4 Replies Latest reply on Aug 5, 2012 8:15 PM by tylo

    Full scan vs Realtime scan

      I want to open a topic to end up the discussion regarding the usage of full scan or keep it on special occasions for McAfee antivirus.

      My claim is that if we have antivirus real-time protection on, we don't need to do the scheduled scan once or twice per week. If the real-time scanner monitors all files activities on the computer and picks the virus before operating system can use it why we still need scheduled full scan?

       

      Appreciate your comments and please support your claims by evidences and references.

        • 1. Re: Full scan vs Realtime scan
          jmcleish

          I have moved your discussion to the VirusScan Enterprise forum for better visability.

           

          However, in regards to your discussion-

          What happens when malware is not yet included in the dats (zero-day malware) and therefore not picked up via OAS? It could then sit on the machine and there are various scenarios- such as  remain there dormant so would not be picked up until its next accessed via OAS.

           

          Best way is to catch with an ODS and remove while dormant as personally, i wouldn't like something like ZeroAccess rootkit sitting on my machine  until it gets picked up via OAS.

          • 2. Re: Full scan vs Realtime scan

            If OAS cannot pick the virus, it means ODS also cannot recognise the virus. Therefore system will get infected.

            In this situation we have 2 scenarios:

            1- Virus blocks/disables the antivirus completely. So you don't have any option except get your hands dirty and fix the start-up, registry and ... manually.

            2- Virus still lets ODS and OAS to be active. In this case if they can recognize the virus signature, they will pick it in the virus first time file activity. So OAS does the job here.

            If the virus doesn't do anything why we need to be worry about it?

             

            So again no difference between ODS and OAS.

             

            Message was edited by: tylo on 8/2/12 7:16:09 PM CDT
            • 3. Re: Full scan vs Realtime scan
              jmcleish

              tylo wrote:

               

              So again no difference between ODS and OAS.


              Well actually there is- On-Access and On-Demand- as i mentioned in my post.

               

              We have a lot of detections and deletions from our ODS scans.

               

              However, in the end, it's up to you how you configure your AV. If you reduce the system utilisation for the ODS then your users shouldn't notice too much, if any performance issues.

              • 4. Re: Full scan vs Realtime scan

                I appereciate if you read the whole post and don't pick one statement. I am aware that there is technical difference between ODS and OAS. If you double check my post  you will findout that I ment regarding the protection and our discussion topic not in general or technical terms.

                When you say "We have a lot of detections and deletions from our ODS scans." do you mean that your OAS missed some files or the OAS was disabled or you plugged a new Hard disk and never used any of the files before ODS ? Please explain more.