G
Guest
For now, I prefer Prevx 1 to MSAS as an IPS (intrusion prevention system).
I won't bother going into the reasons. A weak point to Prevx is that is has
no means of performing an on-demand scan. With MSAS, Prevx, anti-virus
software, firewall, and whatever security you use, there is still avenues
for pests to get onto your system but remain dormant; i.e., their infected
file gets on your system but it is never called, accessed, or executed
(which should get caught by the IPS). Even an virally infected file with a
signature known to your anti-virus program's scanner could get onto your
hard drive; e.g., you disable your AV program during an install and the
install has the infected file, then you reenable your AV program but its
on-access scanner won't find the infected file but its on-demand scanner
will.
So I'd like to have the ability of MSAS with its signature database to use
as an on-demand scanner to hunt for dormant pests that will sit under the
radar of the on-demand scanners or IPS'es that rely on monitoring critical
areas, files, or are event driven. If I install MSAS and disable all its
monitors, will *nothing* of MSAS get loaded into memory? That is, is there
a way to install MSAS but have it not run but only use it to perform a
[scheduled] scan?
I had the Beta 1 back several months ago but it impacted performance on half
of my hosts so I uninstalled it. Regardless of Beta 2 being better, it and
Prevx would duplicate functionality and I only want MSAS to use as an
schedulable on-demand scanner.
I won't bother going into the reasons. A weak point to Prevx is that is has
no means of performing an on-demand scan. With MSAS, Prevx, anti-virus
software, firewall, and whatever security you use, there is still avenues
for pests to get onto your system but remain dormant; i.e., their infected
file gets on your system but it is never called, accessed, or executed
(which should get caught by the IPS). Even an virally infected file with a
signature known to your anti-virus program's scanner could get onto your
hard drive; e.g., you disable your AV program during an install and the
install has the infected file, then you reenable your AV program but its
on-access scanner won't find the infected file but its on-demand scanner
will.
So I'd like to have the ability of MSAS with its signature database to use
as an on-demand scanner to hunt for dormant pests that will sit under the
radar of the on-demand scanners or IPS'es that rely on monitoring critical
areas, files, or are event driven. If I install MSAS and disable all its
monitors, will *nothing* of MSAS get loaded into memory? That is, is there
a way to install MSAS but have it not run but only use it to perform a
[scheduled] scan?
I had the Beta 1 back several months ago but it impacted performance on half
of my hosts so I uninstalled it. Regardless of Beta 2 being better, it and
Prevx would duplicate functionality and I only want MSAS to use as an
schedulable on-demand scanner.