Below is a sample script for achieving this scenario Reference: TechNet Custom scan a USB drive ()”Īnd a more recent, albeit abbreviated explanation from November 2020: However, if needed, Windows Defender Antivirus can be configured to perform a custom scan on all files when removable devices are mounted. (A dormant file on a removable drive cannot infect a host). This approach both mitigates the risk that a malicious threat can infect the host through a removable device, while maintaining host performance.
Today, Windows Defender Antivirus performs quick scans on the contents of removable devices (such as USB drives), before the contents are copied, or executed.
However, with the increase in device storage capacity, full scans of removable devices can noticeably and severely impact performance. “Historically, antivirus products had a function to scan all files when a removable device was mounted. But this isn’t as bad as it sounds! Here is Microsoft’s explanation from ~four years ago:
well, let me humbly suggest that the most prudent way forward might be just taking the USB stick, wrapping it in a post-it note that says "good chance infected", putting it in away in a drawer, and forgoing any recovery work on it unless & until a day ever comes when you realize you seriously need some files on there.Įspecially with the costs of new USB drives ever shrinking, let me suggest that barring some unusual factor being in play here there's a good chance that the risk of getting your machine infected is not going to be worth the possibility of saving & reusing the USB stick.No, not by default. when malicious stuff is missed) detection rates of even the best anti-malware programs against modern threats (even Norton will tell you how often traditional anti-malware scanning doesn't catch malware these days). This situation has a kind of an implied premise here that we ought to pay attention to: if that USB stick was/is contaminated by something-or especially, by somethings, in the multiple-can you really be very confident that even using multiple anti-malware programs will detect & remove every bit of nastiness that may be on there? Considering what we know in general about the false negative (ie. Instead, let me address the question of whether it's actually worth trying to do that. run a live distro of a different operating system type than was on your friend's infected computer, preferably after physically removing or disconnecting the normal writable storage disks/drives inside your machine, if practical). The answers already in provide some good technical advice on how to go about doing what you propose while minimizing risk to whatever machine you would be using to attempt the sanitization (ie.
0 kommentar(er)
