Difference between real-time and on-demand

Discussion in 'ESET Smart Security' started by oVan, Jul 2, 2008.

Thread Status:
Not open for further replies.
  1. oVan

    oVan Registered Member

    Joined:
    Jul 2, 2008
    Posts:
    3
    Why is there a difference between the real-time scanner and the on-demand scanner?

    I've downloaded the Ardamax keylogger as a test. The real-time scanner detected it correctly, I choose to leave it on my disk.

    Then I right-click the file, select Scan with Eset and it doesn't detect it.

    Finally, I rename the file and the online scanner detects it again...

    o_O

    So I have to enable all options for the real-time scanner to be sure it detects everything (and thus slowing down my machine) because the on-demand scanner will not find it?

    The reason I did this test is that I've seen a lot of trojans and other malware lately that are all not detected by Eset, while the competition detects them. The easiest way to check this is to submit a suspicious file to the VirusTotal.com website, where you can directly see the result of most scanners.

    Any thoughts?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello oVan,
    as for undetected malware by eset see this thread for the email address to send the samples to link

    a realtime scanner will detect malware when you try to access it.
    an on demand scanner will scan the paths you told it to scan. for example C:\windows. or you can tell it to scan your whole computer. on demand scans you run when you like. realtime scanner should always be active to block the installation of malware.
    its strange because normally realtime scanners have lower setttings than the on demand scanner to avoid slowdown.
     
  3. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello!

    oVan, you have to set up on-demand the same like realtime.

    Code:
    Scan Log
    Version of virus signature database: 3234 (20080702)
    Date: 2. 7. 2008  Time: 11:32:24
    Scanned disks, folders and files: D:\setup_akl.exe
    D:\setup_akl.exe » NSIS » PDM.exe - a variant of Win32/KeyLogger.Ardamax application
    D:\setup_akl.exe » NSIS » AKV.exe - a variant of Win32/KeyLogger.Ardamax application
    Number of scanned objects: 59
    Number of threats found: 2
    Number of cleaned objects: 0
    Time of completion: 11:32:25  Total scanning time: 1 sec (00:00:01)
     
  4. oVan

    oVan Registered Member

    Joined:
    Jul 2, 2008
    Posts:
    3
    Thank you both for your replies. My title was a bit misleading, as I do know the difference between the two of course.

    I've had both methods configured with all options enabled, which should result in equal scanning rate... I thought, and that's what doesn't happen.

    As for the sample, you can download the keylogger on http://www.ardamax.com/ and try for yourself.

    Thanks
     
  5. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Follow these instructions:

    Open Advanced setup tree => On-demand scan section => Choose Context menu scan => Setup => Options => Check Potentially unsafe applications => OK

    Click with right mouse button on Ardamax file and choose Scan with ESS
     
Thread Status:
Not open for further replies.