Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

When scanning a network drive does antivirus load the whole file locally to scan it?

Posted on 2009-04-07
4
Medium Priority
?
631 Views
Last Modified: 2013-12-09
Im trying to understand something, not fix anything. This question seems so noob Im almost afraid to ask it but hear I go. If I map a network drive and open a 1MB word document , 1MB worth of data needs to travel from the mapped location to my PC for me to view it  correct?  If so what if I scan the same 1MB file with Antivirus from my PC? Is 1MB travelling from the mapped location to my location or does Antivirus only check certain aspects of a file not requiring a full transfer?
0
Comment
Question by:ksachs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 5

Accepted Solution

by:
Mechanic_Kharkov earned 2000 total points
ID: 24093226
It all depends on method that your AV uses to scan file. Using Netbios software can read file data partially from network. There is no need to AV to get all file locally to start to process it unlike the Word that need the whole file to be loaded to temporary location to open it. Word depend on format of file that is container with complex structure that cannot be used partially.
So, Your question cannot have unambiguous answer. All is in AV hands. It can decide to load entire file if it is container (e.g. archive file), or just check it's header to understand that file is not infectable.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 2000 total points
ID: 24093256
In addition some AV (like Kaspersky's) use NTFS streams to store extra info about scanned files, and use this info to speed up next scans. Upon this info AV can accept file scanned even don't trying to open it. But as far as I know, this feature is available locally only because there is no way to access NTFS streams remotely via netbios.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 2000 total points
ID: 24093287
If this question is really annoying for You and You are ready to experiment then I would recommend to use nice monitor of file access (and network too) activity to solve the question with empiric experience. :-)
It shows in which way files are opened, at which offset and which amount of data is read. And it has filter with desired process, so You will be able to monitor the AV's file accesses only.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question