Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 5551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scheduled Scan: Necessary?

sophos_fan

I have a question - hope someone can answer and help clarify this:

How can Sophos' scheduled scan detect threats that are not detected/remediated by the realtime protection? In other words, why would someone turn on the scheduled scan feature if they already have realtime scanning set up?  If a threat signature gets added after a rogue application gets installed, realtime protection would identify it when the application is run (after the signature update) anyway. Are there any use cases from Sophos or from the enterprise endpoint security users related to this?

Thanks in advance.

:4564


This thread was automatically locked due to age.
Parents
  • 0

    Todays malware is more about getting money then causing issues. If a root kit to collect data has passed through the real time definition or HIPS protection you may become aware of it through the scheduled scan reporting items found on the computer. The clean up process for the items found may show they are used to load other items or related to root kits you have seen in other places. I have seen this happen before, alerts come in of real time blocking of malware attacks that research showed were trying to install data collecting root kits. Parts of the same malware were found later in scheduled scans and when deeper research was done on those systems using root kit removal tools there were root kits found on the systems. 

    Many threats today are coming straight through the Internet with root kit technology being included in them. Sophos has added root kit scanning to their default scan settings but one would still need to include it into a scheduled scan manually.

    One such malware is this:

    http://www.sophos.com/security/analyses/viruses-and-spyware/trojtdl3mema.html

    :4607
Reply
  • 0

    Todays malware is more about getting money then causing issues. If a root kit to collect data has passed through the real time definition or HIPS protection you may become aware of it through the scheduled scan reporting items found on the computer. The clean up process for the items found may show they are used to load other items or related to root kits you have seen in other places. I have seen this happen before, alerts come in of real time blocking of malware attacks that research showed were trying to install data collecting root kits. Parts of the same malware were found later in scheduled scans and when deeper research was done on those systems using root kit removal tools there were root kits found on the systems. 

    Many threats today are coming straight through the Internet with root kit technology being included in them. Sophos has added root kit scanning to their default scan settings but one would still need to include it into a scheduled scan manually.

    One such malware is this:

    http://www.sophos.com/security/analyses/viruses-and-spyware/trojtdl3mema.html

    :4607
Children
No Data