Does it make sense to scan a downloaded file manually (on demand scan) with an AV-scanner XYZ right after it was downloaded, even though this file was already scanned a few seconds ago by the very same AV-scanner's real-time protection functionality during the download process?
I'm not referring to Eset in specific but AV products in general. If the answer is different by AV product then I'd like to get at least an answer for MS Defender.
I usually do scan a downloaded file manually (on demand scan) with an AV-scanner XYZ right after it was downloaded, even though this file was already scanned a few seconds ago by the very same AV-scanner's real-time protection functionality during the download process. Because years & years ago my scanner missed it during the download process. Now what that AV was & what OS it was I'm not sure. But I'm thinking it was Kaspersky on XP.
I never do that. If you were to scan the file with something like Winja which scans it at VirusTotal then that would be a different story. But usually there's no point in scanning it with your antivirus as it should have been scanned when it was downloaded.
It could be a good idea to scan after it is installed as it may be easier to detect when its installed many files. Also it could of downloaded something during the install.
I don't see the point. Norton scans files on my machines when they're downloaded and monitors programs when running.
Up to 72 opinions, with VT, might be better than one resident AV/AM. The presence/absence of digital signing, hashes, and much more, are part and parcel of the VT analysis. HTH
I usually scan files on VirusTotal but not with my real-time antivirus or on demand scanners. I doubt that on demand scan with RT AV would find anything that wouldn't be found by real-time components.
My habit is to second opinion thru VirusTotal and resident AV on-demand scan. I recently had two samples that were not immediately known classified by my resident AV. Both samples were not immediately classified on download nor classified with on-demand scan. Both samples were well known detected thru VirusTotal. Within ~ 10 minutes both downloaded executable samples were known detected thru my resident AV. Best practice for me is to scrutinize +. FWIW ~ YMMV
Most AV's today scan a file both on creation and on execution. The only reason I would see for an on-demand scan is when an external device is attached to the device, and the AV product doesn't auto detect it and offer a scan option. Also if the downloaded executable is totally unknown, Win 10 native SmartScreen will block it from running. If one really wants to check for suspect behavior in an executable, you're better off using one of the web sandbox analysis sites such as Hybrid-Analysis.
Some AVs only scan on execution. And even when scanning on file close, some AVs only scan files (especially archives or installers) up to a certain size limit (e.g. 300 kb). So it depends on the concrete app and it's configuration.
I would not bother. A second scan with the same product feels like a waste of time. If you have doubts, a second opinion with a different product would be a better use of time. Assuming I am correct in my understanding of the original question. If it is a download I do not trust I download and run it in a virtual machine. I know that some files detect they are in a VM and try to hide any maliciousness when running in one, but nothing lost either way in that case.
