.
the only way it wouldnt rescan it is if the malware somehow changed the checksum kaspersky made for that file and then it wouldnt get rescanned but thats knida crasy since the self defence would stop the change.
lodore

-{ Quote: "you dont understand how the technlogy works.
the option is called "scan new and changed files only"
which means if something changes e.g. infects those files they will get rescanned and detect the malware.
some files it has to keep rescanning since they change such as system files.
lodore" }-
maybe, but there will always be malware to get round it, id rather just be safe and scan all files is all.

read my updated post above
it would seem the best scans are normally the longest and most through but not always
e.g. nod32 has very fast scanning but has a great detection rate as well.
i wish kaspersky just made the engine faster rather that adding bolt ons if that makes sence.
why cant the kav engine be faster like nod32.

lodore

-{ Quote: "maybe, but there will always be malware to get round it, id rather just be safe and scan all files is all." }-
Using iSwift is scanning all files if you have set it to all files in the settings (default mode btw).

Post moved to: http://www.wilderssecurity.com/showthread.php?t=162893

ok, to answer the thread.....

kasperskys scanner is slower than panda, avira, avg, trend micro, norton, nod32, ca, BD10

but its faster than dr.web and f-secure.

sure, it will be faster if that setting was on with kaspersky, but the others would be too if they were not set to scan all files or a similar sort of setting.

-{ Quote: "It is normal because kav engine scan very slow." }- But it is very useful for protecting my computer. That is enough!

-{ Quote: "But it is very useful for protecting my computer. That is enough!" }-
Usefull for scaning so slow?...i don't know...but because it's a very good av, u can live with that...and me too.
-{ Quote: "why cant the kav engine be faster like nod32." }-
I wish, u wish, we all wish that...:D

couldnt they just have tighter coding so the engine runs faster?
or something similar.i know bitdefender scanning engine is slow as well.
lodore

I guess they have to rebuild the engine...from zero.
I notice that every av's engine it's not so different from version to version. Or the different it's so small.

Fast scan, slow scan, doesn't matter.
KAV/KIS can scan my computer slower than molasses for all I care but if my PC is getting protected from a quality AV such as Kaspersky than I can definitely wait until the scanning is done.
If a slow scan was such an issue then set the AV to run a scan when you will be away from the computer for a while.

I do not believe risk is increased by using the tools that KAV has to not scan files that are not new or changed. The same for the IChecker and ISwift. If it bothers one, then disable those.

My first scan was about 45 minutes, but now they take about 6 minutes.
"You pays your money and takes your choice."

Jerry

-{ Quote: "couldnt they just have tighter coding so the engine runs faster?
or something similar.i know bitdefender scanning engine is slow as well.
lodore" }-
It's not because of poor coding, it because they made a very thorough engine which can unpack a lot of archives. Instead of wanting everything from your AV, you should decide what is most important, being effective or being fast. I always get the same scantime using iSwift/iChecker which in my case is fast, too much confusion reins in this thread, some are talking about iSwift/iChecker, but mean the "Scan only new & changed files" option which is another feature (not default), which despite the name does not mean files will not be scanned again btw.

I must admit i do not understand the fuss about on-demand scan times, i mean i'm sure even DrWeb & VBA32 users are content with what they have despite being by far the slowest scanners, if they detect what they should...............surely this must be the most important thing?

i am very happy with kis6.0.
i agree slow scan times dont matter to much but its nice that after the first 3hour scan that because of "scan new and changed files only" it only now takes around 15minutes.
i will have to do a full 3 hour scan when kis6.0 mp2 comes out but so what after that it will be fast again.]
your right you cant have everything but kis6.0 is close.
im lucky atm since my pc hasnt hit the bad ram recently i still need to get new ram soon thou...
lodore

;D ;D -{ Quote: "

I must admit i do not understand the fuss about on-demand scan times, i mean i'm sure even DrWeb & VBA32 users are content with what they have despite being by far the slowest scanners, if they detect what they should...............surely this must be the most important thing?" }-

fast scans are 'not needed' but everyone would like a faster one, if it does the same job.

yep, im happy here with dr.web, although i do want a faster scan, if i fill my machine it can take a few hours.

but, dr.web are bringing a faster scan, very fast so i hear.
its nice to know they listened to what people wanted

i wonder when though..... erm.

i think once that update of faster scan is done they wont be alble to do another for ages since they need to look in all the locations for new malware and may need to add more packing and unpacking support in the furture.
lodore

If an AV can do a fast scan, be sure it is thorough.

