No, that's not the only way a threat is eliminated before being activated. After signatures are updated, the realtime scanner will sound off as soon as something or someone tries to activate or copy it.
If nothing tries to activate it or copy it then there's no harm. It's just occupying disk space. The only case I can make for a scheduled scan is when the undetected malware is already active on the system, then the signatures are updated to detect it, but the machine is not rebooted. Since the malware is already active, there might not be a file access for the realtime scanner to check. So a scheduled scan can provide the notice that "you're screwed". But any malware worth its salt is more likely to defeat the AV signature updates or hide behind a rootkit and get missed by all scan methods. Conclusion: There is no way that a scheduled scan prevents infection that the realtime scanner wouldn't also prevent, assuming both scheduled and real-time scans are equally effective at detection. Carl From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, October 22, 2009 10:55 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down If a zero-day malware lands on your system but didn't get triggered right away, and a signature became available in a few days, the only way to eliminate the threat before it gets activated by time or by user is with a scheduled scan. I've had the scheduled scans catch things that no sig was available for when then originally landed. ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Providing Competitive Advantage through Effective IT Leadership On Thu, Oct 22, 2009 at 10:21 PM, Carl Houseman <[email protected]> wrote: What's the answer to my question? (highlighted below in case you missed it) And if you correctly answer the question, how do scheduled scans prevent an infection that real-time scanning wouldn't prevent? Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? Carl -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, October 22, 2009 10:01 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down I'd believe you, except that I get reports from every scan of new bits of infestation, on at least 2 or three machines. Um, perhaps 'infestation' is not the right word. Let's say 'unwanted software' instead. Once in a while it's truly nasty, but more often is adware or some other silliness like the popcaploader crap from online games. Now, once we get to the point of eliminating admin rights for users on their desktops, I'll be more likely to agree with you. Kurt On Thu, Oct 22, 2009 at 18:30, Carl Houseman <[email protected]> wrote: vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv > All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Scheduled scans are about as useful as software firewalls... > > Carl > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
