Try to employ some logic here. Q: Why does a realtime scan not find something? A: Because the file is never accessed.
If the answer above is NOT the answer, then the realtime scanner is broken and that AV product should be abandoned. Q: When does a realtime scanner identify malware? A: When it's accessed by the operating system. Q: What does a malware file that's never accessed do to a system? A: Use up free space on the hard drive. Nothing more. Scheduled scans are limited to signature-based identification, and as we all know, signature detection has largely been defeated of late. The name of the game is preventing dangerous execution behaviors, and that kind of detection and prevention is part of realtime detection mechanisms. As realtime scanners evolve and improve, they will find malware that scheduled scans miss. Carl -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:31 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down On Thu, Oct 22, 2009 at 19:21, Carl Houseman <c.house...@gmail.com> wrote: > What's the answer to my question? (highlighted below in case you missed it) The answer is: I don't know, but the VIPRE realtime scans aren't catching what the scheduled scans are catching. > Here's another: How dangerous is a malware file that resides on a hard > drive and is never accessed? As dangerous as the next click or carriage return, or File/Open operation. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~