Advice Request Scan on File Open vs Scan on File Execution

[RoboMan]

Many antivirus have these type of options on it's real time protection: scan files on open, execution, creation.

My main question lies here: what's the difference between scanning a file on open or on execution. It looks like the same to me.

Thanks in advance.

 

[Ink]

My interpretation:

On Open: User opens folder containing file, but does not execute file (.JPG, .EXE etc.).

On Execution: User double-clicks on file.

 

[SeriousHoax]

From what I understand,
On open: You open a folder containing some files and those files would be scanned. Similar to what Windows Defender and most top AVs do. On open is also known as on access. When you open a folder Windows Explorer accesses those file for reading and if any contains malware then it would be detected. Most AVs usually don't scan every files, they have some selected extensions they scan on access.

On creation: Files that are already on your system won't be scanned unless executed. If you open a folder containing few exes then those won't be scanned. Only newly created files will be scanned. For example when you extract a zip file containing other files, those extracted files are newly created so those will be scanned by the AV.

On execution: We all know about it.

 

[ichito]

My interpretation:

On Open: User opens folder containing file, but does not execute file (.JPG, .EXE etc.).

And what about files placed directly on disk out of some folders?

 

[Andy Ful]

When the user is logging to his/her account, Windows opens the desktop (files are scanned on the desktop but not files in desktop folders). The same happens when opening the Explorer (or another file explorer based on Windows Explorer). The Desktop and Windows Explorer are parts of "Windows Shell".
The files are not scanned when one uses other shells (CMD, PowerShell, Bash), except when files are executed.

 

[Venustus]

I noticed the other day Norton was able to detect and delete a zip file containing malware that wasn't password protected...I

 

[SeriousHoax]

I noticed the other day Norton was able to detect and delete a zip file containing malware that wasn't password protected...I

I know G-Data by default scans compressed file upto to a certain size but didn't experience this on Norton

 

[Venustus]

but didn't experience this on Norton

I was surprised myself

Learn more about Antivirus settings

Get all the support you need for your Norton products. We’ll help you with installation, activation, sales and billing.

support.norton.com