Jump to content
VaMPiRiC_CRoW

Real-Time Protection

Recommended Posts

After use SAP Pro Real-Time Protection, I have a few things that I would like to discuss with you:

  • - The scanner should have the technology to not scan the files already scanned, by Real-Time scanner, will not be scanned again unless they have changed, the virus signature database has been updated or some other conditions have been fulfilled. Something implemented in NOD32 or like the iChecker and iSwift technologies of Kaspersky (
http://www.kaspersky.com/faq?chapter=18 ... =186010624)
- The Real-Time scanner also use CPU every 2 seconds, maybe to check the registry. Why not just listen the preventions keys, and when something is trying to be added or removed, check it and if is necessary, ask the user?
- Why not have an executable for the on-demand scanner and settings, and other executable for the Real-Time Scanner, to prevent useless memory?

Share this post


Link to post
Share on other sites
After use SAP Pro Real-Time Protection, I have a few things that I would like to discuss with you:

    - The scanner should have the technology to not scan the files already scanned, by Real-Time scanner, will not be scanned again unless they have changed, the virus signature database has been updated or some other conditions have been fulfilled. Something implemented in NOD32 or like the iChecker and iSwift technologies of Kaspersky (http://www.kaspersky.com/faq?chapter=18 ... =186010624)
    - The Real-Time scanner also use CPU every 2 seconds, maybe to check the registry. Why not just listen the preventions keys, and when something is trying to be added or removed, check it and if is necessary, ask the user?
    - Why not have an executable for the on-demand scanner and settings, and other executable for the Real-Time Scanner, to prevent useless memory?

The real-time scanner already has technology to not scan files already scanned - once a file is deemed safe it's place in the process cache and won't be scanned again as long as SAS is running.

The CPU usage is checking for new processes created and other items - we have new kernel technology in testing - but we will also retain the current method as if too many kernel drivers are trying to trap the SDT or Process Creation hooks it will cause problems. We also trap anything executed via the shell.

Having the separate executables won't really save that much as Windows automatically swaps out code that is not being used - so the entire scanner portion is typically swaped out if memory is low - Windows is designed to handle just that type of situation - the memory reported in Task Manager really is not accurate, meaning it really doesn't matter how much memory an application uses unless it is using all of it at a given time, or has allocated it not to be swappable.

Share this post


Link to post
Share on other sites

Thanks for the info... ;)

The CPU usage is checking for new processes created and other items - we have new kernel technology in testing - but we will also retain the current method as if too many kernel drivers are trying to trap the SDT or Process Creation hooks it will cause problems. We also trap anything executed via the shell.

When we start a program is normal that SAS use some CPU by checking it, but when we don't do nothing...

The other items that you related, are system files and/or registry entries?

What do you think about having an additional protection for advanced/expert users, like SpywareTerminator have with its great Realtime Shield that alert you about changes in important system areas...?

Share this post


Link to post
Share on other sites
Thanks for the info... ;)
The CPU usage is checking for new processes created and other items - we have new kernel technology in testing - but we will also retain the current method as if too many kernel drivers are trying to trap the SDT or Process Creation hooks it will cause problems. We also trap anything executed via the shell.

When we start a program is normal that SAS use some CPU by checking it, but when we don't do nothing...

The other items that you related, are system files and/or registry entries?

What do you think about having an additional protection for advanced/expert users, like SpywareTerminator have with its great Realtime Shield that alert you about changes in important system areas...?

The other items are system items and registry items. We may add additional sheild type protection - but too many shields can cause conflicts with other software - we want to be able to co-exist with other software.

Share this post


Link to post
Share on other sites
We may add additional sheild type protection - but too many shields can cause conflicts with other software - we want to be able to co-exist with other software.

If you add it as an option, the user can decide...

Share this post


Link to post
Share on other sites
We may add additional sheild type protection - but too many shields can cause conflicts with other software - we want to be able to co-exist with other software.

If you add it as an option, the user can decide...

Yes - but we may focus on detecting and removing more of the hard to remove rootkits and spyware that others miss before we add the shields as that is more critical (currently).

Share this post


Link to post
Share on other sites
Yes - but we may focus on detecting and removing more of the hard to remove rootkits and spyware that others miss before we add the shields as that is more critical (currently).

I agree with that...

This kind of shield is very good to prevent threats, but you should work hard to try to detect and remove all the current dangerous malware...

Keep the excellent work.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×