How virus and spyware scans work in SEP 12.1?
We all know that going forward with SEP 12.1 Antivirus and AntiSpyware has been renamed to Virus and Spyware. Now the question arises how does How virus and spyware scans work in SEP 12.1?
Virus and spyware scans identify and neutralize or eliminate viruses and security risks on your computers. A scan eliminates a virus or risk by using the following process:
■ The scan engine searches within files and other components on the computer for traces of viruses within files. Each virus has a recognizable pattern that is called a signature. Installed on the client is a virus definitions file that contains the known virus signatures, without the harmful virus code. The scan engine compares each file or component with the virus definitions file. If the scan engine finds a match, the file is infected.
■ The scan engine uses the definitions files to determine whether a virus or a risk caused the infection. The scan engine then takes a remediation action on the infected file. To remediate the infected file, the client cleans, deletes, or quarantines the file.
Selected files: The client scans individual files. For most types of scans, you select the files that you want scanned.
The client software uses pattern-based scanning to search for traces of viruses within files. The traces of viruses are called patterns or signatures. Each file is compared to the innocuous signatures that are contained in a virus definitions file, as a way of identifying
Specific viruses.
If a virus is found, by default the client tries to clean the virus from the file. If the file cannot be cleaned, the client quarantines the file
to prevent further infection of your computer. The client also uses pattern-based scanning to search for signs of security risks within files and Windows registry keys. If a security risk is found, by default the client quarantines the infected files and repairs the risk’s effects. If the client cannot quarantine the files, it logs the attempt.
Computer memory
The client searches the computer’s memory. Any file virus, boot sector virus, or macro virus may be memory-resident. Viruses that are memory-resident have copied themselves into a computer’s memory. In memory, a virus can hide until a trigger event occurs.
Then the virus can spread to a floppy disk in the disk drive, or to the hard drive. If a virus is in memory, it cannot be cleaned. However, we can remove a virus from memory by restarting our computer when prompted.
Boot sector
The client checks the computer’s boot sector for boot viruses. Two items are checked: the partition tables and the master boot record.
USB Drive/ External Drive:
A common way for a virus to spread is through the USB drive. A USB drive might remain in a disk drive when you start up or turn off your computer. When a scan starts, the client searches the boot sector and partition tables of a USB that is located in the disk drive. When we turn off our computer, we are prompted to remove the disk to prevent possible infection.