The virus monitor real-time protection continuously checks your computer for viruses; it controls read and write operations, and as soon as a program attempts to execute malware or spread malicious files it prevents it from doing so. The virus monitor is your most important protection! It should never be switched off.
The following options are available:
- Monitor status: Specify here whether the monitor should be enabled or disabled.
- Use engines: The software works with two engines, which are two essentially independent virus checking programs. Every engine by itself would already provide you with a high degree of protection against viruses, but it is precisely the combination of both engines that gives the very best results. You can accelerate the virus check in older and slower computers by using just one engine, but normally you should keep the setting Both engines.
- Infected files: If a virus is detected, you will be asked in the default setting how you want to deal with the virus and the infected file. If you would always like to perform the same action, you can set this here. The highest protection for your data is offered here by the setting Disinfect (if not possible: place in quarantine).
- Infected archive: Here you determine whether archive files (e.g. files with the extension RAR, ZIP or PST) should be handled differently from normal files. However, please note that moving an archive to quarantine can damage it so that it can no longer be used after it is moved back from Quarantine.
- Behavior monitoring: If behaviour monitoring is enabled, every activity on the system is monitored regardless of the virus monitor. This means that malware for which no signature yet exists is also detected.
- AntiRansomware: Protection against encryption Trojans.
- Exploit Protection: An "exploit" exploits vulnerabilities in popular software and can use them to take control of your computer in the worst case. Exploits can even come into effect when applications (e.g. PDF viewer, browser etc) are routinely updated. Exploit Protection protects you against such access – and proactively protects you against previously unknown attacks.
By clicking on the Exceptions button you can exclude specific drives, directories and files from the scan and so significantly accelerate parts of the virus detection process.
To do this, proceed as follows:
1. Click the Exceptions button.
2. Click New in the Monitor exceptions window.
3. Now, select whether you want to exclude a drive, a directory or a file or a file type.
4. Underneath this, select the directory or drive you want to protect. In order to protect files, enter the complete file name in the entry field under File mask. You can also use wildcards here.
Note: Wildcards function as follows:
- The question mark symbol (?) represents individual characters.
- The asterisk symbol (*) represents entire character strings.
For instance, in order to protect all files with the file extension .sav, enter *.sav. In order to protect a special selection of files with sequential file names (e.g., text1.doc, text2.doc, text3.doc), enter text?.doc for example.
You can repeat this procedure as often as desired and also delete or modify the existing exceptions.
Monitor - Advanced settings
Furthermore, you can click the button ADVANCED to specify which additional tests should be performed by the virus monitor.
Normally you do not have to change any settings here.
- Mode: Here you can specify whether files should be checked when run, when read or when written to and read. If a file is checked when written to, the check is carried out as soon as a new file or file version is created to see if an unknown process may have infected this file. Otherwise files are only checked when they are read by programs.
- Monitor critical folders in particular: You can use this function to specifically check especially critical folders, e.g. folders shared on the network, personal data or Cloud services (such as Microsoft Dropbox, OneDrive, Google Drive etc). After you have made your selection in the dialogue box, this is then always monitored in Check read & write access mode – regardless of the settings you use for all other files, folders and directories. If you have selected the Check read & write access mode for all files by default, the settings option for critical folders is greyed out.
- Check network access: If your computer has a network connection to unprotected computers (for example, other laptops), it is a good idea to check the network accesses to see if any malicious programs are being transferred. If you use your computer as a stand-alone computer without network access, you don't need to enable this option. If you have installed virus protection on each computer in the network, it is recommended that you turn off this option. Otherwise, some files will be checked twice, which negatively affects speed.
- Heuristics: In the heuristical analysis, viruses are not only detected by means of virus updates that you regularly receive from us online, but are also identified on the basis of certain characteristics typical of viruses. This method increases the level of security, but in rare cases may generate false alarms.
- Check archive: Checking compressed data in archives (these can be recognized by their file extensions such as ZIP, RAR or PST) is very time-consuming and can normally be omitted if the virus monitor is generally active on the system. To increase the speed of the virus check, you can limit the size of the archive files that are browsed to a specific value in kilobytes.
- Check email archives: Because the software already checks incoming and outgoing emails for virus infections, it is usually a good idea to omit regular checks of email archives since this process may take several minutes, depending on the size of the mail archive.
- Check system areas during system start: In general, system areas (e.g. boot sectors) in your computer should not be excluded from virus checks. You can specify here whether you want to run a check on system start-up or when media is changed (for example, a new CD-ROM). Generally you should have at least one of these two functions activated.
- Check system areas during change of medium: In general, system areas (e.g. boot sectors) in your computer should not be excluded from virus checks. You can specify here whether these should be checked on system start-up or whenever a media change occurs (new CD-ROM etc). Generally you should have at least one of these two functions activated.
- Check for diallers / spyware / adware / riskware: You can also check your system for dialers and other malicious programs with this software. These are e.g. programs that establish expensive, unwanted Internet connections, in which the potential for financial damage is no less significant than that of a virus. They may for example secretly record your surfing habits or even all the keyboard entries you make (including your passwords) and forward these to third parties via the Internet at the earliest opportunity.
- Only check new or modified files: If you activate this function, files that have not been changed for a long time and that were previously flagged as harmless are skipped. This provides a performance improvement in everyday work – without compromising security.