Solved

Custom / Full Scan, files that may not be scanned

  • 9 January 2013
  • 1 reply
  • 57 views

I found this post by JimM in the community forum The difference between a 'deep' scan and a 'full' scan Labels custom scan,deep scan,full scan by JimM on ?06-29-2012 01:23 PM - edited on ?06-29-2012 01:16 PM by CatB One of the sections on the post has this topic:. Custom/Full scan: This is a full inventory of all of your files against the database. My question: I cannot seem to find any “setting” in SecureAnywhere Personal that refers to Custom/ Full scans. In fact there seems to be no information about what files/directories are scanned when the “scan now” is selected. The above article under the topic of: Deep scan: This is the normal, default scan mode. Webroot SecureAnywhere (WSA) inspects system configuration information (registry and file locations, running processes, loaded modules, etc) to determine what is loaded into memory, and what definitely will or is likely to load into memory during normal computer use. These files are then initially scanned by generating an MD5 hash of the full file and submitting it to the cloud system. The “Deep scan” talks about “running processes, loaded modules, etc” but is vague about what files, directories, partitions, if any, are scanned. Is there additional information about Webroot SecureAnywhere file scanning and how it can detect a virus or malware file that is not currently, and has not been recentlyv loaded into memory? Thanks
icon

Best answer by JimM 9 January 2013, 17:59

View original

1 reply

Userlevel 7
I moved this thread out of the business side of the community since your subscription appears to be for a non-business license.  If I'm mistaken, please let me know, and I'll move it back.
 
The article you're referring to is this one.
 
The setting itself is found via PC Security -> Custom Scan
 
I think the question you're asking is looking for a specific answer where only a relative answer can be provided.  As we mention in the article, "Webroot SecureAnywhere (WSA) inspects system configuration information (registry and file locations, running processes, loaded modules, etc) to determine what is loaded into memory, and what definitely will or is likely to load into memory during normal computer use."  The things loaded or which will possibly be loaded are going to be different for every computer, so we can't point at specific file names in this reply and say "those!" 
 
We can point at some of the ways WSA determines what those files or foldes are on a computer however.  There are places WSA can look in your registry to determine if something is already running or is likely to run.  An example of one such place that is visible without opening regedit and digging through keys is your run key data, which is viewable via msconfig.  Every time your computer boots, it has a couple of keys it checks to see if something has been entered there to be automatically run at startup.  You can view these by searching on your start menu for msconfig* and running it.  Then go to the Startup tab and you'll see that particular list.  That's an easy example to demonstrate because there is a correlative menu that you can access and check yourself.
*Please do not change any settings in msconfig without seeking advice if you are not a trained professional.
 
Some of the areas WSA checks are not so easy to visibly point at and say "this one," but the idea behind checking those entries/paths/locations is the same.  When it finds a threat that is either already running or scheduled to be run, it can then analyze what the file would be doing.  Some threats will activate or in some way rely upon malcious code in another malicious file, and WSA can detect that by virtue of examining what the initial threat is trying to do.  It can then act upon that newfound information accordingly and branch out its scan into areas it then knows it needs to check where otherwise no automated run action could be taking place.  In short, a deep scan is comprehensive, but it's not realistic to list every possible location it would ever look in.

Reply