After searching the board and reading the help-files I am still confused about the following (I know this has been asked before, but I do not understand the answers):
I will try to be concrete:
Resident task, Scanner(Advanced), Scan files on open:
Which file-types are scanned by default? Nothing is fillled in and only scan wsh-files is checked. After this only jscript, vbscript etc should be scanned on open in addition to the files set in scanner(basic).
Resident task, Scanner(Basic)
I have everything checked in scanner(Basic). I suppose this means different executables like exe bat com. What about doc? What about xls? Please clarify.
Resident task, Scanner Advanced , Scan created/modified files.
This is clear to me because you can choose between all files or a predefined set of files or type in your own set.
As you can see I find this unlogical but I think it is important to track what is scanned on open. By opening standard shield now and then I observe that in addition to exe and dll also html are scanned. Why?
I have looked on Technicals faq and seen his suggestions for what to put in scan on open. A lot of extensions(nearly like all *).
It suprises me that no extensions are checked by default on open(only wsh) in either normal or high settings for the standard shield. Please clarify!
1. Resident task, Scanner(Advanced), Scan files on open:
Which file-types are scanned by default? Nothing is fillled in and only scan wsh-files is checked. After this only jscript, vbscript etc should be scanned on open in addition to the files set in scanner(basic).
Yes this is correct, only scripts are scanned by default thanks to this setting.
2. Resident task, Scanner(Basic)
I have everything checked in scanner(Basic). I suppose this means different executables like exe bat com. What about doc? What about xls? Please clarify.
You see the setting “Scan OLE Documents on open”? That’s it (office documents are so called OLE files)
As you can see I find this unlogical but I think it is important to track what is scanned on open. By opening standard shield now and then I observe that in addition to exe and dll also html are scanned. Why?
I doubt that. It’s more likely that these files are actually being written (typically to the browser cache folder).
To sum up, by default, the following is being scanned on-open:
Well I believe the default settings really provide a good balance between security and performance. Adding stuff like * to the list of extensions is indeed possible but doesn’t give you much extra protection (IMHO).
One thing to note: if you’re using WinXP, there’s a nice feature in the Standard Shield that we call “fancy path caching”. Basically, it means that files that have been already re-scanned are not scanned on next access, provded they’re not changed in the meantime.
This can be easily seen by e.g. executing a program multiple times. Only the first access will trigger a scan.
Thanks to this advanced (and quite unique AFAIK) feature, the overall overhead of the Standard Shield is pretty low.
I have XP home and every time I start Ad-aware the scanned count goes up by 1, ball spins and last scanned is adaware.exe, so its not caching? (using normal setting in standard shield)
Something must be changing in AdAware (the same happened to me, but the scan count goes up by 2-3). However doing the same check starting Spybot S&D, closing and starting again doesn’t cause a second scan of the SpybotSD.exe file.
There are other files that the smart scan, scans again, however checked windows event log, scans first time but not subsequent times.
So something must be happening to warrant being scanned, better safe than sorry.
;D