On-demand virus scanning right after real-time scanning?

Discussion in 'other anti-virus software' started by John__Doe, Jan 4, 2019.

  1. John__Doe

    John__Doe Registered Member

    Joined:
    Jan 4, 2019
    Posts:
    3
    Location:
    Germany
    Does it make sense to scan a downloaded file manually (on demand scan) with an AV-scanner XYZ right after it was downloaded, even though this file was already scanned a few seconds ago by the very same AV-scanner's real-time protection functionality during the download process?
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,642
    Location:
    U.S.A.
    Are you referring to Eset or some other AV product?
     
  3. John__Doe

    John__Doe Registered Member

    Joined:
    Jan 4, 2019
    Posts:
    3
    Location:
    Germany
    I'm not referring to Eset in specific but AV products in general. If the answer is different by AV product then I'd like to get at least an answer for MS Defender.
     
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,659
    Location:
    USA still the best. But getting worse!
    I usually do scan a downloaded file manually (on demand scan) with an AV-scanner XYZ right after it was downloaded, even though this file was already scanned a few seconds ago by the very same AV-scanner's real-time protection functionality during the download process.

    Because years & years ago my scanner missed it during the download process.

    Now what that AV was & what OS it was I'm not sure. But I'm thinking it was Kaspersky on XP.
     
  5. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,248
    I never do that. If you were to scan the file with something like Winja which scans it at VirusTotal then that would be a different story. But usually there's no point in scanning it with your antivirus as it should have been scanned when it was downloaded.
     
  6. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,132
    Location:
    UK
    It could be a good idea to scan after it is installed as it may be easier to detect when its installed many files.
    Also it could of downloaded something during the install.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    I don't see the point. Norton scans files on my machines when they're downloaded and monitors programs when running.
     
  8. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    791
    Location:
    North of the 38th parallel.
    :thumb:

    Up to 72 opinions, with VT, might be better than one resident AV/AM. The presence/absence of digital signing, hashes, and much more, are part and parcel of the VT analysis.

    HTH
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,186
    Location:
    Here
    I usually scan files on VirusTotal but not with my real-time antivirus or on demand scanners. I doubt that on demand scan with RT AV would find anything that wouldn't be found by real-time components.
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,256
    Location:
    .
    My habit is to second opinion thru VirusTotal and resident AV on-demand scan.
    I recently had two samples that were not immediately known classified by my resident AV.
    Both samples were not immediately classified on download nor classified with on-demand scan.

    Both samples were well known detected thru VirusTotal.
    Within ~ 10 minutes both downloaded executable samples were known detected thru my resident AV.

    Best practice for me is to scrutinize +.
    FWIW ~ YMMV
     
    Last edited: Jan 7, 2019
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,642
    Location:
    U.S.A.
    Most AV's today scan a file both on creation and on execution. The only reason I would see for an on-demand scan is when an external device is attached to the device, and the AV product doesn't auto detect it and offer a scan option. Also if the downloaded executable is totally unknown, Win 10 native SmartScreen will block it from running.

    If one really wants to check for suspect behavior in an executable, you're better off using one of the web sandbox analysis sites such as Hybrid-Analysis.
     
  12. Ford Prefect

    Ford Prefect Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    111
    Location:
    Germany, Ruhrpott
    Some AVs only scan on execution.
    And even when scanning on file close, some AVs only scan files (especially archives or installers) up to a certain size limit (e.g. 300 kb).
    So it depends on the concrete app and it's configuration.
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,203
    Location:
    USA
    I would not bother. A second scan with the same product feels like a waste of time. If you have doubts, a second opinion with a different product would be a better use of time. Assuming I am correct in my understanding of the original question. If it is a download I do not trust I download and run it in a virtual machine. I know that some files detect they are in a VM and try to hide any maliciousness when running in one, but nothing lost either way in that case.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.