[EDYTHE]

Win XP; SP2; ''dial-up' connection

Hello: regarding computer 'scans' that are recommended by one's security system
Is there a difference in 'results' or 'thoroughness between doing a full-scan (or ''custom'' ) while 'on line' vs doing the scan(s) 'off-line'' ?

Win.xp, SP2 thanks so much ! Edythe

[RootbeaR]

I like to do mine off-line after letting it update.

Update anti-virus
Shut down
Unplug internet connection
Restart into safe mode (Usually by tapping F8 a few times right after bios screen comes up)
Do scans

[Elvandil]

Offline is much to be preferred. Rootkits take control of the Windows kernel at boot and may be invisible while it is running. These threats and registry entries are easily seen and removed with offline scans (like from a booted CD).

But there is a greater danger that you will remove something that may prevent Windows from running, so look through the list of files carefully before removing them and replace any infected Windows files.

[EDYTHE]

Quote:

Originally Posted by RootbeaR

I like to do mine off-line after letting it update
COLOR="Red"]. sounds like a good practice ! thanks[/color]

I'm not computer savy, so my questions:
Update anti-virus o.k. understand what that means;
Shut down ..you mean totally shut down computer when ''update' is completed ? why ?Unplug internet connection ... how do you do that ? and 'why'
Restart into safe mode (Usually by tapping F8 a few times right after bios screen comes up) again ... 'why' restart in safe mode in order to do scans ..what is 'not' happening by doing that ? thanks Do scans

thanks again , Edythe

[EDYTHE]

Quote:

Originally Posted by Elvandil

Offline is much to be preferred. Rootkits take control of the Windows kernel at boot and may be invisible while it is running. These threats and registry entries are easily seen and removed with offline scans (like from a booted CD).O.K. while i don't understand 'what' you're saying (too ignorent over 'terms') i'll follow your suggestion

But there is a greater danger that you will remove something that may prevent Windows from running, so look through the list of files carefully before removing them and replace any infected Windows files.

O.K ...so it's better to leave something in 'quarantine' - check 'what' it is and then safely delete it? actually i have my settings to ''let the experts decided '' (insofar as what do do with 'infected files' thanks again - Edythe

[Elvandil]

We are talking about 2 different types of "offline", covering both cases since you did not specify.

RootbeaR covered the case where "offline" means "not connected to the internet" and I covered the case where it means "not running Windows".

Quarantining is always safer because things can be restored if serious problems result from removing them. In most cases, you should use "automatic" settings only if you do not have the confidence or knowledge to use the manual ones. The wrong things can sometimes be "automatically" removed.

[RootbeaR]

Quote:

Originally Posted by EDYTHE

you mean totally shut down computer when ''update' is completed ? why ?

yes. so that everything is released from control and ready to start into safe mode.

Quote:

Originally Posted by EDYTHE

Unplug internet connection ... how do you do that ? and 'why'

Unplug computer from modem/router. To ensure nothing tries to connect and run in the background while doing scan.

Quote:

Originally Posted by EDYTHE

'why' restart in safe mode in order to do scans ..what is 'not' happening by doing that ? thanks Do scans

Less files being used for one thing, ensuring a more thorough scan.

[EDYTHE]

Quote:

Originally Posted by elvandil

we are talking about 2 different types of "offline", covering both cases since you did not specify. when i 'scan' i sometimes leave windows launched...
rootbear covered the case where "offline" means "not connected to the internet" and i covered the case where it means "not running windows". o.k. I will now do scans only when 'offline' with windows not launched...
quarantining is always safer because things can be restored if serious problems result from removing them. In most cases, you should use "automatic" settings only if you do not have the confidence or knowledge to use the manual ones. The wrong things can sometimes be "automatically" removed.

wow had no idea !!! After reading this i went into the settings for my trend micro suite and choose ''auto-quarantine' ...and that 'blanked-out' the part that allows ''the experts' to make the decision... I did have an incidence where i had that setting enable and the program was unable to quarantine' but it didn't say under '2nd action' what happened to that file !! I finally called the company who advised if the program can't quarantine (per setting choice) then it goes ahead and 'deletes' the file ... I did a 'search' and never did find it anywhere .... By the way - don't 'cringe' i'm installing norton security suite 2009 at the end of this month since t.m. Expires then ... Thanks for all your help !!

[EDYTHE]

Quote:

Originally Posted by rootbear

yes. So that everything is released from control and ready to start into safe mode. sorry i still don't understand how and what ?

unplug computer from modem/router. To ensure nothing tries to connect and run in the background while doing scan. how do i do that ? (the unplugging part)

less files being used for one thing, ensuring a more thorough scan.

makes sense to me if i could understand how to do what yu suggest - told you i'm 'dense' to most computer 'things' ...