Jump to content

Recommended Posts

I noticed three options in 'Full Scan' Settings :

 

1) iSwift Technology

2) iChecker Technology

3) Heuristic Analysis

 

What I want to know is, what are these technologies and should these be switched ON? Do they provide a better protection against malware when switched ON?

Share this post


Link to post

Also,

 

"Do they provide a better protection against malware when switched ON?"

 

Good question that I have always wondered about too.

 

My deduction is that iSwift and iChecker have more to do with speed and efficiency of repeat scanning than providing any added protection. Heurisitc Analysis on the otherhand, as I understand it, would bring additional behaviorial elements into play within the scanning algorithms that should enhance detection rates.

 

However with that said, I could think of a somewhat simplistic scenario where if iSwift and iChecker were always left switched on and let's say Heuristics is off, and you had in fact been infected by a zero day virus that was not currently detectable by Kaspersky's signatures and a random scan was run that iSwift/iChecker would log the virus laden file entity as successfully scanned (no detection). Then let's say that after a few hours Kaspersky were to dowload a signature update that was able to detect that zero day virus that it could in theory bypass the infected file since iSwift/iChecker had already logged the file entity as having passed a prior scan that is still within its no rescan parameters. So, if my logic is right...security could perhaps be somewhat compromised in some circumstances if iSwift/iChecker is always set to on.

 

If that is not the case I would like to know.

 

FYI - I have iSwift and iChecker switched on and heuristics set to high but I turn iSwift/iChecker off whenever I launch a full system scan manually.

edit: Also,

Edited by richbuff

Share this post


Link to post

Well, even I have switched off iSwift and iChecker for time being. Now I'll update my database and then perform a full scan. And as for Heuristic Analysis, I have set it to 'Deep Scan'. I don't mind if my PC takes a longer time to perform a full scan but I certainly want my machine to be virus free. :-)

Share this post


Link to post

Keep the settings as they are by default and keep iSwift Technology and iChecker switched on.

Those are usually the best settings for the most users and don't slow down your computer either.

Share this post


Link to post

I would tend to agree that the default settings are best settings for mostusers. Are you sure the iSwift/iChecker defaults are set to "on" in KIS 2012? The last time I had to do a reinstall I thought I had to re-enable them but my recollection may be wrong.

 

However, over in the Virus section forums there has been prior advice given to turn off iSwift and iChecker when trying to eliminate some viruses. When I did a search on "iChecker iSwift" in the Viruses section I found this advice from moderator Dawgg in relation to a user with an infection (there were other similiar advice given as well):

 

"Ensure Kaspersky is up to date and perform a full MyComputer scan with scan settings at maximum. Ensure "scan new and changed files only", "iSwift" and "iChecker" are disabled."

 

So, it would seem to suggest that there are some trade offs (better speed but less thorough scanning) with these settings enabled (on). However, that is just speculation on my part from these older threads and I don't know without a Kaspersky programmer or other expert explaining specific benefits/risks of leaving these settings on or off in KIS/KAV 2012. Some of this may be proprietary as to the interactions within the scanning/detection scope.

 

Regardless, I only turn these setting "off" when doing a manual scan since I don't consider my PC use to put me into a extreme High Risk category and I keep all my resident personal files data encrypted on my drives for added security just in case of a security breach.

 

Share this post


Link to post

Also,

 

....However, over in the Virus section forums there has been prior advice given to turn off iSwift and iChecker when trying to eliminate some viruses. When I did a search on "iChecker iSwift" in the Viruses section I found this advice from moderator Dawgg in relation to a user with an infection (there were other similiar advice given as well): ...
That was because new malware was discovered in the persons logs, and the new malware was quarantined and the quarantined new malware was sent to the Lab, so new detection signatures could be added, so the new malware could be detected. After the quarantined malware was sent to the Lab, the person was instructed to disable iSwift and iChecker, to insure that the infected files would be scanned again, even though a scan may have been recently done.

 

That was a tactic for a special occasion (scan after samples were sent to the Lab).

 

For routine use, the default settings are best.

 

If you want to max your scan settings, then you can set them as dawgg has posted, such as here: http://forum.kaspersky.com/index.php?s=&am...st&p=731668

Edited by richbuff

Share this post


Link to post

Well, even I don't think iSwift and iChecker are enabled as default settings. And I switch them off just before running a Full Scan of my PC just to make sure that no file is left out without scanning, even if it means more resources and more time required.

