I have learned, from experience, that setting the rootkit to full causes a “threat detected” when there is no threat.
I have ran a boot scan, and found nothing. I am wondering why there is even a “rootkit full scan” setting at all? Is there a need for a “full” scan for rootkits? If nothing else I am curious. This has nothing to do with a recent scan! :-\
Well, if you want to scan for hidden malware (a.k.a. rootkits), you can run a specialized scanning called “rootkit full scan”. Why not?
If finding “hidden” rootkits is important why is the default setting at “quick” and not “full”? ???
Maybe because…
and the default settings are for average users, who do not want to be chasing around FP’s.
Because quick is quick, full is full, everything.
I think you are right…concerning false positives. A full scan for rootkits could find a lot of FP’s.
i don’t see how to configure a boot-scan for rootkits (avast pro 6.0.1289).
but i see from these posts that a boot scan may not be the best strategy for detecting a rootkit – so what is the most efficient strategy – where will i most likely find rootkits – there’s no point wading through entire gigabytes of paths where rootkits are never to be found – barking up the wrong tree.