Scanning Disk Defragmenter Activities

I typically run the disk defragmenter on my partitions once or twice per week, depending on the amount of usage and transfer of data. I noticed the last few times that it has gotten a lot slower then it should be. The only difference in software is Active Virus Shield which has been on my system for about a week now.

So, I noticed in the File-Antivirus section of AVS that it was actually scanning every single bit of the defragmenting process. Pretty much running a full system scan, seeing all of my files go through it (not scanning within archives though).

I used to run avast! for several years and it never scanned the defragmenting activies going on. Obviously, AVS is very sensitive and thorough which certainly is not a bad thing. I don't recall if Antivir scanned these activites or not, but I don't think it did. Also, McAfee VSE did not scan these activities. I just don't know of any other anti-virus program that does this.

How necessary is it to scan the whole defragmentation process?

Does this pose any risk in corrupting files while this is going on?

Thanks,
Dave

 

For optimum defragmentation it is advised to stop any non-critical processes from running in the background, disable screensavers and not to use your computer during this time. Or to defragment in safe-mode.

Most users do not go to these lengths but stopping/disabling any security software is recommended. Unfortunately, unlike in KAV, in AOL AVS you cannot add your defragmenter to the trusted zone.

Therefore since you are seeing slow downs, personally, I would simply disable/exit the RTM of AVS during your defragmentation times.

Dave, since you found AntiVir to be lighter on your system and this AV does not scan during defragmentation, maybe it's time to switch back?

 

I had always assumed the same as you, to disable unnecessary things from running during defragmentation like anti-virus, screensavers, etc. Same goes for burning CDR's and so on. This was always my practice. I can just Pause the real-time proctection from now on prior to defragmenting. I'm just quite surprised that they wouldn't have excluded the process within the program by default.

I am quite fond of AntiVir as well. However, AntiVir updates once per day while AVS updates every hour or so (it is so often I can't believe it). Updates from AntiVir kill full screen games and movies while AVS deals with it very smoothly. Also, AVS has mail scanning and I make use of that thanks to Stunnel. I will test it from time to time to see how AntiVir progresses. I do think that AntiVir does perform amazingly well, though.

 

This used to apply back in days of Win98 and FAT32. But with NT5 (and upcoming NT6 aka Vista) and NTFS it's just one extra "don't do it like this" thing.

 

If you're not using Raxco's PerfectDisk v8.0, which has a one-pass process, or Diskeeper Pro, using M-S's built in does nothing for Windows actual system files and the Master File Table.

Nevertheless, I go so far as to pull the plug to the net; go to Services and stop everything possible; delete all valid temp files and prefetch items and then perform my defrag. It's always a good idea to reboot after a defrag, since system memory can clean its house.

www.raxco.com

 

I can now confirm that AntiVir PE does not scan files being moved or compacted during the defragmentation process.

I guess AVS (Kaspersky engine) is just more sensitive and thorough the other anti-virus programs.

Thank you everyone for your feedback and opinions.

 

First, there's no reason to enable AV scanning while running a defrag, unless you are connected to the internet while doing the scan.

Second, ditch ANY AV program that is enabled during a defrag and does NOT scan files during a defrag. It's not doing it's job.

 

Howard I think you're being unfair, it is more likely that they have special handling for defrag to avoid potential problems with the system, don't you agree?

 

does nod32 scan files during a defrag?

 

The only way to detect whether defragging is going on would be to intercept the API issued by the defrag programs.

Not sure that is even possible, and it would be a ton of overhead.

Next time I defrag with PD, I'll leave NAV enabled to see what happens.

Proper defragging implies not being connected to the Internet, in which case, there is no chance of harm by disabling AV.

Defrag programs do not actually "open" files in the normal sense.
They just deal with byte streams, no interpretation of file content.

Hmm, I just thought of an interesting experiment, more later ... .

 

I just added a directory with a few known virus files to a drive.
I did not disable NAV 2006.

No messages were issued and the files appear to have been defragged.

So, I guess there is a way for an AV program to detect that the operation being performed is merely defragging.

But there stil may be a performance hit, and I'd rather not risk the AV screwing up the defrag, so it may be better to disable the AV during a defrag.

 

For copying, you most certainly will see a difference.

 

Howard: I've had a look around myself, and if you're interested take a look at the following article by sysinternals:
http://www.sysinternals.com/information/diskdefragmenting.html

Windows seems to offer a special low level api for the purpose of writing defrag tools, which is almost annoyingly simple. This api looks pretty much useless to malware authors since it can only be used for defragging (moving around clusters and such). So I guess, most Antivirus programs simply don't monitor this api, since quote "...the FSCTLs are implemented such that you CANNOT corrupt data on your drive by using them..."

 

I have that article.

Actually, AFAIK, AV programs intercept certain types of operations. Other operations are not thought to be risky so they are ignored.

 

Why would Kaspersky do this by default?

Why the need to add it to the Trusted Zone or Pause the protection?

If it is recommended not to scan this type of activity...

 

MSFT has a spec, which if followed by AV software, will not cause a problem with defragging.

Of course, this ASSuMEs that both the AV and defrag software meet the spec.