I have read that Webroot software only scans new or changed files (as regular scans) and that is why you can offer fast scan.
But how does it detect a file change if the file size and timestamp are altered by the virus to appear the same as original?
How do you detect file change?
Welcome to the Webroot community!
Webroot also scans all active processes, as well as some static locations in our normal scan.
For any file to be modified, it needs a corresponding active process to make these changes, this process doing the "changing" would be identified by Webroot and be detected if it is malicious.
Also, keep in mind that if a file is changed, the md5 would also change, thus triggering another detection.
I hope this is helpful and if you have any other questions please do not hesitate to ask!
Best Regards,
James G.
Webroot Community Support Team
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.