NIS2008 Auto-protect Caching feature... how does that work?

Discussion in 'other anti-virus software' started by denniz, May 24, 2008.

Thread Status:
Not open for further replies.
  1. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    I have noticed the following option under the auto-protect options in NIS2008:

    Is this something like the Kaspersky iSwift/iChecker feature? And suppose a file is infected, but Norton has cached a previous uninfected version of the file, then when is the cache purged so it will detect the infected file?

    Here's a screenshot of the feature:

    nis2008caching.jpg

    Any ideas?
     
    denniz, May 24, 2008
    #1
  2. ASpace

    ASpace Guest

    Yes , more or less so.


    These technologies are supposed to make differences between the previous clean version and the new one , which must have been changed by the threat . Then , the antivirus will notice the file has been changed and will scan the file again .

    It is another story , however , if a file has always been infected . At one time the antivirus scans it and it thinks the file is clean . However , at later time , the vendor adds detection for it. The file is the same and hasn't been changed . The antivirus will see this and will not scan it again . It is the antivirus program itself which must see that now the file must be marked as infected or malicious :thumb:
     
    ASpace, May 24, 2008
    #2
  3. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    So one can assume that caching can be a security risk and it's better left disabled I reckon....
     
    denniz, May 24, 2008
    #3
  4. ASpace

    ASpace Guest

    With Norton Internet Security I would use the default settings . I guess the option is disabled by default .

    Generally it can't be considered a security risk . It really depends on the program . I use NOD32 and similar technology is used here -> Optimized scanning . However , here NOD32 will rescan the files upon every signature update or computer restart . With Norton , you show with the screenshot from the help file that files might remain unscanned even after restart. So , it really depends. I also suppose Symantec have taken some precautions to prevent such "risks"
     
    ASpace, May 24, 2008
    #4
  5. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    Or the file will be scanned with the updated virus signatures when the file is executed.
     
    lu_chin, May 24, 2008
    #5
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    a picture is worth a thousand words so here is a pic from the "help" option in nis 2008

    EDIT: sorry, I missed the earlier screen shot. can't win them all.
     

    Attached Files:

    Last edited: May 27, 2008
    bigc73542, May 27, 2008
    #6
  7. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    :p

    But the help text doesn't really explain how it works...
     
    denniz, May 28, 2008
    #7
  8. ASpace

    ASpace Guest

    Details might be company's secret
     
    ASpace, May 28, 2008
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...