Copyright © 2010 F-Secure Corporation. All rights reserved. Page 10 of 15
Attempts to open or execute the infected files previously copied to the virtual machine will get
detected and blocked by real-time scanning, so malware cannot activate on the computer
regardless of this problem.
Only a single file can be scanned when its shortcut is right-clicked [57568]
In Explorer, the user may select multiple files, then right-click the mouse, and scan the selected
files from the right-click menu. In case one of the selected files is a shortcut file to another file,
and mouse is clicked on top of this shortcut, the right-click menu only allows the single file (to
which the shortcut points) to be scanned, and the other selected files will not be scanned.
Windows Vista: Real-time scanning does not scan files being backed up with the block-
level backup method [56759]
When the hard disks are being backed up with the block-level backup method, the backup
process will not back up the disk file
by file, but will read the disk “raw”, sector by sector.
Because of this, real time scanning will not scan the files as they are being backed up, and
infected files will end up in the backup store. Similarly, the infected files may not be detected
by real-time scanning when they are restored from backup.
On Windows Vista, the block-level backup method is used if the user chooses to use the
“Complete PC Backup” option. If the "Back Up Files” option is selected, the chosen files/folders
will be backed up file by file: in this case, real-time scanning will block access to the infected
files, and the backup process will be aborted.
Real-time scanning may interfere with System Restore [56695]
In case virus or spyware infections are present or have previously been present on the system,
the System Restore feature may fail to restore the system to a previous restore point. This may
happen because the real-time scanning feature will block any access to infected files. This
applies both in case System Restore tries to delete an existing infected file, and in case it tries
to restore an infected file from the previous restore point. As System Restore fails to open the
infected file, it will treat this error condition as a fatal error and will abort the restore process.
As a workaround, disable real-time scanning before starting the restore process, and re-enable
it after its completion.
More information about how System Restore is affected by Anti-Virus products is available in
Microsoft’s KB article at
http://support.microsoft.com/kb/831829
.
Command-line scanner and scheduled scanning tasks may find more spyware than
scanning tasks executed from user interface [55119]
In some cases, the command-line scanner and scheduled scans may find more spyware than
manual scanning task executed from user interface (UI). These two scanning methods are
related because the scheduled scanning tasks actually use the command-line scanner
(fsav.exe). There reason for this is that the scheduled scans run under a different user account
(Local System, as opposed to the currently logged on user account used for UI-started
scanning tasks). The Local System account has access to some folders where the user does
not have access, like the System Restore folder.
