Educause Security Discussion mailing list archives
Re: AV - Full scans or On Access Scans
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 10 Apr 2008 17:08:07 -0400
Charlie Prothero wrote:
We had the same problem at Keystone College. Theoretical question here: Say a piece of malware gets onto a machine before your AV software has a signature for it. The AV software is subsequently updated to detect that malware. If the malware had managed to install itself, it’s gone on the next reboot. Otherwise, it’s just sitting on the drive, undetected because it isn’t referenced. If it was, the AV software would nab it. Obviously, it’s not **desirable** to be storing a virus collection, but how much of a problem would it be, provided the AV on-access scanner is active?
We schedule full scans and I had always wondered the same thing. However, we've had cases where the full scan detected something, the machine was inspected, and undetected malware was active. So I've come around to believing the full scans are a valuable defensive layer. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: AV - Full scans or On Access Scans, (continued)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Consolvo, Corbett D (Apr 10)
- Re: AV - Full scans or On Access Scans Zach Jansen (Apr 10)
- Re: AV - Full scans or On Access Scans Marc Scarborough (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 10)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 10)
- Re: AV - Full scans or On Access Scans Valdis Kletnieks (Apr 10)
- Re: AV - Full scans or On Access Scans Di Fabio, Andrea (Apr 10)
- Re: AV - Full scans or On Access Scans Gary Flynn (Apr 10)
- Re: AV - Full scans or On Access Scans Halliday,Paul (Apr 10)
- Re: AV - Full scans or On Access Scans Jimmy Kuo (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans I. W. Woodle (Apr 11)
- Re: AV - Full scans or On Access Scans King, Ronald A. (Apr 11)
- Re: AV - Full scans or On Access Scans Koerber, Jeff (Apr 17)