Anti-virus protection of the computer file system

File Anit-Virus is included in Active Virus Shield to enable Virus protection on your files. It loads when you start your operating system and runs in your computer's memory. It scans all files that you or programs open, save, or execute.
The indicator of the component's operation is the Active Virus Shield system tray icon, which looks like whenever a file is being scanned.
By default, File Anti-Virus only scans NEW or ALTERED FILES; in other words, files that have been added or changed since the previous scan. The iChecker™ and iStreams™ technologies make this possible. A file check sum table is used for these technologies. Files are scanned according to the following algorithm:
  1. Each file that the user or a program deals with is intercepted by the component.
  2. File Anti-Virus scans the iChecker and iStreams databases for information on the file intercepted. At this point, the following actions are possible:
    • If there is no information on the file intercepted in the database, it is scanned in depth for viruses. The check sum of the file that is scanned is recorded in the database.
    • If there is information in the database about the file, File Anti-Virus compares the current status of the file with the status recorded in the database at the time of the previous scan. If the information is an exact match, the file can be accessed by the user without being scanned. If the file has somehow changed, it will be scanned in detail, and new information on it will be recorded in the database.
The scanning process includes the following steps:
  1. The file is analyzed for viruses. Malicious objects are detected by comparison with threat signatures used by the program. The signatures contain descriptions of all the malicious programs, threats, and network attacks known to date and methods for neutralizing them. The file is analyzed for viruses. Malicious objects are detected by comparison with the anti-virus database used by the program. The anti-virus database contains descriptions of all the malicious programs known to date and methods for neutralizing them.
  2. As a result of the analysis, the following behavior options are available:
    1. If malicious code is detected in the file, File Anti-Virus blocks the file, places a copy of it in backup, and attempts to neutralize the file. If the file is successfully disinfected, it becomes available again. If not, the file is deleted.
    2. If code is detected in a file that appears to be malicious but there is no guarantee, the file is sent to Quarantine.
    3. If no malicious code is discovered in the file, it is immediately restored.
Also see:

File Anti-Virus status

Pausing / disabling File Anti-Virus

Selecting a file security level

File Anti-Virus settings