real-time protection versus full system scan

[joe schmoe]

I'm using a Symantec Anti-virus client with real-time protection.
What is the point of setting up scheduled full-system scans with
symantec antivirus(SAV) when you have real-time protection always
running? Is there some advantage to using a full-system scan over
real-time protection scanning?

 

[null]

I'm using a Symantec Anti-virus client with real-time protection.
What is the point of setting up scheduled full-system scans with
symantec antivirus(SAV) when you have real-time protection always
running?

Good question. There are a couple of possibilities that come to mind.

1. Some scanners offer a "deep scan" feature (dunno about NAV) which
often slows down your PC with realtime scanning on. Doing a occasional
on-demand scan with such "slowdown" features on might catch malware
that realtime didn't with the "slowdown" feature disabled.

1A. In a similar vein, scanning of zipped and other archives may not
normally be opted for with realtime scanning because of the slowdown.
One might wish to occasionally scan all files, including archives,
on-demand (let it scan while you do other things).

2. A dropper (of a virus or other malware) may not have been caught
during download, so realtime av doesn't know it's on the hard drive.
An on-demand scan might reveal it. Leaving it go until activation in
the hope that the realtime monitor will catch it is riskier.

Is there some advantage to using a full-system scan over
real-time protection scanning?

I think the idea is to use both. And it's a good idea to use more than
one scanner on-demand (but not realtime).

As to dispensing with realtime scanning altogether, that's something
that only a few of us do. If you're curious about it, see my web site.
It requires "safe hex" discipline and some knowledge.


Art
http://www.epix.net/~artnpeg

 

[Pop Rivet]

I'm using a Symantec Anti-virus client with real-time protection.
What is the point of setting up scheduled full-system scans with
symantec antivirus(SAV) when you have real-time protection always
running? Is there some advantage to using a full-system scan over
real-time protection scanning?

Well, it sort of depends:
-- on whether you know the malware will always be caught
coming in. As in, maybe it's not in the av files yet, which
means a disk scan would find it later, after you do an upate
that detects it.
-- Or you download a virus unknowin gly and it managed to
hide from the live scan, but won't be hidden when it
executes, so ...
-- Or you pop a floppy or CD into the drive from someone
else who may or may not know all about such things.
Although sometimes esoteric, there are a lot of reasons to
let the full scans run, including deep scan, etc..

It's sort of a personal decision - do you know enough to be
dangerous, or do you know enough to be confident that you
don't need to run the scheduled scans? That will help you
anser the question.

I have mine set to run every Sunday night after I go to bed,
but most of the time the machine's in hibernation so they
don't run unless I purposely leave it running in the open.
I do video work so leaving the machine on overnight isn't
unusual for me, so ... it doesn't really run on a schedule,
but I do have it scheduled. It runs if I leave the macnine
on - and occasionally, depending on the latest scuttlebutt,
I'll fun a full scan over lunch or something if there's a
really nasty one known to be getting through. Most of the
av sites have good gossip notices on viruses et al.

Pop