How often do you run antivirus scan on safe mode?

[PhoenixOrion]

Just curious.

I always have my antivirus on 'real time' protection in Windows.

But lately and on frequency, I would go to windows safe mode and actually spend the time to manually start a virus scan.

Seems to me that I get better detections doing manually this way.

 

[mechBgon]

The real-time scanner won't go back through your browser cache, etc, and re-check stuff that isn't being actively used, so a full virus scan in either Safe Mode or regular mode may simply be discovering stuff that crept in before the real-time scanner had the signatures for it. So if you don't have a full scan scheduled to run periodically, it might be worth scheduling one to run daily or at least weekly.

 

[bsobel]

Originally posted by: mechBgon
The real-time scanner won't go back through your browser cache, etc, and re-check stuff that isn't being actively used, so a full virus scan in either Safe Mode or regular mode may simply be discovering stuff that crept in before the real-time scanner had the signatures for it. So if you don't have a full scan scheduled to run periodically, it might be worth scheduling one to run daily or at least weekly.

True, but if a tree falls in the forest... Weekly scans are good for compliance reasons. But if those caches aren't shared, the RT scanner will just pick them up if they are ever accessed anyhow. I tend to think the time lost to the reboot/manual scan isn't worth catching a non-executed file sitting in a cache thats likely to be cleared anyhow (or worst case, found later if accessed)

 

[mechBgon]

Originally posted by: bsobel

Originally posted by: mechBgon
The real-time scanner won't go back through your browser cache, etc, and re-check stuff that isn't being actively used, so a full virus scan in either Safe Mode or regular mode may simply be discovering stuff that crept in before the real-time scanner had the signatures for it. So if you don't have a full scan scheduled to run periodically, it might be worth scheduling one to run daily or at least weekly.

True, but if a tree falls in the forest... Weekly scans are good for compliance reasons. But if those caches aren't shared, the RT scanner will just pick them up if they are ever accessed anyhow. I tend to think the time lost to the reboot/manual scan isn't worth catching a non-executed file sitting in a cache thats likely to be cleared anyhow (or worst case, found later if accessed)

Maybe so. When I had a small business fleet that rescanned every day at lunchtime, it was very rare for them to find anything new on a daily scan that had slipped by the RT scanner. I was mainly suggesting the most plausible reason that a full scan (in Safe Mode or otherwise) might find malware that the real-time scanner was not detecting, which is what you just said: the files are just sitting around inert, waiting to be discarded.

OTOH, I have a Win2000 VM here which has a rootkit installed, a variant of Trojan.Pandex. While the rootkit is recognized by most antivirus vendors, the RT scanner I'm using does not detect the rootkit in normal Windows operation. Full disk scans do detect it. As it happens, the system crashes when the runtime2.sys rootkit file is touched by an antivirus scanner and even a couple of rootkit scanners I've tried... but it does get detected

The scenario is real-world, since the rootkit and a selection of other malware got onto the system by sending the vulnerable system to an exploit-laced pr0n site while logged on as an Administrator. So I think there's potential value in periodic re-scans, especially if they can be set up to run when it won't inconvenience the user.

 

[Medea]

Originally posted by: mechBgon
I have a Win2000 VM here which has a rootkit installed. While the rootkit is recognized by most antivirus vendors, the RT scanner I'm using does not detect the rootkit in normal Windows operation. Full disk scans do detect it. As it happens, the system crashes when the runtime2.sys rootkit file is touched by an antivirus scanner and even a couple of rootkit scanners I've tried... but it does get detected.

The scenario is real-world, since the rootkit (runtime2.sys) and a selection of other malware got onto the system by sending the vulnerable system to an exploit-laced pr0n site while logged on as an Administrator. So I think there's potential value in periodic re-scans, especially if they can be set up to run when it won't inconvenience the user.

:thumbsup:

 

[Red Squirrel]

I have a real time scan scheduled nightly on my machine,though its not in safe mode. My computer usage pretty much limits the possibility of a virus getting on but since I'm on a network that not only I use, I still have to be ready for someone at the other end to make a stupid move. (most likely my dad opening a "funnypicture.exe" file in an email )

Teachnically a real time scanner should be sufficient, having a full scan run is more or less of a precaution as it could be a virus got in before the defs were installed so later on the full scan will find it. This is especially important for school environments and such.