I may have got this all wrong, but is there really any need for regular on-demand system scans, regardless of how long they take? Surely, if a security product is running in real time, and is regularly updated, it should prevent any infections getting in in the first place, so there shouldn't be any need for additional system scans. If a bunch of infections are found during, say, a weekly full system scan, then doesn't this indicate that the real time protection isn't doing it's job?

You forget that the signature databases (the detections) are updated all the time. A file received on Monday could be classified clean, because the av is only updated on Wednesday :)

Of course, the file scanner should pick it up after Wednesday when you access the file, but a full system scan will show the file infected without you having to access it.

This has nothing to do with the brand of scanner used, it's just part of the way av detection works; ie relying on the recognition of malware by analyzing it / adding detection for it.

-{ Quote: " I may have got this all wrong, but is there really any need for regular on-demand system scans, regardless of how long they take?" }-

Yes. This depends on your AV, its RTM settings and the age of your computer.

A lot of AV running guards can grind a system to a halt when cranked up to the maximum setting. Setting RTM's to scan ALL FILES in a number of AV's can slow everything down, particularly on an older computer. Therefore a number of users may select the best option for protection and performance, which maybe selecting a "smart" setting of scanning only new and changed files or dropping the scan all file setting in the running Guard to one by extensions.

Dr Web's Real-time SpIderGuard for example, can only be run in Smart Mode on the majority of computers. The NT SpiderGuard when in 'smart-mode' does not check files when they are executed. In other than "smart" mode all files will be scanned. However, use "run and open" and "create and write" instead of smart mode, and it will take for ever for every program to open. That's the reason why smart mode is the default setting in Spiderguard.

But one way round this is to make sure you scan EVERY new file coming in to your system manually and back this up with regular scanning using FULL settings of the Dr Web on-demand scanner. VBA32 also has this "smart" RTM setting but again they advise to run regular on-demand scans.

Further, some people would like to know whether they have malware in archives on their system. Again a number of AV's do not have archive scanning as an option in their RTM or it is not the default setting. Therefore any malware here will be only be picked up by the Full scan of the on-demand scanner (or by the RTM when the archive is opened).

Personally, even on new machines, I am always looking for the lightest RTM setting and therefore I routinely always carry out regular ALL file on-demand scans just in case anything has passed through.

-{ Quote: "You forget that the signature databases (the detections) are updated all the time. A file received on Monday could be classified clean, because the av is only updated on Wednesday :)

Of course, the file scanner should pick it up after Wednesday when you access the file, but a full system scan will show the file infected without you having to access it.

This has nothing to do with the brand of scanner used, it's just part of the way av detection works; ie relying on the recognition of malware by analyzing it / adding detection for it." }-

Your scenario above... would this specific scenario be bad with the "Scan new and changed files only" option checked?

Let's say you went to execute that file on Wednesday. It wouldn't be scanned and would be capable of doing it's harm, would it not?

I know that Kaspersky picks random time frames as to when to scan that file again, but your scenario refers to only a 2 day time frame and would probably make using the "Scan new and changed files only" option bad.

I like the Kaspersky engine and options (using AVS) but after thinking about this scenario above I may just not use that specific option anymore.

Interesting clarifications - thanks! :thumb:

-{ Quote: "Your scenario above... would this specific scenario be bad with the "Scan new and changed files only" option checked?

Let's say you went to execute that file on Wednesday. It wouldn't be scanned and would be capable of doing it's harm, would it not?

