Quote: Originally Posted by DavidW7ncus
Quote: Originally Posted by RMelick
Look into true cloud based AV solutions. I am going to cite Webroot again because instead of downloading the virus definitions to your computer, it scans from the definitions hosted in the cloud.
How does a cloud based AV work if the internet connection is unavailable?
What happens if a malicious program is installed when there is no internet connection?
That's a great question for sure, and I hope I can answer it to your liking. I can only answer based off of Webroot's technology, and not other manufacturers. Mods/OP - My apologies if this has become a hijack, as it was not intended. Merely attempting to present other options.
Quote: Originally Posted by http://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Fast-Scans-When-Offline-How/ta-p/20328
Your main protection while disconnected from the internet will be coming from SecureAnywhere's behavioral shields/detections and local heuristics.
There are a very limited amount of locally held definition signatures for certain critical items that don't require reaching the cloud. These are mainly for rare file infectors. Anything that is known as good from prior scans (while previously connected to the internet) will still be known as good if they have not changed when performing scans offline, which explains the speed of the scan.
Also, if a program or process was being monitored before going offline, it will continue to be monitored and these processes and their behavior will still be journaled. This journaling allows SecureAnywhere to keep an eye on possibly malicious programs or processes it was unsure about, and if they try to execute or end up being an actual threat, the damage done can be reverted.
In short, if you plug a thumbdrive in, or connect to an external HDD, while disconnected from the internet, you will still be protected as Webroot's software will still have that last scan's "snapshot" and will monitor any new and unknown files and changes they made. When you reconnect, and those files are compared to the Webroot database, further action will occur based off those results. If the files are determined malicious, the software will revert back all the changes and your system will remain protected.