How does running Anti-Virus scan affect the file accessed time stamps on Windows XP NTFS partitions? ?
set up a virtual machine check the time stamps run a scan re-check, doing your own experiments will always help you learn better than asking on the internet.
set up a virtual machine check the time stamps run a scan re-check, doing your own experiments will always help you learn better than asking on the internet.
Agreed experience is the best teacher and you tend to remember something better with hands-on experience. I recommend free version of Sun VirtualBox to run an instance of the operating system.
If someone doesn't have VMWare, or VMPlayer, and a usable VM, then try installing AV on your system, and selecting only a single directory to scan, say system32. Note the last access times beforehand, as well as afterward.
Try Einstein's thought experiment technique if you can't conduct a physical experiment…
Think about this, when an AV tool is going to check for malware, what does it have to do to determine if a file is malicious?
(on reading that it almost looks like Zen)
NOD32 has an option that says "Preserve last access timestamp", so it depends which AV you have.
Just thinking aloud…
1. Permissions on the file system/directory may also be something to consider. For instance, maybe the AV runs under a specific user that may/may not have read/write access, etc. and how that may affect timestamps.
2. If a user whitelists a specific file or folder for no scan, does the AV touch those listed before logically not scanning and does it affect the timestamps?
3. How does a scan differ from quarantining a file and its timestamps? Likewise for cleaning a file? How about for an unsuccessful cleaning?
Would be interesting to see how those play out.
Of course, each vendor and each revision of their software may differ in actions.