I know that Kaspersky picks random time frames as to when to scan that file again, but your scenario refers to only a 2 day time frame and would probably make using the "Scan new and changed files only" option bad.

I like the Kaspersky engine and options (using AVS) but after thinking about this scenario above I may just not use that specific option anymore." }-
If you do regular on-demand scans on standard level or high level setting, it should be safe. I've always kept the recommended settings.

but if the file that had been scanned before is now infected it must of changed so it would get scanned again hence the name "scan new and changed files only" so it must of changed to be infected so it will be detected with the new signitures.
kaspersky wouldnt put the technlogy in if it missed malware because the option is on.
and anyway its a default option for at least file av
lodore

-{ Quote: "but if the file that had been scanned before is now infected it must of changed so it would get scanned again hence the name "scan new and changed files only" so it must of changed to be infected so it will be detected with the new signitures. " }-
But if the file was already infected, and slipped through before the definitions were updated, it wouldn't have changed, so wouldn't be scanned again, and would only be detected when executed, or in a system scan, yes? I think I get it now. :wacko:

hmm i didnt think of that.
dont you think kaspersky would of thought of that?
lodore

-{ Quote: "but if the file that had been scanned before is now infected it must of changed so it would get scanned again hence the name "scan new and changed files only" so it must of changed to be infected so it will be detected with the new signitures.
kaspersky wouldnt put the technlogy in if it missed malware because the option is on.
and anyway its a default option for at least file av
lodore" }-
Let's look at this situation:
You receive a new worm which is not detected by KAV. When it scans the worm it marks it as clean and calculates the checksum. After 5 hours KAV updates arrive with signature for that specific worm. Now the worm is not scanned again because it is not new and it is not modified. In this situation the worm will remain on your PC and you will stay infected untill KAV decides to scan that file (worm) again.

-{ Quote: "hmm i didnt think of that.
dont you think kaspersky would of thought of that?
lodore" }-
I don't really see how they could cover that particular base, but they do get definitions out very quickly, and one would presumably need to be extremely unlucky to get hold of a brand new virus, before the AV vendors get wind of it, and for it also to get past the HIPS detection. This does, however, quantify the need for occasional on-demand system scans, but I still feel that a mainstream, generally 'safe' surfer, needn't perform a full scan more than once every few months.

-{ Quote: "Let's look at this situation:
You receive a new worm which is not detected by KAV. When it scans the worm it marks it as clean and calculates the checksum. After 5 hours KAV updates arrive with signature for that specific worm. Now the worm is not scanned again because it is not new and it is not modified. In this situation the worm will remain on your PC and you will stay infected untill KAV decides to scan that file (worm) again." }-
Presumably the worm would be detected as soon as it was executed, after the new signatures arrived. Also, if the worm was active before the new signatures arrived, the PAD and Firewall should detect any suspicious activity.

-{ Quote: "Presumably the worm would be detected as soon as it was executed, after the new signatures arrived. Also, if the worm was active before the new signatures arrived, the PAD and Firewall should detect any suspicious activity." }-
Does this mean that KAV real-time monitor scanes every file, everytime it executes?

BTW, I mentioned worm in this example so it could be any kind of malware.

-{ Quote: "Does this mean that KAV real-time monitor scanes every file, everytime it executes? " }-
If you have File Scanning switched on, I believe that's the general idea. My understanding is that it's this process that can slow some computers down, which is why we discuss which product is quickest, etc.

-{ Quote: "Does this mean that KAV real-time monitor scanes every file, everytime it executes?

BTW, I mentioned worm in this example so it could be any kind of malware." }-
Up to you, it has several options.

Not using Kaspersky but just curious , what is the difference between Smart Mode and the others ?

-{ Quote: "Not using Kaspersky but just curious , what is the difference between Smart Mode and the others ?" }-
ROTFL8)

-{ Quote: "Not using Kaspersky but just curious , what is the difference between Smart Mode and the others ?" }-
Take a look here (http://forum.kaspersky.com/index.php?showtopic=24968&hl=smart+mode) at lucianbara's post.

Thank you , Blackcat ! :thumb: