Monday, May 12, 2008

SmartScan 2 – smarter and faster than ever!

In the third of our series of pre-Outpost 2009 improvements, we’ll take a look at the revamped SmartScan technology. Even if you’ve never delved below the surface of Outpost’s functionality, you will have noticed that a quick malware scan is performed in no time and even a full scan is pretty quick; well, that’s all thanks to Outpost’s SmartScan option. First implemented in Outpost Security Suite Pro 2007, this function (optional but highly recommended) worked on the principle of storing the details of previous scans in cached files in every folder on your PC; this avoided the need to recheck data that had already been scanned and had not changed since the last scan.

While this option was a great time-saver, in its original form it also caused anti-rootkit software to false-alarm on these cached files. Of course, these files were quite benign and not rootkits at all. They were protected by Outpost’s self-protection, so that no malware could subvert them (i.e., edit or delete them). Outpost 2009, to everyone’s relief, will no longer cause these false alarms to occur.

In the new version, all data about previously scanned items and folders is stored in a single file in the Windows/System32/ folder. Not only is gathering information from one source faster and easier for the scanner, but it also helps to avoid the abovementioned ‘false positive’ issue. This technology change goes hand-in-hand with some GUI tweaks, such as:

- During the installation, the ‘Enable SmartScan’ option is checked by default, regardless of which operating system is in use
- You won’t see any more program requests for clearing cache files on uninstall.

In summary: malware scans will be even faster and the program will require less user interaction while still preserving the ability to customize.

According to our estimations, the new SmartScan should operate 10 times faster! Of course, the best way for you to check and understand the benefits of these changes is to experience them yourself, so why not download the latest beta at For more 2009-related Monday blog-notes, please check or subscribe to the RSS feed. Next Monday – another new feature!

Take care online,

Alexey Belkin,
Chief Software Architect, Agnitum


M J Marshall said...

Why are you storing this SmartScan "database" in Windows System folder?
Windows design guidelines recommend using CSIDL_COMMON_APPDATA or CSIDL_LOCAL_APPDATA for this type of data, not least because of potential permissions issues.

Agnitum BLOG said...

Our driver is designed to retrieve information on past scans very early in the boot up sequence, reducing unneeded scans for already checked locations.

With your method, this won't be as efficient because the storage is known at a later stage of the system boot up. At that early stage even drive letters are unavailable. For further details you may want to take a look into the “Windows Internals” book from MS Press.

As to the permissions issues, storing files in system folder, as Microsoft does with most of its vital Registry hives, doesn't create a potential for access or permission issues.
Igor Pankov

Aaron said...

whilst that graph clearly illustrates SmartScan 2 is 10x faster then SmartScan 1 and 210x? faster then without Smartscan, perhaps some words around what you see a typical folder as would go a long way to giving that graph credibility!.

Even if you create a best scenario 'typical folder', just something to think about next time.

Having said that OP2009 is great, good to see Agnitum heading in the right direction, keep up the great work :)