Solved

When scanning a network drive does antivirus load the whole file locally to scan it?

Posted on 2009-04-07
4
599 Views
Last Modified: 2013-12-09
Im trying to understand something, not fix anything. This question seems so noob Im almost afraid to ask it but hear I go. If I map a network drive and open a 1MB word document , 1MB worth of data needs to travel from the mapped location to my PC for me to view it  correct?  If so what if I scan the same 1MB file with Antivirus from my PC? Is 1MB travelling from the mapped location to my location or does Antivirus only check certain aspects of a file not requiring a full transfer?
0
Comment
Question by:ksachs
  • 3
4 Comments
 
LVL 5

Accepted Solution

by:
Mechanic_Kharkov earned 500 total points
ID: 24093226
It all depends on method that your AV uses to scan file. Using Netbios software can read file data partially from network. There is no need to AV to get all file locally to start to process it unlike the Word that need the whole file to be loaded to temporary location to open it. Word depend on format of file that is container with complex structure that cannot be used partially.
So, Your question cannot have unambiguous answer. All is in AV hands. It can decide to load entire file if it is container (e.g. archive file), or just check it's header to understand that file is not infectable.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 500 total points
ID: 24093256
In addition some AV (like Kaspersky's) use NTFS streams to store extra info about scanned files, and use this info to speed up next scans. Upon this info AV can accept file scanned even don't trying to open it. But as far as I know, this feature is available locally only because there is no way to access NTFS streams remotely via netbios.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 500 total points
ID: 24093287
If this question is really annoying for You and You are ready to experiment then I would recommend to use nice monitor of file access (and network too) activity to solve the question with empiric experience. :-)
It shows in which way files are opened, at which offset and which amount of data is read. And it has filter with desired process, so You will be able to monitor the AV's file accesses only.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Secure/Block uploads to ftp server 8 113
Anti-virus for Linux Server 15 127
Kaspersky Antivirus reports 4 59
Symantec Endpoint Protection blocking autorun.if 13 26
There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now