Helping people with computers... one answer at a time.

Stopping real-time anti-virus scans opens you up for sudden virus attacks that you don't see coming. Sometimes, email scans are a different problem.

Is it really necessary to have a real-time anti-virus program running at all times using up resources? I have Avast anti-virus, but I also run a different manual online scan every day using Malwarebytes, anti-malware, and Super Antispyware, Bit Defender and others. I was wondering if I can uninstall my real-time Avast AV?

In this excerpt from Answercast #74, I look at the advantages of real-time scanning for viruses and spyware. Real-time scanning of email can be another story.

Stopping real-time anti-virus scans

Well, it's a hard one to answer generically.

My recommendation in general is if you're not sure, have one. Have exactly one real-time anti-malware scanner working for you.

Now the reason I hesitate at all is because there are people who are experienced enough on the internet that they will actually never get infected. They will never accidentally cause something to download on their machine and infect it.

One would think that I would be such a person, and in fact, to the best of my knowledge, I have never actually invited malware on my machine. I would be a candidate for not running a real-time anti-malware scan. I'd run it anyway. In fact, I do run it anyway.

Malware can slip by

The fact is - it's simply too easy for things to kind-of sort-of slip by, sometimes. I have come very close to downloading and installing malware without realizing it. It's that "without realizing it" part that you want a real-time scanner there to protect you from.

Malware can infect your machine in seconds!

In other words, by the time you realize that what you just downloaded is in the process of infecting your machine... it's too late!

So, my recommendation in general is that yes, you should have one good anti-malware product that is keeping an eye out in real-time for the things that are happening on your machine. That way, you can be protected from things that might accidentally get to your computer.

If you are a person who is confident about always being able to identify something - and never, ever downloading it - then of course, feel free to skip the entire process. I just don't think that there are many people who fall into that category.

Real-time email scanning

Now, I do want to clarify something about one real-time aspect that definitely can cause people problems when it's enabled: that is real-time email scanning.

Sometimes, the anti-malware software's real-time component, when applied to your email (in other words, as your email is being downloaded), can occasionally cause problems: everything from false positives to all of your email being deleted as it's downloaded.

My recommendation in general is to leave those features turned on. Just be aware that they can cause that kind of a problem. If they do, then turn off that and only that portion of the real-time scanning component of your anti-malware software.

(Transcript lightly edited for readability.)

Article C6081 - November 28, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Len
November 29, 2012 3:17 PM

I would never disable real-time scanning. The web can be a dangerous place, even for experienced surfers.

How many legitimate sites are compromised on a daily basis? Plenty. One day you visit your favourite tech site, political site, recipe site etc not knowing its security has been compromised and boom!

You don't have to travel to so-called "shady" sites to get infected.

snert
November 30, 2012 4:36 PM

Some time ago I had two (or maybe three) real time scanners running at the same time, just as an experiment. They did not like sharing at all.

Jon
December 1, 2012 8:16 AM

When trying to avoid viruses and malware a real time scanner is nice but it is also important to remember that Window's User Account Control can stop most viruses and malware by blocking off access to parts of the machine's hardrive that they require.

Standard account users only have access to their particular profiles and cannot access most parts of c: drive or the windows directory. They also have no ability to add keys to the registry and register new dll's. This alone can stop most malware in its tracks.

Admin account users have access to everything ans so does the malware they download

James
December 2, 2012 12:51 PM

I'm in the boat with Leo. I'm one of the least likely to invite malware into my machine, very experienced, and smart enough to know what to click and what not to click.

However, we all slip up every once in a while. A few months back I got an email and without thinking, I just clicked on the link. Thankfully, Thunderbird popped up a warning. I then smacked my head for being so stupid as forgetting to check what the link was actually going to do. We all slip up now and then.

The only time I've run without real-time scanning was many years ago on a slow computer that only had dial-up internet. Everything took forever to do, so the only thing I ever did on the internet was email. I couldn't even follow links that were in email and if the email had an attachment, it had better be from someone I know and trust or else that attachment just never got downloaded (took too long).

Those days are long gone. Run with real-time scanning.

Mike
April 25, 2013 4:26 AM

Great advice. I feel I'm very safe, but I just can't get comfortable turning off real-time scanning. However, no one should feel that AV by itself provides adequate protection. Maximum UAC setting and products like Chrome, BufferZone and Keriver 1-click Restore provide the best protection.

A good compromise is to exclude files you work with on a daily basis from real-time scanning and just scan them on a nightly basis. For instance, I'm a programmer, so I exclude my development directory. If I were an artist, I'd exclude my artwork directory.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.