Skip to main content
I have read that Webroot software only scans new or changed files (as regular scans) and that is why you can offer fast scan.

But how does it detect a file change if the file size and timestamp are altered by the virus to appear the same as original?
@,

 

Welcome to the Webroot community!

 

Webroot also scans all active processes, as well as some static locations in our normal scan.

 

For any file to be modified, it needs a corresponding active process to make these changes, this process doing the "changing" would be identified by Webroot and be detected if it is malicious.

 

Also, keep in mind that if a file is changed, the md5 would also change, thus triggering another detection.

 

I hope this is helpful and if you have any other questions please do not hesitate to ask!

 

Best Regards,

 

James G.

Webroot Community Support Team

 

Reply