Scan when writing only

Discussion in 'other anti-virus software' started by trjam, Feb 16, 2008.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    On several occasions I have send where some have stated to set your AV up to scan only when writing. Reason is for increase speed which I can see were it would be true. My question is, what do you need to do, add, or change to be able to do this and have adequate security. I am sure others might want to know. Benefits? Dangers?
     
  2. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    I'm not sure I understand this. Scan on Write will kill the system performance. Most AV products scan on close, when the file was opened for write. There are some like Kaspersky that will delay the scan on close as an optimization.
     
  3. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    VBA32 (scan only new files), Dr Web (smart mode), KAV and others have such a feature.
    The key is understanding how it works.
    Apparently when that option is selected: all files created / written to disc are scanned, BUT existing files can be opened and existing executables run (i.e.: program executables) without scanning, but these files will be scanned at their closure.
    Running with this option, of course, explains the importance of prior running Full System Scan to make sure your system is clean.
    I know of no risks/dangers when running in this mode.
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    thanks Bob, this is what I have the Guard set to with Avira on one machine and it makes even more of a difference in speed.
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Shouldn't I also do a scan of all downloads before executing them? Or will Avira's "scan when writing" automatically scan all new files?
     
  6. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    The problem with scan when writing in Antivir is that the AV does not block reading/executing an detected file when set to this mode.
     
  7. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Manual scans of DLs are always prudent.
    Note: I have no current experience with Avira, but I assume upon DL, and subsequent saving (writing) to your HD, said file will be scanned.
    Easy enough to test. Email yourself the Eicar.com file. DL and save to disc. See what happens.
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    whenever ive downloaded a file and then scanned it with kaspersky the scan ends right away and says reason ichecker which means it must of been scanned on its way in.
    im not sure about other antiviruses thou.
    but since these type of modes are default i very much doubt they will misses malware when in this cofigaration.
    lodore
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Tweeking with your AV settings depends on your other security aps and usage habits. This is an open door answer and can only be answered by yourself. But there are a few considerations to make, see mine for example:

    PC1: Multimedia (lot of P2P, downloading of paid music, web browsing)
    - XP Home in Admin
    - policy sandbox = DefenseWall
    - AV = Avast with standard shield off, heuristic normal

    Reason DW nails down all downloaded files through threatgates, so Avast standard shield is set off, only incoming data streams are scanned (Network, Mail, P2P, Web). Advantage as early as possible detection. Disadvantage a slightly higher 'ping' and you need to run a full scan before backup. With this light setup the multimedia AMD Athlon64 (2,6GHz/800FSB/1,5GigRam) runs as fast as gaming dual core (@3,2GHz/1600FSB/4GigRam)

    PC2: On-line gaming
    - Vista in LUA (quiet mode)
    - policy sandbox = GeSWall
    - AV = Antivir with scan at write only, heuristics set to high

    Reason, ping is holy grale in gaming. Rig has Raid0 with cache enabled, write delay is not noticable in this setup. Another reason to check at writes: GW does change the status of a file from untrusted to trusted when you copy it to another disk (DW always keeps status), therefore I would like to check the file at writes again (e.g. a copy). Advantage is on-line speed, disadvantage discovery in a later phase (with higher risk). This was reason to set heuristics to high.

    For years we are running simular setups, never infected. On the security play PC (now given to family) I never had AV in real time and tested a lot of malware Bitdefender and on-line scans never found a thing.

    Regards
     
    Last edited: Feb 18, 2008
Loading...
Thread Status:
Not open for further replies.