locked
Scanning questions - numbers dont match up RRS feed

  • Question

  • We are looking to switch from Symantec to FCS (possibly) and i have been tasked with doing the research.

    Part of this is on scan times and what not.  SO I created 2 VMs from the same template.  I used symantec 10.1 on one and FCS on the other, and I have a FCS server with everything on it and policies and what not to deploy and update it.

    The symantec server did a full scan for almost 9 minutes and scanned 20623 objects
    The Forefront server did a full scan for almost 8 minutes and scanned 61778 objects

    huh?

    What does forefront consider an object.  I checked the C Drives on these machines (only drive that is present, no network drives.) and the FCS server has a total of 13694 files and the Symantec has 13930.  That makes sense they should be close.

    How/What did FCS Scan??


    Tuesday, April 15, 2008 9:29 PM

Answers

  • Hi,

     

    By default forefront will scan inside files such as CAB, ISO, ZIP files etc... certainly cab files are something i don't think some of the other AV vendors do by default... Windows will have some cab files as part of the std install, so that would add up to quite a few files

     

    That would be the only thing i can think of that would make the count so much higher. Nice to see it managed a lot more files in less time Surprise)

     

    Chris

    Wednesday, April 16, 2008 8:05 AM

All replies

  • Hi,

     

    By default forefront will scan inside files such as CAB, ISO, ZIP files etc... certainly cab files are something i don't think some of the other AV vendors do by default... Windows will have some cab files as part of the std install, so that would add up to quite a few files

     

    That would be the only thing i can think of that would make the count so much higher. Nice to see it managed a lot more files in less time Surprise)

     

    Chris

    Wednesday, April 16, 2008 8:05 AM
  • Its odd.  I have both to set to scan into archive files, and also to be sure to scan everything.  Basicly the defaults for both programs.

    Wednesday, April 16, 2008 1:32 PM
  • Perform a manual scan and watch the Objects: (objects scanned) field. Forefront increments the Objects Scanned count as it checks registry keys which is one reason the count is far more than just the number of files on the drive.

    Wednesday, April 23, 2008 5:58 PM