locked
FCS realtime protection not working RRS feed

  • Question

  •  

    Hi ,

      I found that the realtime protection of FCS client does not work

      I run a manual scan over a folder which contains several zip files downloaded from internet or saved from email attachment.

      The manual scan has found a file with an infected file inside .

      So I wonder why FCS didn't scan ( and found the virus ) while I was saving the file on the folder

     

    Does anyone have found the same problem ?

    Thanks

     

    Thursday, February 14, 2008 12:31 AM

All replies

  • Hi,

     

    Since the realtime scan and on-demand scan use the same patternfiles i can only think of one possible answer. The patternfiles got updated with a signature for the type of malware you got infected with after you downloaded the files and in between these times you did not access these files. This is the reason why i always combine realtime scanning with a scheduled scan.

     

    hope this sheds som light over why this could have happened

     

    /Johan

     

    Sunday, February 17, 2008 12:09 PM
  • Hi,

     

    I've done some research since I found this intriguing. I've discoverd that if you download something within a Zip file, the real-time scan does not scan it unless you access the file and or extract it (aka, the first time the contents of the infected zip touchs your file system). the manual scan does scan the contents of archive files and that is why it found it allthough you did not access or extract it before hand.

     

    I have double and triple checked it and It seems that this behavior is by design.

    this behavior causes no damage (since all files are scanned on access and usage is preveted incase of infection so no harm done) and further more improves perforamce since scanning every archived file that touches the file system (download, copy, update, etc) can decrease performance.

    Sunday, February 17, 2008 8:10 PM