When I initiate an *on-demand scan* with a-squared, it takes it a bit of time to load its HUGE base of malware signatures.

My question is this....
Does a-squared's Guard (realtime monitor) have this huge signature base loaded at all times, or does it operate solely on heuristics, or what?

It uses both the sigs and its IDS database ;)

I wonder how A-Squared's "real-time" protection compares to that of ewido's. I haven't used A-Squared's real-time guard (only the on-demand scanner), and I trialed ewido's 3.0 version and used the RT monitor for the two week period (but it didn't catch or detect anything). I've heard that ewido 3.5 is markedly improved, but I've also heard good things about A-Squared. I know Andreas and the A-Squared team is very good as far as customer relations goes (which is VERY important to me), but I'm curious if anyone has used both and can comment on their effectiveness, as well as other issues (like memory and CPU usage, ease of use, update frequency, etc.)

-{ Quote: "It uses both the sigs and its IDS database ;)" }-Thanks. That is the answer I was hoping for. I have a RELATED question...

If Guard has all the signatures already loaded, I wonder why those same signatures must be loaded AGAIN when doing an on-demand scan? Any theories?

@JR- To enhance your possibilities for cogent answers to your OT questions, maybe you should start another thread instead of diverting this one. :P

Hey Bellgamin :)

I'll theorize in general terms - the guard and the scanner are two different processes and work in two totally different ways. So the scanner can't borrow "what the guard knows" to do its work.

By the by - files have to traverse the sigs before the IDS gets a looksee, which is they right order of events :)

-{ Quote: "
@JR- To enhance your possibilities for cogent answers to your OT questions, maybe you should start another thread instead of diverting this one. :P" }-

LOL....sorry bellgamin, I certainly was not trying to hijack your thread.....I apologize if it came across that way. I didn't mean to be off topic, I just thought that perhaps maybe YOU may have actually tried both and could answer, that's all.

Good idea, maybe I'll start that thread. Sorry for "hijacking" :-[

-{ Quote: "Good idea, maybe I'll start that thread." }-Or maybe PM Toadbee. He knows a lot about a-squared (& other security stuff, as well). Maybe he has taken Ewido for a test drive. As for moi, I never try a program when I don't know how to pronounce its name..... eh-WEE-doh? ee-WAI-doh? hey-WHY-do? duhhhh :-X

Concerning a-squared, I've appended a scrshot of part of Security Task Manager's data. In addition to the data for a-squared, notice the data on WinPatrol. It's flying virgin 9.7 and there are some awesome spikes in its cpu usage. Even so, I'm delighted with WP's added capabilities, especially RID.