Solved

When scanning a network drive does antivirus load the whole file locally to scan it?

Posted on 2009-04-07
4
618 Views
Last Modified: 2013-12-09
Im trying to understand something, not fix anything. This question seems so noob Im almost afraid to ask it but hear I go. If I map a network drive and open a 1MB word document , 1MB worth of data needs to travel from the mapped location to my PC for me to view it  correct?  If so what if I scan the same 1MB file with Antivirus from my PC? Is 1MB travelling from the mapped location to my location or does Antivirus only check certain aspects of a file not requiring a full transfer?
0
Comment
Question by:ksachs
  • 3
4 Comments
 
LVL 5

Accepted Solution

by:
Mechanic_Kharkov earned 500 total points
ID: 24093226
It all depends on method that your AV uses to scan file. Using Netbios software can read file data partially from network. There is no need to AV to get all file locally to start to process it unlike the Word that need the whole file to be loaded to temporary location to open it. Word depend on format of file that is container with complex structure that cannot be used partially.
So, Your question cannot have unambiguous answer. All is in AV hands. It can decide to load entire file if it is container (e.g. archive file), or just check it's header to understand that file is not infectable.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 500 total points
ID: 24093256
In addition some AV (like Kaspersky's) use NTFS streams to store extra info about scanned files, and use this info to speed up next scans. Upon this info AV can accept file scanned even don't trying to open it. But as far as I know, this feature is available locally only because there is no way to access NTFS streams remotely via netbios.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 500 total points
ID: 24093287
If this question is really annoying for You and You are ready to experiment then I would recommend to use nice monitor of file access (and network too) activity to solve the question with empiric experience. :-)
It shows in which way files are opened, at which offset and which amount of data is read. And it has filter with desired process, so You will be able to monitor the AV's file accesses only.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Has this user really been infected by Ransomware? 3 157
Possibility of Outlook running on Linux 6 361
Gpora virus - GPO  lockdown on RDS/TS server 6 35
Total AV worth it? 4 324
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question