I am trying to understand why iChecker makes so little difference to scan times.
I have read these threads, in which people make similar points:
and this description of iChecker:
I find almost no decrease in scan time through the use of iChecker. I wonder if this is because by far the majority of my files are non-executable.
The following is a quote from the Kaspersky Anti-Virus 6.0 Help file:
"There are limitations to iChecker: it only applies to objects with a structure that Kaspersky Anti-Virus recognizes (for example, .exe, .dll, .lnk, .ttf, .inf, .sys, .com, .chm, .zip, .rar)"
I assume .ttf is in that list because fonts are considered to be executable. Therefore .fon would also be included.
When I look at the log file from "Scan My Computer", I see that the only entries which are marked "iChecker" are for files with executable extensions. The majority of my files are non-executable and say "scanned" even though the files have not been changed since the last scan. In fact, I cannot find any example of a non-executable file which is marked "iChecker".
Is this intentional programming by Kaspersky Labs? KAV would surely "recognize" filetypes such as .bmp, .tif, .png, .txt and so on. I can only assume these are scanned because the iChecker database is only populated with entries for executable files (or archives which can contain them). Correct? If so, PCs that contain huge numbers of non-executable files will not benefit much from iChecker.
I have therefore applied some exclusion marks to .bmp files on one of my partitions (which contains tens of thousands of .bmp files) and so greatly reduced the scan times. I could, I imagine, apply an exclusion mask to the whole computer for all .bmp, .tif, .png, .jpg and some other special non-executable types (for example, .bgl). But novice users would not expect to define exclusion masks for non-executable files.
If, for some reason, Kaspersky Lab do not use iChecker for non-executables I wonder if you could include default exclusion masks for non-executable, and hence non-infectable, filetypes. Perhaps the experts could comment on whether this would create a security risk. But it seems to me that the risk would be no greater than from the default list of trusted modules, for example.
Any clarification would be most welcome!