?
Solved

When scanning a network drive does antivirus load the whole file locally to scan it?

Posted on 2009-04-07
4
Medium Priority
?
638 Views
Last Modified: 2013-12-09
Im trying to understand something, not fix anything. This question seems so noob Im almost afraid to ask it but hear I go. If I map a network drive and open a 1MB word document , 1MB worth of data needs to travel from the mapped location to my PC for me to view it  correct?  If so what if I scan the same 1MB file with Antivirus from my PC? Is 1MB travelling from the mapped location to my location or does Antivirus only check certain aspects of a file not requiring a full transfer?
0
Comment
Question by:ksachs
  • 3
3 Comments
 
LVL 5

Accepted Solution

by:
Mechanic_Kharkov earned 2000 total points
ID: 24093226
It all depends on method that your AV uses to scan file. Using Netbios software can read file data partially from network. There is no need to AV to get all file locally to start to process it unlike the Word that need the whole file to be loaded to temporary location to open it. Word depend on format of file that is container with complex structure that cannot be used partially.
So, Your question cannot have unambiguous answer. All is in AV hands. It can decide to load entire file if it is container (e.g. archive file), or just check it's header to understand that file is not infectable.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 2000 total points
ID: 24093256
In addition some AV (like Kaspersky's) use NTFS streams to store extra info about scanned files, and use this info to speed up next scans. Upon this info AV can accept file scanned even don't trying to open it. But as far as I know, this feature is available locally only because there is no way to access NTFS streams remotely via netbios.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 2000 total points
ID: 24093287
If this question is really annoying for You and You are ready to experiment then I would recommend to use nice monitor of file access (and network too) activity to solve the question with empiric experience. :-)
It shows in which way files are opened, at which offset and which amount of data is read. And it has filter with desired process, so You will be able to monitor the AV's file accesses only.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question