User guide

ManualsBrandsWincomm ManualsComputer equipmentWEB-6681 Series

With the help of Scan Settings you can select what item to scan during scan process.

Configuring Quick Heal Anti-Rootkit for Scan

1. Start Quick Heal Anti-Rootkit.

2. Click on the Settings button on top bar of Quick Heal Anti-Rootkit.

3. Settings dialog box will appear.

4. By default Quick Heal Anti-Rootkit is configured for Auto Scan where it scans appropriate predefined system areas.

Auto Scan

Auto Scan is default scan option provided by Quick Heal Anti-Rootkit.

Under Auto Scan Quick Heal Anti-Rootkit scans appropriate predefined

system areas. During Auto Scan, scanning is performed for:

• Hidden Processes.

• Hidden Registry entries.

• Hidden Files and Folders.

• Executable ADS.

Custom Scan

By selecting Custom Scan radio button, you can configure following

options:

Detect Hidden Process To scan for running hidden processes in the system.

Detect Hidden Registry

Items

To scan for hidden items in Windows Registry.

Detect Hidden files and

folders

To scan for hidden files and folders in the system and executable ADS

(Alternate Data Streams). You can choose option:

1. Scan drive on which Operating System is installed.

2. Scan All Drives to perform scanning in all fixed drives.

3. Alternate Data Streams (ADS) to scan for executable ADS.

Scan drive on which

operating system is

installed

Will scan for hidden files and folders on the drive on which operating

system is installed.

Scan all fixed drives Will scan for hidden files and folders on all the fixed drives of the system.

Alternate Data Streams

(ADS)

To scan for suspicious items in Alternate Data Streams of NTFS File

system.

Report File Path

Quick Heal Anti-Rootkit creates a scan report file at the location from

which it is executed. You can specify different location by specifying

report file path.

Overview of Alternate Data Streams - ADS

ADS allows data to be stored in hidden files that are linked to a normal visible file. Streams are not limited in size and there can be

more than one stream linked to a normal file. The primary reason why ADS is a security risk is because streams are almost

completely hidden and represent possibly the closest thing to a perfect hiding spot on a file system - something trojans can and will

take advantage of. Streams can easily be created/written to/read from, allowing any trojan or virus author to take advantage of a

hidden file area.