Kaspersky
Question

Rootkit scan , Quick scan needed or not


Userlevel 2

Hi, I’ve read somewhere that I dont really need to schedule a daily quick scan to increase my computer security  if Kaspersky cloud free is doing a Rootkit scan everyday by default , is it true ? Thanks


18 replies

Userlevel 7
Badge +11

Hello @homer1959

Welcome!

Personal choice plays a role here, Quickscans & Rootkit scans are different.

Quick scans, scan objects loaded at the startup of the operating systemSystem memory and Disk boot sectors

Some people believe Rootkit Scans affect performance, other people do not have the same concerns. 

Rootkit scans cannot be managed via the Kaspersky Security Cloud Scan feature/interface, to enable or disable Rootkit scans, Search for software that is intended to conceal traces of a malicious program in the system (rootkits) is enabled or disabled depending on your requirements. 

The Search for software that is intended to conceal traces of a malicious program in the system (rootkits) check box enables / disables regular scanning of the operating system for rootkits in background mode.

If this check box is cleared, Kaspersky Security Cloud does not perform regular rootkit scans.

Kaspersky Security Cloud provides comprehensive realtime protection, as well as the option to use:

Full Scan
Quick Scan
Selective Scan
External Device Scan
Rootkit Scan
Idle Scan
Advanced Disinfection

Thank you:pray_tone3:

Flood:whale:

Resources:

Kaspersky Security Cloud Scan & Kaspersky Security Cloud Quick Scan

 

Userlevel 6
Badge +7

Hi, I’ve read somewhere that I dont really need to schedule a daily quick scan to increase my computer security  if Kaspersky cloud free is doing a Rootkit scan everyday by default , is it true ? Thanks


Yes.

These two types differ only in the scanning speed. There Is no need to use both.

Userlevel 2

Hummmm …. its not that I want to start a war here, but  I am getting conflictual information ? :-)

 

One say they are different they other the opposite :-)

Userlevel 6
Badge +7

This topic has been discussed many times on the Russian-language forum . Here is one of the answers. Unfortunately, it is in Russian, you will have to use a translation program. Please note that the answer was given by an employee of the company in the position of Anti-Rootkit Technologies Group Manager. I believe he is competent.

https://forum.kaspersky.com/index.php?/topic/329237-%D0%BF%D0%BE%D0%B8%D1%81%D0%BA-%D1%80%D1%83%D1%82%D0%BA%D0%B8%D1%82%D0%BE%D0%B2/&do=findComment&comment=2499744

 

  3) Вы можете настроить удобное для вас расписание "быстрого сканирования". "Поиск руткитов" и "быстрое сканирование" - это одно и тоже. Только "поиск руткитов" идёт в фоне и с пониженным потреблением CPU и диска.

 

I also use a translation program. Most likely, my explanations will be translated with a distortion of the meaning. There is work (process, actions) to detect hidden viruses. Hidden viruses are called rootkits. This task is called rootkit search .

The KIS engine has a scheduled task with the same name. This is only the name of the scheduled task.  But this task involves more than just searching for hidden viruses. The coincidence of the task name and the popular action (Rootkit scan) causes confusion and confidence in their identity.

 

Userlevel 2

Dennis , thanks for the link … so for what I understood from Yuri is that KSC gave us the option of scheduled quick scan but the protection would be the same with or without . 

So if we just install KSC  as is , and forget about the scheduling option or else we are fully protected and most of the options are redundancy of what is already running automatically behind the scene .

Looks a lot like the approach choosen by Bitdefender free . Install and forget .

KSC also let us choose install and forget but also left few options for us to play with  however the more I read about it the more I am encline to just return KSC to default setting ( adding only a full scan a month ) and forget about it , like I was doing with Bitdefender free when I tried it …

Need to say that I came back to KSC form Bit free and that I am satisfied with KSC not that I feel much more secure , but I like the fact that  KSC let us know what is happening behind the scene , something lacking badly with Bit free.  Thanks KSC for this free and excellent product

Userlevel 7
Badge +3

Rootkit scan štarte Every Day and checking critical plces where should be hidden rootkits.

 

I enable it and checking Everyday 8 minute scaning few tousend files 8000... 

For safety Let it enabled. 

 

Full scan and Quick scan are different scan. 

Userlevel 2

Nexon , I was ok with your post up to the last sentence… :wink: apparently quick and rootkit scan ARE the same , but not processed the same way . For what I understood the rootkit scan is a quick scan but with the portion rootkit done at a lower speed using less ressources while the quick scan portion is done normally , both are happening at the  same time … well thats what I understood

Userlevel 7
Badge +11

Hello @homer1959

To add  to the “discussion”:
What is a rootkit and how to remove it - Serge Malenkovich

  • Rootkits may be found in any of the following: System memory, boot sectors of the disk, and objects loaded at operating system startup.
  • Kaspersky Security Cloud Quick scan scans the system memory, boot sectors of the disk, and objects loaded at operating system startup.

