Scanning and Auditing Malware
Anti-malware software can fail to detect very new malware. Don’t rely only on an anti-malware shield to keep your computers clean. Recall that even the latest version of a signature database will not have zero-day attack signatures. It is important to periodically scan the contents of your computers to detect any malware that the shields have missed.
The scan process is simple: The anti-malware scanner opens files that have been selected and searches them for malware. The scanner looks for copies of known malware signatures from the signature database in files selected for scanning. This can be a time-consuming process. It is important to carefully plan your scanning schedule and select the most efficient options for each scan. TABLE 5-5 lists the most important questions to consider when scheduling a malware scan for your computers. Each anti-malware software package has specific options that may differ among vendors, but the general questions you must answer are common among most anti-malware software.
TABLE 5-5 Malware Scanning Options |
|
|---|---|
| QUESTION | POTENTIAL IMPACT |
| Scan which drives? | Scanning physical disk drives takes longer and can degrade overall computer performance. For frequent scans, scan only the disks that are frequently used by users and applications. |
| Scan removable media? | For the best security, scan all removable media when it is inserted. This may cause excessive scan activity. Another option is to only require removable media scanning for any media introduced from outside your controlled organization. |
| Full or quick scan? | Quick scans generally only scan files that are likely to contain malware, such as executable files. Quick scans can reduce the negative performance impact on computers. Ensure full scans occur periodically, such as weekly. |
| Scan when? | Computers should be scanned for malware under any of the following circumstances:
|