An AV Question

I never use and AV so I haven't tested this.


In general can AV's intercept and block malware from running before the malware executes and runs? Because I have always wondered this.

Edit I'm talking about blacklisted files which AV's have in its data base.


SSJ you used to use Avira did you ever test the speed it intercepts malware from running?

I'm not too sure arran. I really only used Avira on-demand. Black-listing technology on-demand works perfectly with my security setup/approach. I now only use Hitman Pro, as I got sick of updating Avira haha.

I could test it for you though, and see if eg. Avira in real-time flags the virus faster than my SRP when it is executed!

Thanks SSj I have always wondered this, Its all about the speed AV's can intercept and block. If Malware can execute and run before your AV intercepts and block then its all over.

Thats if AV's do block Malware from Running? Or don't AV's block execution?

I'm gonna do some testing as well probably starting with Nod32.

Tested Avira AntiVir and observed how fast it flagged some zero-day malware on execution.

Basically what I'm noticing is that Avira (and in my experience, all AV software in general) are able to successfully block the malware from executing if it detects it. I think this is simply because the AV real-time scanner analyses the file BEFORE it is allowed to execute. If it detects it as malware, then the file is unable to be executed unless you allow it.

Avira actually flags the file faster than my SRP blocks it simply because of this reason (it scans on READING and writing files).

arran wrote:In general can AV's intercept and block malware from running before the malware executes and runs?

Sure, through monitor module.

Nowadays all av products have a memory resident module that scans every file that is executed in the system.