NIS2008 Auto-protect Caching feature... how does that work?

Discussion in 'other anti-virus software' started by denniz, May 24, 2008.

Thread Status:
Not open for further replies.
  1. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    431
    Location:
    The Netherlands
    I have noticed the following option under the auto-protect options in NIS2008:

    Is this something like the Kaspersky iSwift/iChecker feature? And suppose a file is infected, but Norton has cached a previous uninfected version of the file, then when is the cache purged so it will detect the infected file?

    Here's a screenshot of the feature:

    nis2008caching.jpg

    Any ideas?
     
  2. ASpace

    ASpace Guest

    Yes , more or less so.


    These technologies are supposed to make differences between the previous clean version and the new one , which must have been changed by the threat . Then , the antivirus will notice the file has been changed and will scan the file again .

    It is another story , however , if a file has always been infected . At one time the antivirus scans it and it thinks the file is clean . However , at later time , the vendor adds detection for it. The file is the same and hasn't been changed . The antivirus will see this and will not scan it again . It is the antivirus program itself which must see that now the file must be marked as infected or malicious :thumb:
     
  3. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    431
    Location:
    The Netherlands
    So one can assume that caching can be a security risk and it's better left disabled I reckon....
     
  4. ASpace

    ASpace Guest

    With Norton Internet Security I would use the default settings . I guess the option is disabled by default .

    Generally it can't be considered a security risk . It really depends on the program . I use NOD32 and similar technology is used here -> Optimized scanning . However , here NOD32 will rescan the files upon every signature update or computer restart . With Norton , you show with the screenshot from the help file that files might remain unscanned even after restart. So , it really depends. I also suppose Symantec have taken some precautions to prevent such "risks"
     
  5. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    Or the file will be scanned with the updated virus signatures when the file is executed.
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    a picture is worth a thousand words so here is a pic from the "help" option in nis 2008

    EDIT: sorry, I missed the earlier screen shot. can't win them all.
     
    Last edited: May 27, 2008
  7. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    431
    Location:
    The Netherlands
    :p

    But the help text doesn't really explain how it works...
     
  8. ASpace

    ASpace Guest

    Details might be company's secret
     
Loading...
Thread Status:
Not open for further replies.