Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: AV Scans through a Write-Blocker - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
AV Scans through a Write-Blocker
I've been finding some conflicting information about anti-virus scanning a HDD through a write-blocker (i.e. yes it can be done, no it can't, the results might vary, there is no writing to the HDD, etc.). Trying to tie all this together and get an accurate (or close enough) that AV scanning through a write blocker can be done with accurate results without writing to the HDD.

Anyone have experience with this?
Anonymous

AFAIK, AV scanning should work because it does not involve writing to disk. Feel free to correct me anyone. AnirudhR

2 Posts
I've done this several times with a couple of AV programs, it works.

The only thing that will happen is that if your scan settings are such that the AV is instructed to clean or delete positive detections, then it will report that it is unable to do so because it has no write access.
DidierStevens

136 Posts
ISC Handler
Thanks for the answer! Anonymous

Thanks to everyone for their comments Ocensb

4 Posts
Yeah, I also think that AV can work better. Even I tried this and it's effective. RafealHenco

12 Posts

Sign Up for Free or Log In to start participating in the conversation!