Regularly scanning your system with an antivirus program is one of the easiest ways to keep your system secure. Along with an antimalware suite, your antivirus is a core feature of your system security.
But what type of antivirus scan should you run? Are there differences between a Full scan, a quick scan, and a Custom scan? Let’s take a look at what happens when you hit that “Scan” button.
How Does Antivirus Work?
Before considering exactly what each antivirus scan type does, let’s brush up on antivirus general role.
Your antivirus primarily works in the background of your system. It diligently notes your system files. When a file is modified, your antivirus scans it to ensure those changes aren’t harmful to your system.
The antivirus checks the properties of the file to make sure it isn’t part of a malicious program. Similarly, your antivirus suite has a long list of known malicious file signatures. If you download a file with a known signature, your antivirus should take care of it—but mishaps do happen occasionally.
Another antivirus trick is using behavioural analysis to assess unknown viruses. In this case, the antivirus doesn’t have a signature in its database to compare a file against. Instead, the antivirus monitors the actions of the file, inspecting the interactions on your system. If the file attempts certain activities on your system, the antivirus will quarantine the file.
Antivirus suites combine these two defence tactics and many others to keep your system free of malicious programs.
The Different Types of Antivirus Scans
Most antivirus programs have two or three different scanning options. In general, these options are usually a “Full” system scan, a “Custom” system scan, and a “Rapid/Hyper/Quick” scan option. This option is sometimes referred to as a “Smart” scan. The scan names are seemingly self-explanatory.
A full scan performs a thorough check of your entire system, inside and out. Depending on the antivirus program, the antivirus will scan the following objects:
- All hard drives, removable storage, and network drives
- System memory (RAM)
- System backups
- Startup folders
- Registry items
A full system scan takes several hours, depending on how much data you have stored. In that, a full system scan is a thorough, in-depth analysis of everything on your system.
When to use? Use a full scan when you need to check your entire system. Some security experts advise completing a full scan every two weeks. But for most people, a single full scan per month is usually enough.
The custom scan, then, allows you the same in-depth scanning functionality as a full scan, but you choose the locations to scan. For instance, my system has an SSD and three HDDs. Using Microsoft’s Windows Defender, a full system scan takes hours to complete.
However, if you switch to a custom scan, you can tell the antivirus to avoid specific drives. If your system uses C: for your operating system and download folders, focus the scan there. At other times, if you encounter suspicious behaviour, set your antivirus to scan the specific folder.
Some antivirus suites add a “Scan from this location” function to the right-click context menu within Windows. Similar functionality exists for macOS and numerous Linux distributions. (Check out these free Linux antivirus programs.)
When to use? Use a custom scan to quickly analyze individual drives. A custom scan is a reliable way of checking external storage and other removable media for issues, too.
Finally, some antivirus tools have the option for a quick scan. This type of rapid system scan comes under different names, depending on the antivirus suite. So, how does a quick scan vary from a full scan?
- Commonly infected files and folders
- Running processes and threads
- System memory (RAM)
- Startup folders
- Registry items
The quick scan item list looks very similar to the full scan list, right? That’s because it is. However, it has two major differences (again, these differences do vary slightly by antivirus suite).
First, a quick scan only analyzes locations where malware is likely to lurk, rather than every single file on your system. This alone drastically reduces the scan time. Second, some antivirus programs only scan for files that have been modified since the last scan. In this, the antivirus is skimming through data until it finds something worth notification.
In most cases, a quick scan should at least discover a virus, even if it doesn’t directly identify the variant or even the root directory of the infection. If your quick scan detects something serious, you can always switch to a full scan to try and uncover more infected files and information about what you’re dealing with.
When to use? The quick scan is a handy day-to-day tool. While a full scan is very resource-heavy and time-consuming, a quick scan shouldn’t take more than a few minutes to complete. It gives you a great overall picture of your system health as well as whether you need to take further action against any lurking nasties.
Do Antimalware Suites Use Different Scans?
In a word, no.
Antimalware suites by and large use the same scanning criteria (startup folders, processes, registry items, and so on) as your antivirus. The difference comes in what the antimalware program is scanning for. Malwarebytes uses a different set of malicious signatures and behavioural analysis triggers than Windows Defender, for instance.
In that, using an antimalware tool alongside your antivirus is worthwhile. Malwarebytes Premium is an excellent antimalware solution for real-time protection (a free version is a scan-only tool). However, there are some excellent free combined antivirus and antimalware tools. If you want a well-rounded free tool, check out the latest version of Avast Free Antivirus. Avast bought competitor AVG last year, and the merger has drastically improved the malware detection rate for Avast’s free offering.
Scan Your Computers for Safety
You now know the differences between antivirus scan types, as well as when you should use each one. Despite what some people say, you need to install and update your antivirus tool.