Jump to content


Photo

Certain default settings


  • Please log in to reply
4 replies to this topic

#1 Seth

Seth

    Advanced Member

  • Members
  • PipPipPip
  • 1,598 posts

Posted 04 March 2007 - 06:35 PM

By default, SAS pro does not scan the System Restore files, despite numerous forms of malware embedding itself itself into SR.

From a tech perspective, I clear SR and the prefetch, then run a drive (temp files) cleaner before scanning. This significantly reduces scan time, and avoids any cleaning (and possible damage) of the already precarious SR files. However, how is this justified for the average user?

I also noted that "Terminate memory threats before scanning" is unchecked by default. I assume that type of threat is then addressed at the reboot? What disadvantage is there to terminating it before scanning?

Thanks.

#2 MaB69

MaB69

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 04 March 2007 - 07:48 PM

By default, SAS pro does not scan the System Restore files, despite numerous forms of malware embedding itself itself into SR.

From a tech perspective, I clear SR and the prefetch, then run a drive (temp files) cleaner before scanning. This significantly reduces scan time, and avoids any cleaning (and possible damage) of the already precarious SR files. However, how is this justified for the average user?

I also noted that "Terminate memory threats before scanning" is unchecked by default. I assume that type of threat is then addressed at the reboot? What disadvantage is there to terminating it before scanning?

Thanks.


Hi Seth,

Sorry but you are wrong twice because by default ignore system restore is unchecked and the unchecked radio box is "Terminate memory threats before quarantining "


Regards,

MaB

#3 Seth

Seth

    Advanced Member

  • Members
  • PipPipPip
  • 1,598 posts

Posted 04 March 2007 - 08:41 PM

Thanks for that mab...

I misread the SR option, must have had one too many :)

Regarding the memory threats, it doesn't matter if it say's quarantine or scanning, as I'm just wondering why there is an option for that. In other words, what possible consequences are there in regards to this specific option?

#4 SUPERAntiSpy

SUPERAntiSpy

    Site Admin

  • Administrators
  • 3,809 posts
  • LocationEugene, OR

Posted 05 March 2007 - 01:37 AM

Thanks for that mab...

I misread the SR option, must have had one too many :)

Regarding the memory threats, it doesn't matter if it say's quarantine or scanning, as I'm just wondering why there is an option for that. In other words, what possible consequences are there in regards to this specific option?


The reason that is off by default, is many infections (newer) actually re-install using new settings if they are terminated, so the scan will have been "worthless" at that point. So we kill them on reboot to make sure they are gone.

#5 Seth

Seth

    Advanced Member

  • Members
  • PipPipPip
  • 1,598 posts

Posted 05 March 2007 - 02:35 AM

Thanks for that mab...

I misread the SR option, must have had one too many :)

Regarding the memory threats, it doesn't matter if it say's quarantine or scanning, as I'm just wondering why there is an option for that. In other words, what possible consequences are there in regards to this specific option?


The reason that is off by default, is many infections (newer) actually re-install using new settings if they are terminated, so the scan will have been "worthless" at that point. So we kill them on reboot to make sure they are gone.


Wow. Malware is getting incredibly devious.

Thanks for the answer Nick.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users