Boot time scans?

I used to run Avast. It had a boot time scan. If I opted to have Avast do that, it then downloaded some special sigs (I guess they were sigs), did a restart, & then did the boot time scan. I am now using an AV that does not offer a boot time scan.

Okay, so what's the deal? Can a boot time scan do or find anything that can't be done or found when Windows is running?

 

I'm not sure if it can find more, but it can at least remove everything.
BTW windows defender also has an boot-time scanner. It's called Offline scan. (Unfortunately it is just the fast-scan and not the full one.)

 

Thanks for the reply. Perhaps the use of a boot scan might also have to do with an AV's inability to quarantine infected system files that are active when Windows is running.

I'm disappointed that others seem to have avoided this thread. Perhaps I asked a dumb question or... maybe it's a question that's a bit too pithy.

 

@bellgamin

Regarding Webroot, which I believe you are currently using, this and this post may or may not be helpful.

Hope that helps!

 

Yes, they are helpful. Many thanks!

I still hope for someone to directly address the question generically, apart from the situation with Webroot.

 

Sounds logical. But sorry, I can't tell you more. Secrets.


(The secret is I don't know more)

 

Eset will scan both non-UEFI and UEFI boot sectors. It is the only AV that will scan UEFI at boot time.

 

Norton (among others) has Early Launch Anti-Malware Protection.

https://support.norton.com/sp/en/us/norton-security/22.14.2.13/solutions/v72910424_ns_retail_en_us

 

UEFI is covered by WSA as well Oct 2015.

 

If I understand these posts, I perceive some distinctives that may serve to separate the merely adequate AVs from the *best*. To wit, my respect has increased for WSA, ESET, Kaspersky, & (possibly) Norton.

 

Is scanning boot sectors the same as being UEFI compatible?

 

Many AVs have Early Launch Anti-Malware Protection.

EG: https://www.wilderssecurity.com/threads/elam-early-launch-antimalware-and-avs-supporting-it.369386/

 

Again. Eset is the only AV that scans the UEFI at boot time. Kaspersky has a utility to do so but you must load it onto bootable media and run it from there. Kaspersky also offers the scanner to OEM motherboard manufactures, etc. if they want to include it into the BIOS.

 

Here's the alert you will receive from Eset if UEFI malware found:

https://soporte.eset-la.com/Platform/Publishing/images/Authoring/Image%20Files/ESET/KB_ENG/v11_uefi_detection_EIS1.png

Note that UEFI malware needs to be manually removed. Therefore backup your UEFI just like you would anything else.

 

The Intel CHIPSEC tool can also be used to scan the UEFI for malware: https://github.com/chipsec/chipsec

 

It wouldn't matter to me anyways as I would never get any Malware on my system in the first place.

 

now there, that's a very very bold statement

 

It's true! I'm one of those that wouldn't need any protection, I just choose to.