Seth

Certain default settings

5 posts in this topic

By default, SAS pro does not scan the System Restore files, despite numerous forms of malware embedding itself itself into SR.

From a tech perspective, I clear SR and the prefetch, then run a drive (temp files) cleaner before scanning. This significantly reduces scan time, and avoids any cleaning (and possible damage) of the already precarious SR files. However, how is this justified for the average user?

I also noted that "Terminate memory threats before scanning" is unchecked by default. I assume that type of threat is then addressed at the reboot? What disadvantage is there to terminating it before scanning?

Thanks.

0

Share this post


Link to post
Share on other sites
By default, SAS pro does not scan the System Restore files, despite numerous forms of malware embedding itself itself into SR.

From a tech perspective, I clear SR and the prefetch, then run a drive (temp files) cleaner before scanning. This significantly reduces scan time, and avoids any cleaning (and possible damage) of the already precarious SR files. However, how is this justified for the average user?

I also noted that "Terminate memory threats before scanning" is unchecked by default. I assume that type of threat is then addressed at the reboot? What disadvantage is there to terminating it before scanning?

Thanks.

Hi Seth,

Sorry but you are wrong twice because by default ignore system restore is unchecked and the unchecked radio box is "Terminate memory threats before quarantining "

Regards,

MaB

0

Share this post


Link to post
Share on other sites

Thanks for that mab...

I misread the SR option, must have had one too many :)

Regarding the memory threats, it doesn't matter if it say's quarantine or scanning, as I'm just wondering why there is an option for that. In other words, what possible consequences are there in regards to this specific option?

0

Share this post


Link to post
Share on other sites
Thanks for that mab...

I misread the SR option, must have had one too many :)

Regarding the memory threats, it doesn't matter if it say's quarantine or scanning, as I'm just wondering why there is an option for that. In other words, what possible consequences are there in regards to this specific option?

The reason that is off by default, is many infections (newer) actually re-install using new settings if they are terminated, so the scan will have been "worthless" at that point. So we kill them on reboot to make sure they are gone.

0

Share this post


Link to post
Share on other sites
Thanks for that mab...

I misread the SR option, must have had one too many :)

Regarding the memory threats, it doesn't matter if it say's quarantine or scanning, as I'm just wondering why there is an option for that. In other words, what possible consequences are there in regards to this specific option?

The reason that is off by default, is many infections (newer) actually re-install using new settings if they are terminated, so the scan will have been "worthless" at that point. So we kill them on reboot to make sure they are gone.

Wow. Malware is getting incredibly devious.

Thanks for the answer Nick.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now