Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Scheduled Scan

Status
Not open for further replies.
SQLScholar

SQLScholar

Programmer
Aug 21, 2002
2,127
GB
Hi all,

Quick question.

If you have AV checking incomming email, and an on access scanner on each client - is there much need for a scheduled weekly scan?

As surely any active viruses should be picked up by the on access? Any viruses on the PC that become active will also be picked up when they try to activate.

Cheers for your views guys.

Dan

----------------------------------------
Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind - Dr. Seuss

Computer Science is no more about computers than astronomy is about telescopes - EW Dijkstra
----------------------------------------
 
Sort by date Sort by votes
I would say do one anyway. Belt & braces, better safe than sorry, etc.

Scanning incoming email obviously doesn't cover you against websites, downloads, ftp, removable media etc. The on access scanner is the only defence against these. If the on access scanner service falls over for some reason, the scheduled scan will still give protection.
 
Upvote 0 Downvote
Yep, scheduled scans are good as spv says. Many of times ive seen realtime scanners not catch something that the actual scanning did. Also due to your id you chose I must say this.

Arr, do scheldule scans aiy matey, or computer jurst might walk the plank (bad imatation i know but I couldnt resist) lol.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
I agree with the previous two posters points. Also, it is a very good idea to do weekly scans because the virus signature files that are in place when the file first comes into your system(s) may not detect a new threat *but* subsequent signature files may detect it upon a full scan.
 
Upvote 0 Downvote
Not to be too picky - just trying to work this out but..

If the on access scanner service falls over for some reason, the scheduled scan will still give protection.
Click to expand...

Surely in all likelyhood both will fail or neither?

Many of times ive seen realtime scanners not catch something that the actual scanning did.
Wouldnt this be when the Virus is dorment (not being accessed/run). As soon as the virus tries to become active, it would be read by the On Access - and block access before it does damage...

Also, it is a very good idea to do weekly scans because the virus signature files that are in place when the file first comes into your system(s) may not detect a new threat *but* subsequent signature files may detect it upon a full scan.
Ok - on this i see two scenarios.

1) Virus is missed due to sigs. Weekly scan is 5 days away. Virus is active. As soon as the update takes place, the sigs will be with the "on active scanner", and block access to the file and delete the entry. The weekly would pick up nothing.

2) Virus is missed due to sigs. Weekly scan is 5 days away. Virus is Inactive. As soon as the update takes place and the weekly is run, it will be removed.... but if there wasnt a weekly, if the virus ever tried to become active, the on access scan would catch it.



----------------------------------------
Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind - Dr. Seuss

Computer Science is no more about computers than astronomy is about telescopes - EW Dijkstra
----------------------------------------
Click to expand...
Click to expand...
Click to expand...
Click to expand...
 
Upvote 0 Downvote
Plank brings up valid and correct points but allow me to bring up another scenario:

You have a folder that,due to extremely high traffic (not uncommon), on-access has been turned off via policy to enhance performance. An infected file is copied to this folder but this virus is not yet in the sig file so it is not detected at this time and may do evil things if accessed by a user or application. Prior to the next weekly scan, the sig file is updated to recognize this threat, file is scanned, threat is removed. Of course, you are VERY vulnerable in the interim but sometimes the risk must be weighed against performance.

Just my 2 pennies :)
 
Upvote 0 Downvote
Jeffatemc,

Yes good point.

The only place we have this is on the servers (where we will leave a weekly scan).

All,

The only reason i have really come across is with MBR or BIOS viruses.

Either type would need a catalyst file (to do the install) where if the definitions pick it up - it would catch. However if it doesnt catch it on install, then it may be never catch it as the on access scanner wouldnt be operational when it runs.

I do wonder though if virus checkers (ours is sophos) on the weekly scans - do they scan BIOS and MBR?

Dan

----------------------------------------
Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind - Dr. Seuss

Computer Science is no more about computers than astronomy is about telescopes - EW Dijkstra
----------------------------------------
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dan2229
  • Locked
  • Question
McAfee Security Scan Plus
Replies
3
Views
119
dan2229
dan2229
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
121
goombawaho
goombawaho
RobertIngles
  • Locked
  • Question
Symantec Endpoint Protection Takes Forever to Scan Images on CD
Replies
0
Views
71
RobertIngles
RobertIngles
LoriRutt
  • Locked
  • Question
Scan stopped by user - NOT
Replies
1
Views
56
jimmymcp02
jimmymcp02
Noway2
  • Locked
  • News
Symantec Sued For Running Fake "Scareware" Scans 1
Replies
4
Views
116
BadBigBen
BadBigBen

Part and Inventory Search

Sponsor

Back
Top