Share this post


Link to post
Well, even I don't think iSwift and iChecker are enabled as default settings.
File AV: Both are default enabled.

 

Full scan: both are default enabled.

 

Critical area scan: iSwift is default disabled, and iChecker is default enabled.

 

Custom scan: both are default enabled.

Share this post


Link to post
Also,

 

That was because new malware was discovered in the persons logs, and the new malware was quarantined and the quarantined new malware was sent to the Lab, so new detection signatures could be added, so the new malware could be detected. After the quarantined malware was sent to the Lab, the person was instructed to disable iSwift and iChecker, to insure that the infected files would be scanned again, even though a scan may have been recently done.

 

And that is exactly the type of situation I am a bit concerned about in the scenario I described in my post #3 above.

 

So we are all in agreement that it is good that these settings in particular can be toggled off when desired to insure a full scan of all files against latest signatures. I guess it boils down to speed/resources vs degree of security one feels is necessary. Anyway, it's great that Kaspersky gives us these choices!

Edited by Dennie

Share this post


Link to post
I guess it boils down to speed/resources vs degree of security one feels is necessary. Anyway, it's great that Kaspersky gives us these choices!

That's exactly what I was going to say :)

 

I personally keep iSwift and iChecker enabled for file-AV (IMO the increase in security is tiny in comparison to the hit on performance) and I keep them disabled for Custom and Quick scans which I do every month-or-few.

I haven't done a full system scan for years now because I don't feel it is necessary to do this on my personal systems, but each to their own :)

Edited by dawgg

Share this post


Link to post

And what does 'Heuristic Analysis' exactly do? I have currently set it to 'Deep Scan', just to make sure that each file is scanned fully (please correct me if I'm wrong!).

Share this post


Link to post
Also,

 

That was because new malware was discovered in the persons logs, and the new malware was quarantined and the quarantined new malware was sent to the Lab, so new detection signatures could be added, so the new malware could be detected. After the quarantined malware was sent to the Lab, the person was instructed to disable iSwift and iChecker, to insure that the infected files would be scanned again, even though a scan may have been recently done.

 

That was a tactic for a special occasion (scan after samples were sent to the Lab).

 

For routine use, the default settings are best.

 

If you want to max your scan settings, then you can set them as dawgg has posted, such as here: http://forum.kaspersky.com/index.php?s=&am...st&p=731668

 

 

So the database or file(s) containing the information of iSwift and iChecker is not reseted/updated automatically whenever the new signatures are added or there is improvement in the heuristic detection and the user has to disable both manually and then the newly added detection will take place upon re-scanning which may done automatically. However this would be beneficial only when the user know about the infection. But what if the user does not know about the possible infection and consider his system clean while actually its system infection and don't disable iSwift and iChecker?

 

And by the way why my this post was deleted? I've to post this again.

Share this post


Link to post
So the database or file(s) containing the information of iSwift and iChecker is not reseted/updated automatically whenever the new signatures are added or there is improvement in the heuristic detection and the user has to disable both manually and then the newly added detection will take place upon re-scanning which may done automatically. However this would be beneficial only when the user know about the infection. But what if the user does not know about the possible infection and consider his system clean while actually its system infection and don't disable iSwift and iChecker?

 

And by the way why my this post was deleted? I've to post this again.

Because it was not the same post as this one and you were opening a 9 months old topic answering someone who was 9 months removed from the topic and most like not going to see this! You post in a confusing style, other removed posts today was 100% off topic in other persons threads.

 

Anyway the bottomline is that you haven't understood at all, the above situation was a special one. Under normal circumstances would this not have to be done at all, this was only done in that situation to be 100% sure. I guess you could say that normal users (pretty much all of us) should leave this alone, if you're a tin foil hat type then by all means uncheck these two option and "feel" safer. It will also demand more resources/slow scans a bit................your choice as a user.

 

 

Share this post


Link to post

Sorry for that, but actually I want to ask that regardless of above said scenario, does when the new definitions are released or improvement in detection techniques, the database or the files(s) storing the information of iSwift and iChecker should be reset automatically.

 

Share this post


Link to post
Sorry for that, but actually I want to ask that regardless of above said scenario, does when the new definitions are released or improvement in detection techniques, the database or the files(s) storing the information of iSwift and iChecker should be reset automatically.

You want a yea or a no, of course files get rescanned..................i guess it's a good time to read up on these two again and they work: http://support.kaspersky.com/faq/?qid=208286795.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.