igor0
10
Well, I admit I didn’t read the whole essay, so I might have skipped something, but a few points:
- you do have control over your computer - e.g. by using the exclusion list. The fact that excluding a file is a bit harder than just clicking a button is intentional.
- the block is a one time operation (possibly with a short caching, but not permanent like moving to chest) - if you restart the computer, or only stop the FileSystem Shield and then start it again, the block is gone (though it will probably be detected again, unless the FP has been fixed or the file excluded)
- if the log says that the file was moved to chest, yet a different action was chosen, then it should be fixed, of course
- FPs should be fixed quickly by the virus lab; the list of exclusions is used by many people to avoid scanning of unnecessary items (or at least they think they’re unnecessary) to speed up scanning; verifying hashes wouldn’t make sense in that case, as it would most likely be slower than the scanning itself.
- if we’re talking about executables, you can set the FileSystem Shield exclusion so that it applies to execution only, and not to writing. This way, the modification (e.g. a replacement by a malicious file) would be detected.