HTTP / TCP scanning.......

[iwod]

I remember i vouguely asked this question sometime ago but i couldn't understand the answer still.

I realize many of the AV today has add HTTP or TCP or internet resident scanning such as NOD32 Imon and Avast 4.5

But i still don't understand the need of it. Doesn't the webpage get downloaded before view? And therefore will be checked by ( NOD32 4 example ) AMon? This is to the similar question as to why i need DMON as well if AMon does the job anyway. Does that mean if i open a office Document with virus AMon won't detect it?

One of the few questions i had about HTTP scanning is that it create little problems with there and then. Like select open a torrent file when download it with IE doesn't work.

I seriously hope F prot 4 doesn't include this because so far i haven't seen a HTTP scanner that is totally transperant.

[RejZoR]

IMON HTTP scanning can be disabled so there is no problem at all if you don't want to use it. The whole point is that IMON checks the data before it comes to browser. IE tends to render some things directly which is not good.
But yes,AMON checks the cached data that is stored by browser in browser cache.

[Blackspear]

Quote:

Originally Posted by iwod

But i still don't understand the need of it. Doesn't the webpage get downloaded before view? And therefore will be checked by ( NOD32 4 example ) AMon? This is to the similar question as to why i need DMON as well if AMon does the job anyway. Does that mean if i open a office Document with virus AMon won't detect it?

There is a thread here on incoming file checking and what order it comes in: http://www.wilderssecurity.com/showt...ighlight=order and post number 34 gives the correct order.

Basically with a HTTP scanner the infection is detected at the front door, it is not allowed in to your computer. Should something get past IMON then AMON will spring into action upon execution. Same for DMON, incoming scanner, anything gets past AMON pounces...

Hope this helps...

Cheers