Computer systems: virus scans and date modified

Posted on Posted in computer systems No Comments Tagged with , ,

Self-tutoring about computer systems: the tutor mentions an interesting discovery about virus scanners.

The following is according to my understanding.

I was researching why sometimes a file’s “last modified” date might be more recent than expected. What I found is surprising, but makes sense at the same time.

Apparently, some virus scanners can alter a file’s “last modified” date. The reason is that a given virus scanner may mark a file somehow in order to indicate it’s been scanned. Yet, that same marking, to the operating system, may mean the file has been modified.

To me, this makes sense, for this reason: when I haven’t run a full scan on a system for a few months, it takes noticeably longer than if one just did a full scan last week. Therefore, one might imagine the scanner marks the files as they are scanned. Then, next scan, the virus scanner may look at the file’s last modified date. If that was the result of a scan, it knows it needn’t scan that file again.

Source:

learn.microsoft.com

community.f-secure.com

Jack of Oracle Tutoring by Jack and Diane, Campbell River, BC.

Leave a Reply