Solved

Checking a Windows drive on another computer

  • 12 April 2013
  • 1 reply
  • 439 views

If I attach a Windows OS drive via USB probably to another computer and run SecureAnywhere on that computer is it going to do a complete check of the drive? In particular is it going to look into the registry, the boot sector and any other things other than files? If the answer is yes thats good. Is this true in general with other anti-virus software?

This seems to be one of the best and most reliable ways to remove viruses.
icon

Best answer by JimM 12 April 2013, 23:53

It isn't really possible to provide the same kind of protection via that method.  WSA understands the registry structure of operating system into which it is installed, but when it comes to remediating pre-made changes to a registry on a foreign drive, there are technical limitations that apply to all AV software.



The method you're describing, while it will remove viruses in executable files, is limited by comparison to having the actual AV software installed on the system itself.  Even then, we're looking at a post-infection scenario, in which while WSA will clean the system, it hasn't had the opportunity to journal and roll back changes the infection made.  Which is to say, the infection will be cleared off, but it's more likely under such a scenario that some damage will already be done.



In fact, the best and most reliable way of protecting a system is to have WSA on it from the start.  Then, not only does the infection get blocked at the point of entry, but also even in cases where WSA "misses" it initially, it will be fully able to roll back the changes made by the infection once it registers it as a threat.



This video explains how that process works:





The journaling and rollback is one of the main things that sets WSA apart from other AV software.



tl;dr It will clean off the infection itself, but you're much better off having WSA on the system from the start.
View original

1 reply

Userlevel 7
It isn't really possible to provide the same kind of protection via that method.  WSA understands the registry structure of operating system into which it is installed, but when it comes to remediating pre-made changes to a registry on a foreign drive, there are technical limitations that apply to all AV software.

The method you're describing, while it will remove viruses in executable files, is limited by comparison to having the actual AV software installed on the system itself.  Even then, we're looking at a post-infection scenario, in which while WSA will clean the system, it hasn't had the opportunity to journal and roll back changes the infection made.  Which is to say, the infection will be cleared off, but it's more likely under such a scenario that some damage will already be done.

In fact, the best and most reliable way of protecting a system is to have WSA on it from the start.  Then, not only does the infection get blocked at the point of entry, but also even in cases where WSA "misses" it initially, it will be fully able to roll back the changes made by the infection once it registers it as a threat.

This video explains how that process works:


The journaling and rollback is one of the main things that sets WSA apart from other AV software.

tl;dr It will clean off the infection itself, but you're much better off having WSA on the system from the start.

Reply