Does a full scan in safe mode use heuristic detection like normal mode scan does?
I suspect that heuristic detection may be enabled, but since it is quite reliant on the cloud for its information, I would expect to see more reliance placed on signatures in safe mode. There is no access to the net in safe mode. Since most of the drivers are not loaded in safe mode, I'm not certain that there would be much activity for sonar to detect.
Is there any malware that will be detected via safe mode scan vs normal span. Plus, does heuristic in normal mode full scan to verify individual files?
Heuristic detection happens as a real time scanning, based on a combination of AutoProtect/SONAR, and will be active only when AutoProtect/SONAR is active. When you scan in safe mode, only Scan Engine will be active, all other components/services are disabled. Since most of the other programs, services, files, components does not work in Safe Mode,heuristic detection does not have much to do in Safe Mode. If you are interested to know more about Heuristic techniques used in AntiVirus programs, read the following article:
http://www.symantec.com/connect/articles/heuristic-techniques-av-solutions-overview
Yogesh
HI Folks,
One clarification. SAFE mode is commonly associated with no network access but there is an option in the Windows Boot menu for "Safe mode with networking" which does allow for internet access.
Best wishes.
Allen
Hi Allen M,
Updating NIS with Safe mode network access is not possible. Already tried.
Hi Tywin7,
Never said it was. I only clarified that there is a Safe mode option which has networking enabled.
Allen
tywin7-
heuristic detection isn't used when you do a manual scan. heuristics monitor how software is behaving when it runs to see if it is bad. so those softwares have to be running in order to have them analized by heuristic detection. so if theyre running then theyre already scanned by SONAR. you can do a reputation scan with 2011 and see what it is like with reputation.
so, heuristic detection isn't used in safe mode scan OR in normal mode scan ;]
whiplash wrote:
tywin7-
heuristic detection isn't used when you do a manual scan. heuristics monitor how software is behaving when it runs to see if it is bad. so those softwares have to be running in order to have them analized by heuristic detection. so if theyre running then theyre already scanned by SONAR. you can do a reputation scan with 2011 and see what it is like with reputation.
so, heuristic detection isn't used in safe mode scan OR in normal mode scan ;]
In principle you are correct, true heuristic detection only occurs in real-time, when the application launches. There are, however, some heuristic scan signatures where file executions are partially emulated and detections occur so the answer isn't a simple yes or no. Some heuristic detections occur during manual scans and others don't.
reese_anschultz wrote:
whiplash wrote:tywin7-
heuristic detection isn't used when you do a manual scan. heuristics monitor how software is behaving when it runs to see if it is bad. so those softwares have to be running in order to have them analized by heuristic detection. so if theyre running then theyre already scanned by SONAR. you can do a reputation scan with 2011 and see what it is like with reputation.
so, heuristic detection isn't used in safe mode scan OR in normal mode scan ;]
In principle you are correct, true heuristic detection only occurs in real-time, when the application launches. There are, however, some heuristic scan signatures where file executions are partially emulated and detections occur so the answer isn't a simple yes or no. Some heuristic detections occur during manual scans and others don't.
How about safe scan? Will that run heuristic scan?
Tywin7 wrote:
[...]How about safe scan? Will that run heuristic scan?
The virus signatures don't change regardless of whether you are running in safe mode or not, therefore, the emulated heuristic signatures will detect in safe mode while other real-time heuristic detections will not.
P.S. In short, any scan initiated by the user will have the same or better results when run in safe mode as a scan from a normal boot.