It appears I am confused about the difference between a 'deep' scan and a 'full' scan. A comment by JimM in another thread is shown below. The online help is ambiguous.
I was under the impression that if I chose 'deep' scan and pointed WRSA to a selected directory tree, it would grind through every file and archive and unpack/unroll archives of archives files to the end leaf. But it appears that I need to select 'full' scan in order to accomplish a thorough scan.
-- Roy Zider
Quote by JimM in another thread:
That is because a deep scan only scans potential threats. There are some files on your computer that can be ruled out as threats and are therefore left out of the scan by default. You could run a full scan if you want to scan every last file, but that isn't advised since you are already protected by running the intelligent deep scan and via protection through the shields, which operate in real-time.
Best answer by Kit
Think of it as a deep scan does scanning to a depth of 10 across the selection of items that I explained (or am about to) in the other thread, while a Full Scan does scanning to a depth of 3 across everything on the whole computer. So, wide and shallow, or focused and deep.
A deep scan examines running processes, performs heuristics and behavioral studies and primes unknowns in a sandbox. It also checks differences between raw, kernel, and user views to check for rootkits and looks for currently-running processes that are doing something other than what their initial code implies they shold be doing.
A full scan only gets the hash signature of the files and compares it to the online database. So, a full scan is pretty much the equivalent of other AV programs in the concept of comparing signatures.