User about antivirus real-time monitoring and memory antivirus-vulnerability warning-the black bar safety net

2007-04-24T00:00:00
ID MYHACK58:62200715180
Type myhack58
Reporter 佚名
Modified 2007-04-24T00:00:00

Description

Antivirus real-time monitoring with in-memory scanning is a thing? Of course not. If not, then they have what is the difference?

In General, real-time monitoring is mainly to monitor the virus on the hard disk of the rewrite operation, the memory scan is mainly scans the memory of all processes and

the system32 folder under the file(memory antivirus refers to the process with the virus and the source file removed, just kill the process of clearing the virus source files of memory scan is spoofing the user's performance) the.

As far as I know, norton the real-time monitoring with in-memory scanning to do became a thing, called real-time protection. As far as I know, the Destroyer put two separate, real-time monitoring and memory scan are two different functions.

A, real-time monitoring with in-memory scanning to do became a thing

Advantages: real-time protection is obviously very strong, whether it is a“virus writing hard drives”or“virus”operation, Anti-Virus will alarm.

Disadvantages: it is share resources, because you perform any one of the files, anti-virus to work again. Once the real-time protection process is malicious to kill, because you even by a full scan, found a virus also the processing does not fall(the virus file is being calls.

Second, the real-time monitoring and memory scan separately

Advantages: the footprint is small, even if real-time monitoring of the process is malicious by the end of fall, but also through the memory scan to end the virus processes, clear out the virus from the hard disk to call the original virus file.

Disadvantages: real-time protection ability is weak, only the virus writes the hard drive's operation to the police. And perform a virus it will not necessarily alarm if a virus is very powerful, will definitely write to the registry or write to the boot sector or infect other files, this belongs to write the hard disk operation, The Destroyer will alarm; if the virus is not severe, such as hacking tools, the machine did not affect, only the other machine is affected, the execution time does not Alarm, but by the memory scan can be removed.