I am having an interesting discussion around what is acutally scanned by the On Access Scanner and would appreciate it if anyone could point me at a definitive KB or document.
As far as I am aware the On Access Scan component will only ever scan file and folder access, a process is scanned as it is loaded into memory and once there the OAS leaves it alone, only monitoring what the process reads/writes from disc.
The On Demand Scan however will scan in memory for Rootkits and other malicious processes.
Have I got this correct?
Many thanks all
I/O operations are interrupted by On access filter driver and passes it to mcshield.exe for scanning.
Message was edited by: alexn on 3/14/13 12:41:07 PM CDT