If a virus is executed and the “on access” scan fails to detect its nature, it may then get copied from disc into memory, and perhaps it may get copied into pagefile.sys or hiberfil.sys.
I see no sense in scanning either file for a virus - if it was not detected by “on access” as it is copied from the disc, is there any sense in doing another scan in either of these files ?
Is there some mechanism I am ignorant of whereby a virus can bypass “on access” scanning to get into these memory image files without detection ?
I have seen advice to exclude pagefile.sys from A.V. scanning.
Should this also apply to hiberfil.sys ?
I use the Comodo defaults that automatically exclude from scanning any file that exceeds 20 MB,
so is it overkill if I specifically exclude these file(s) from scanning ?
Or should I take heed of a bug report that suggests that these files get scanned even though they exceed the limit ?
Does the operating system actually permit scanning within these two files ?
Would the O.S. allow CIS to quarantine / remove anything inside them ?
Regards
Alan