D E F I N I N G S E T T I N G S
•
Redundant scanning tool checks not just the entry points into a
file that are used by the system when processing, but the entire
contents of the examined files. In most cases a virus registers it-
self in the entry point of a file with a reference to its body that is
usually appended to the file contents. To delete such virus you
just need to run an ordinary scanning operation that will remove
the virus code located in the file entry point and the virus body
pointed by the initial address. However, sometimes the virus di-
vides its body into several parts and places them into clear areas
of the file. In this case an ordinary scanning operation will neu-
tralize the virus (i.e. the virus code in the entry point and main
part of the virus body will be deleted) but some of its parts will
remain in the file. This is the case when you need to run the re-
dundant scan operation that will check not only the file entry
points but also the entire contents of your file.
To enable the advanced checking tool searching for corrupted
or modified viruses,
type
Yes
in the
Warnings
line of the profile.
To enable the heuristic detecting tool searching for unknown
viruses,
type
Yes
in the
CodeAnalyser
line of the profile.
This parameter corresponds to the command line switch
-H[-]
. The
switch
-H
disables and the switch
-H-
enables the heuristic detecting
tool.
By default, the anti-virus scanner always uses Code Analyzer to
check files for unknown viruses. Disabling of the heuristic detecting
tool is not recommended!
If the heuristic tool detects certain instructions (such as — to open a file, to
write into it, to intercept the interrupt vectors etc.), the file is suspicious and
the program generates the appropriate message:
Suspicion: <TYPE>
52
