Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Full Scan Mode in Micorosoft Security Essentials


  • Please log in to reply
3 replies to this topic

#1 GWBlack

GWBlack

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 15 May 2011 - 05:13 PM

Hi Folks,

I've had Microsoft Security Essentials (MSE) loaded for 1.5 months on my Dell Inspriron (with 64-bit Windows7, 4GB RAM, 2.80 GHz AMD Athlon II X2 240). It's set to automatically scan (in Quick Scan Mode) every day. However, I like to manually run it in Full Scan Mode every few weeks "just in case." But the last two times I ran it in Full Scan, it took 14-16 hours. The last scan just took over 16 hours and scanned 2,294,820 items. My questions are:

1) Is this time (over 16 hours) excessive for Full Scan Mode? Despite deleting my temp internet files & history recently, at least the last 6-8 hours were spent checking literally hundreds of thousands (if not more) temp internet files in this location: C:\Users\Gary\AppData\Local\Microsoft\Windows/TemporaryInternetFiles.

2) When I view my temp internet files (before deleting), I don't see anything near that number of files - maybe just a couple hundred or one thousand at most. Is there a hidden directory somewhere with all these extra temp internet files that I could erase to speed things up in Full Scan Mode?

3) Upon finishing a FullScan today, it removed two threat files: Exploit:Java/CVE-2010-0094.DL and Trojan:Java/Rowindal.G. However, it doesn't seem to find such threats in QuickScan Mode when it runs automatically each day. According to my MSE History log, the only files removed so far were removed during the two manual Full Scans (4/25/2011 and 5/15/2011)? So is Quick Scan really that useful?

Thank you for any advice!
Best regards,
Gary

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 AM

Posted 15 May 2011 - 08:38 PM

The speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk used capacity (number of files to include temporary files) that have to be scanned.
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system resources by the scanner.
  • Other running processes and programs in the background.
  • Interference from malware.
  • Interference from the user.
-- Using two security scanning engines at the same time can cause each to interfere with the other, cause systems hangs, false detections, unreliable results and other unpredictable behavior.

-- If the screensaver, hibernation or Sleep Mode are not turned off before scanning, those features can sometimes have odd effects when attempting to resume normal mode.


Further, it is not unusual for an anti-virus or anti-malware scanner to be suspicious of compressed, archived, .cab, .rar, .jar, .iso, and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files or just ignore (skip) them. Certain files in the System Volume Information Folder like the Tracking.log (created by the Distributed Link Tracking Service to store maintenance information) have also been reported as a source causing some scanners to hang.

To speed up your scans, uninstall unnecessary programs, clean out the temporary files, temporarily disable any other real-time protection tools, close all open programs and do not use the computer during the scan. If the scan still seems slow or hangs, then try performing the scan in "safe mode".

is Quick Scan really that useful?

Generally there are three types of scans:
  • Quick Scan only looks at those folders/files most likely to contain malware...the most prevalent places where malware hides. Quick scans will vary depending on the security engine but they should take about 15-30 minutes.
  • Full Scan is much more comprehensive because it scans the entire hard drive (all folders/files) so it can take several hours.
  • Custom scan allows the user to select any files and folders on the hard drive to be scanned.
Anti-virus programs can use a scanning engine with Behavioral Analysis, Heuristic analysis or a combination of both. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

Upon finishing a FullScan today, it removed two threat files: Exploit:Java/CVE-2010-0094.DL and Trojan:Java/Rowindal.G

Your scan results indicate a threat(s) was found in the Java cache.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache manually to ensure everything is cleaned out:

Edited by quietman7, 15 May 2011 - 08:46 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 GWBlack

GWBlack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 15 May 2011 - 10:26 PM

Thank you very much for the detailed reply!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 AM

Posted 16 May 2011 - 06:27 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users