We have had a huge Sality infection the last 2 days. While On Access Scanner does detect most viruses, it's not picking up files infected with Sality. If you right click on the same file and click, check for threats, it finds it. We have been doing this testing on NON infected machines so they are up and booted and av is running before we try to infect them. What are we doing wrong?
If the files are compound or zipped/compressed or detected with an Artemis detection, the on access scanner may not spend the extra time scanning those files. It should detect it if they were attempted to be run or executed (I would not advise testing this unless you have a controlled environment like a VM).