SAV Scan Engines

By Roger on May 3, 2005 4:36 PM |

Over on the MyItForum AV email discussion list, a couple of the regulars reported older versions of Symantec Antivirus (pre version 9) had problems detecting some gaobot varients.

I wondered how this could be. I know that SAV 9 is configured to start earlier that previous versions. This was done to protect against some specific malware tricks. Is this the extra protection they are referring to or do older versions of SAV not get the scan engine upgrades.

Symantec has two types of scanning engines. Security Response AV engines are released throughout the year via liveupdate and intelligent updates. This updates virus detection techniques in the virus defs. You can look at the file properties to see the current version number on the engine binaries (naveng.sys, navex15.sys, navex32a.dll, naveng32.dll).

The Scanning Engine version number that you see in the UI refer to the properties of the navapi32.dll file. This file is involved with boot scanning functionality in the product. This is updated only with new builds of the file not with virus definitions.

Source:
Symantec KB DocID: 2002080609215348

Categories

Antivirus

Tags

About this Entry

This page contains a single entry by Roger published on May 3, 2005 4:36 PM.

YATL: Yet Another Tape Loss was the previous entry in this blog.

5 years ago today is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search