 

  • If a Rootkit is not in: system memory, boot sectors of the disk, and objects loaded at operating system startup it will not be found by a Quick scan. 

(imo) these valuable discussions always add to broader understanding of Kaspesky’s products, features & functions. 

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

Flood , thanks for your input here , here is one more for you  :-)

 

If a Rootkit is not in: system memory, boot sectors of the disk, and objects loaded at operating system startup it will not be found by a Quick scan

So I understand that a Rootkit can be located in the computer but not necessarily in system memory, boot sectors of the disk, and objects loaded at operating system startup ?  Hence the need for regular Rootkit scan Am I right ?

So if its the case , and if rootkit scan , scan the very same thing than Quick scan but only deeper to find hidden Rootkit then….. who needs  a scheduled quick scan when one have the rootkit scan that is taking care of everything on a daily basis while using less ressources ? 

 

Userlevel 2

wishcolosoul    … I,ve received a notification through email, but there is no message here … thanks for re-posting it :-)

Userlevel 7
Badge +9

@homer1959. The Post you are referring to has been blocked by the community Spam filter

Userlevel 7
Badge +11
  1. So I understand that a Rootkit can be located in the computer but not necessarily in system memory, boot sectors of the disk, and objects loaded at operating system startup ?  Hence the need for regular Rootkit scan Am I right ?
  1. So if it’s the case & if rootkit scan, scan the very same thing than Quick scan but only deeper to find hidden Rootkit then, who needs  a scheduled quick scan when one have the rootkit scan that is taking care of everything on a daily basis while using less ressources ? 

 

Hello @homer1959

You’re very welcome!

Thank you for replying and your questions:ok_hand_tone3:

I hadn’t forgotten you, I was waiting untill I had enough data to provide with my reply…

Q1. Yes. 

Q2. First, looking at my data:

Rootkit scans run for a significantly longer time than Quick scans.

 

a] As I said in my first reply, personal choice plays a role, I’ve read various commentary from very trusted and experienced Community members who report they never use the Quick or Root scan features; me otoh, use a combination of all availbale scans, at different times, for different reasons.

b] I think the majority of us use a Full scan after any major changes to (our) systems. 

c] The Performance section of Kaspersky applications is designed in such a way, to offer Kaspersky Users options that lessen the impact on (their/your) system. 

d] As the Scan Reports don’t provide extensive detail, I suggest you turn on Log non-critical events, run both Scans, observe the data, make a decison based on your needs and the data.

:warning: Don’t forget to turn Log non-critical events OFF, after you’ve done the tests, otherwise you’ll end up with a system full of logs:astonished:

e] As Vulnerability scan has not been mentioned, I’ll throw it into the mix. 

Please post back if any concerns remain? 

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

Hey Flood !!

Thanks for your reply its really appreciated . One thing for sure, your system is not infected after all these scan :-)

Dont know if you agree but it looks like that KSC free is configured by default to protect our equipment as is with no real needs to play with it. I even think that many must have reduced their protection without knowing it by playing too much with it .

 

Bitdefender free was kind of like that , install and forget , but contrary to Kaspersky they offered no option . I prefer by far Kaspersky approach , I have options available and I like that even if I will not use most of them . 

So with your valuable input, and with the help of other members here I will not try to be smarter than Kaspersky. I will only schedule a Full scan once a month and forger about it .

As suggested Non critical event log is turned on , curious to see what is going to come out of it

Thanks once again Flood :-)

 

Userlevel 7
Badge +11

Hello @homer1959

You’re most welcome:ok_hand_tone3:

Just as an experiment I ran both Quick & Rootkit Scans with logging on, Quick Scan has 3767 entries, Rootkit Scan 3969, looking at the Reports, there are differences, however, I’ll leave you to do that side of the :spy_tone3:

Really, there’s no harm running a Quick Scan if you get the urge, same for the Rootkit Scan, the features are there to be used or not, the choice is yours. 

I think you’re summation is a good one, as long as you remember the golden rules, if (we) make risky/silly decisions in / on the digital world, nothing is 100% guaranteed:wink:

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

Flood,

Your  test showed that the 2 scans are pretty similar . Confirming Yuri’s explanations .

Following our last exchange I reset KSC Free to the default configuration just to start with a fresh set up, than I checked the box enabling the rootkit scan , rootkit scan being the same than quick scan but using less ressources , and I scheduled a full scan weekly. Thats it I wont play with it anymore .

Once again merci Flood for this interesting exchange :-)

 

Userlevel 2

BTW Flood , how could you get the amount of files scanned by Rootkit scan ? I have no problem getting them for quick or Full, but I cant seems to be able to find a way for the rootkit scan , the only thing I can get is the time taken , or the start and finish time

Userlevel 7
Badge +11

Hello @homer1959
For all Scans, I exported the Reports, then opened in spreadsheets:relaxed:

I wasn’t about to count the data:sweat_smile:

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

AH AH AH OK !!!!

 

Reply