Archive scanning

quick questions,

is archive scanning really needed?
what difference in security would it make if it was disabled?

also, a bug that i must report is, even tho the log is CORRECT and states 85923 files scanned when archive scanning is disabled, the actual program states it has scanned 195573 which is more than the time taken with archive scanning enabled.

archive scanning enabled

Objects scanned: 109087
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 748 Kb/s
Scan time: 00:41:33

archive scanning disabled

Objects scanned: 85923
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 422 Kb/s
Scan time: 00:35:28

edit: the log is correct and the GUI i think, because i did the 2 scans in the same session, i believe it adds the total session scanned files on the GUI.
im not sure if this is a good thing or not, but at least the log seperates the amount of scanned files per each scan.

 

I like to have archive scanning there on-demand to use if needed, but I don't think it's necessary for a realtime guard, anything dangerous that would be detected by archive scanning would be detected upon extraction anyway.

Londonbeat

 

im just thinking to lower my scan times thats all,

i know it isnt a big difference as at the moment, there is nothing on my machine, but it would make a big difference when there is im sure.

6 minutes difference,

but that is still like.... erm, 15% difference in scan time.

 

Sure there will be a big difference when you have a lot on the HD, but why make an on-demand scan if you have no intension of scanning everything?

I always use all options for on-demand scan settings and do not use the archive option in the real-time scanner..............for the exact reasons stated by Londonbeat. I do not make a lot of on-demand scans btw.

 

You probably dont need reminding of this:

yes as 'data' builds up scan times are getting ponderous with every app.
I am total luddite so I only run a single partition.

I've moved all my photos, music and videos and zip etc archive types off onto an external HD. Feels vaguely better from security standpoint

You might have a lot of documents or and or dl'd compressed files : eg exes that come as zips or rars, hanging abouT I know that I keep copies of all installation files and even keep copies of previous versions in another folder.)

They take longer to scan.

I exclude all the fdisr image files :each the size of the 'C' drive
exclude any back-up imge files of the C which I keep on the 'C'
These files are of course compressed and HUGE.
I junked an ood image file that I had been keeping: 10G !!

If you have any virtualisation files put some of the spare snapshots or rarely used snapshots off into storage or delete back to mainline set-ups.

If you go through your odds and ends folders you may free some space
I was amazed at how much junk was on my box: video remnants aftr editing, old installation files ets etc
Disc sizes are so massive now one can get a little untidy with the disc maintenance.

I had Literally hundreds of photos and vids, some quite big files, that were meant to be archived ages ago. You know: dl off the digital cam and just never get around to tidying up.

I think I cleared out fluff and/or moved well over 13g of stuff off the disc: all the scanners ( and the defrag seem much faster)

If you can, shrink (all )your working partitions to minimize spare junk space.
It was a good execise for me to do all the house cleaning: personal bloat.

regards.

 

For on-demand scanning; A thorough scan using full settings is needed on install to check whether your machine is clean.

After this initial full scan, if you are using a slow scanner such as present in Dr Web/VBA32/TrustPort then "full" scanning can take a long time compared to other AV's. Regular scans can then still be carried out but on a lower scan mode setting which does not include all files/archives. As long as you check downloaded files by context-menu scanning then these "faster" scans, IMHO, should be sufficient. The full scan can then be relegated to occasional use. In addition, excluding various files that the on-demand scanner becomes stuck on, also helps in improving scan speed. A number of AVs get stuck on large CAB files for example, so after an initial scan, I generally exclude them for future scans.

Conversely, if you have an AV with a fast scan speed, such as NOD/FPAV, then complete scans are less of a chore.

For real-time scanning; Personally, I do not think that the RTM needs to scan archives as any malware should be picked up on extraction. Further, some AV's affect system performance if archive scanning is selected in the RTM. However, I would much prefer that the running Guard can scan runtime packed files rather than archives.

 

selected types,

which ones are actually missing?

---
also, what OS are you running blackcat, it looks poo-poo *lol*

 

Win XP Pro, but set in Windows Classic mode. Prefer lean and mean even on a new computer

 

with that selected types scanning without archive scanning,

it only takes 22 minutes, which is basically half the time nearly.

how much security is actually lost here?

 

I think that scanning doesn't add too much security if the real-time protection is running

 

Archive scanning is a must for on-demand scans imo.
The longer scan time is worth it for a more thorough scan.

 

Same here

 

I gotta go w/ Longboard on this. I too exclude all my FD-ISR folders from scanning. They're just too large. -If my scan finds anything that has been auto up-dated / copied to one of my FD-ISR folders, I'll know about it (indicated by the date) and can then scan the appropriate folder. As far as my NAS box goes: it's connected 24 / 7 w/ uTorrent & Shareaza running. This is scanned throughly every week and via context menue after every few D/Ls and again prior to opening / running anything.

...screamer

 

ok, most people seem to think that i should leave it all enabled, this is how i originally had it anyway

was just curious

drweb rules

http://img352.imageshack.us/img352/7503/desktopof3.th.jpg

Closed......