I have had CAVS beta 2 installed for a while now, and have only just decided to investigate some of the menus.
I have noticed when i go to the reports tab, i can choose ‘on access scan’ and its empty! however the ‘on demand scan’ has entries in its report log.
i have checked the settings for the ‘on access scan’ and there are no exclusions listed. Heuristics is enabled and set to the default value and ‘file types to scan’ is set to selective (with the default list of extensions)
in an aid to investigate whether the problem was just a logging issue, i downloaded the ‘virus’ “eicar.com” from “www.eicar.org”.
once downloaded, i ran an ‘on demand scan’ and CAVS detected the virus… so thats good.
i then ran the program, “HIPS Application Control Alert” popped up and questioned as to whether I wanted to run the program. when selecting ‘allow’ the program proceeds to run with no intervention from the ‘on access scanner’ or similar, i checked the report logs and they were empty, and then checked the ‘selective files list’ to make sure the .com extension was selected, which it was.
my question is… is my on access scanner actually working? as it does not detect “viruses” when they are loaded into memory as the program is run.
any help would be appreciated.
thanks