Re: AV - Full scans or On Access Scans

[Gary Flynn <flynngn () JMU EDU>]

Charlie Prothero wrote:
> We had the same problem at Keystone  College.  Theoretical question 
> here: Say a piece of malware gets onto a machine before your AV software 
> has a signature for it.    The AV software is subsequently updated to 
> detect that malware.  If the malware had managed to install itself, it’s 
> gone on the next reboot.  Otherwise, it’s just sitting on the drive, 
> undetected because it isn’t referenced.  If it was, the AV software 
> would nab it.  Obviously, it’s not **desirable** to be storing a virus 
> collection, but how much of a problem would it be, provided the AV 
> on-access scanner is active?


We schedule full scans and I had always wondered the same thing.
However, we've had cases where the full scan detected something,
the machine was inspected, and undetected malware was active.
So I've come around to believing the full scans are a valuable
defensive layer.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature