• Welcome
• Installation and setup
  • Safety Check Wizard
  • Learning Mode
  • Accessing Settings
  • Configuration
  • Banking Mode
  • RunSafer
• Using Online Armor
  • Status
  • Firewall
    • Creating Firewall Rules
    • Ports and Protocols
    • Firewall Status Screen
    • Firewall Logs
  • Domains
  • Antivirus
    • Scanning
  • Programs
  • Files and Registry
    • Creating File Rules
    • Creating Registry Rules
  • Autoruns
  • Anti-Keylogger
  • Hosts file
  • History
  • Options
  • Debug
• Customer Support

Antivirus

Online Armor ++ uses Emsisoft/Ikarus scanning technology to scan Unknown programs when they try to run to help ensure that they are not malicious. Online Armor ++ will first try to make a decision automatically by using the Anti-Malware Network to check if it recognizes the program as Trusted or Not Trusted. If the program is Unknown to the Anti-Malware Network, Online Armor ++ will then scan the program with the Antivirus engine.

If the Antivirus engine does not identify the program as malware, Online Armor ++ will display a salmon colored popup indicating that an Unknown program wants to run. If the Antivirus engine does identify the program as malware, Online Armor ++ will display a red colored popup indicating that "an infected program wants to run", and asking you whether you wish to Allow, Block or Delete the program.

When an infected program has been Allowed or Blocked, it will be added to the Programs List and can be worked with in the same way as any other entry in the list. Infected programs are color coded red in the Programs list to indicate that they are Not Trusted.

Settings

The Online Armor ++ Antivirus can be configured by selecting "Antivirus" in the Main Menu of the Online Armor Control Panel. Unless otherwise specified below, these options apply only to on-demand scans, not on-execution scans. These options include the following:

• Maximum scan file size – Scanning very large files can sometimes result in system slowdown for the duration of the scan. This option allows you to limit scanning to files under a certain size. Maximum scan file size can be set anywhere between 5MB and 1000MB.
• Scan type – This drop down menu allows you to select whether Online Armor ++ performs a Quick scan (default) or a Full scan.
  • Quick scan – Looks for active infections by scanning the paths of currently running processes, their components, and drivers.
    Note: Setting the Scan type to Quick scan does not affect Windows context menu scans with Online Armor ++. Context menu scans always scan all the files in the target location, taking into account any other options you have selected that may limit what is scanned (e.g "Check only executable files").
  • Full scan – Performs a full system scan of selected drives. When Full scan has been selected, the disk drive pane displaying all currently connected drives will become available, allowing you to choose which drives you want to scan.
• Excluded file types – Allows you to specify types of files that should never be scanned (e.g files with a .txt extension). Clicking the ... button opens a dialog box where you can add, edit or delete file types.
• Schedule scan – Allows you to schedule scans at the time and interval of your choosing. Clicking the arrow next to the "Schedule scan" dropdown box, allows you to select between four options; Never (default setting), Daily, Weekly or Monthly.
• Start scan – Starts a scan of your hard drive with the Antivirus system.
• Heuristic detection enabled – Checking this option allows Online Armor ++ to use heuristic detection to identify threats. Heuristic detection is helpful with identifying new malware that may not yet have a signature, but it can come with the drawback of false positives. This option has a global effect; if enabled both on-demand and on-execution scans will use Heuristic detection.
• Check only executable files – If this option is checked, Online Armor ++ will limit scans only to files with an executable file extension (e.g. .exe, .com, .bat and more). As malware has to execute in order to do any damage, some users may wish to limit scans to only executables and reduce scan times without compromising security.
• Scan alternate datastreams – Alternate datastreams (ADS) are a feature of Microsoft's Windows NTFS file system that can be used to add hidden data to existing files. Although ADS are used legitimately by a variety of programs including Windows, their hidden nature also makes them popular with hackers as a method of hiding malware such as root-kits. This option allows Online Armor ++ to detect any alternate datastreams that are present.
• Scan for hidden files – Some malware uses rootkit techniques to hide it's files and registry keys. If this option is enabled, Online Armor ++ will compare the results of a low-level scan it performs with the results returned by Windows. If any differences are detected, Online Armor ++ will report a hidden file or service.

Antivirus signature updates

The frequency of Online Armor ++ Antivirus signature updates can be configured by selecting Options from the Main Menu of the Online Armor Control Panel. On the General tab, the "Check for updates" drop down menu allows you to change how often Online Armor ++ will automatically check for both software updates and signature updates.

If you wish to check for Antivirus signature updates without checking for software updates at the same time, this can be achieved manually by right-clicking the Online Armor tray icon, selecting "Check for Updates" and then choosing "Signatures and Rules Only" from the sub-menu.

During an Antivirus signature update, you can view the progress by selecting Status from the Online Armor Control Panel. Below "Last Update:", the percentage of the download completed will be displayed. When the download has completed, this text will change to indicate that Online Armor ++ is installing the downloaded signatures.

Online Armor ++ will display a notification to inform you of when Antivirus signatures have been downloaded and installed. If you prefer not to see update notifications, you can uncheck the "Show update notifications" option on General tab in the Options section.

Deactivating the Antivirus Engine

If you need to deactivate the Antivirus engine at any time, this can be achieved from the Status section by removing the check next to Antivirus or by using the Online Armor icon's context menu.

The Online Armor icon in the system tray will show a red bug over the shield as a visual reminder that Antivirus protection is currently disabled. If the Antivirus engine is left disabled, the next time Online Armor starts up you will receive a notification warning you of this.