Hi every body , i'm wondering about the Memory Scan :
is it :
* Scan all Running Moduls only ?

* Scan all Running Processes only ?

or Scann all running Moduls , Proccesses , SVCs + Startup objects ? .


Regards .

Randy

I just popped over into my virtual machine and took a look. Task Manager (TM) showed 30 processes. After a memory scan, ClamWin (CW) showed 24 processes, 285 modules, and 309 files. There were 6 svchost.exe shown in TM. Perhaps that explains the difference between 30 processes per TM and 24 processes per CW. Hope this helps.

Regards,

it scans on disk process and modules loaded in memory, this means for each process, the executable and all dlls it loads

Thank you sherpya :

But i really want to know what are the Processes And Modules or SVCs that AV should not SCAN even if they are Loaded in Memory .

For exemple : i know that any AV should not Scan the Process : winlogon.exe ( Because even - if possible - this Process is infected ) the AVs cannot Stop it otherwise the System will Crash .

So my Question : What are the Processes , SVCs , or Modules that an AV should bypass ????


Many thanks .

I suggest you to try this program:
https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

so you can have idea about processes and modules (you need to enable lower pane showing "DLL")

it's not a good idea not to scan winlogon because many virus can register itself as winlogon loaded dll
the action on crucial os processes should be report only off course

Sherpya wrote:
"the action on crucial os processes should be report only off course."

You can't presently separate reporting for crucial files like this in ClamWin from handling of non-crucial files. It would make a good feature, however.

Regards,