Antivirus scanning is an odd beast. Everybody wants to know the numbers, but the means with which the results are generated can be so various as to be meaningless. Moreover, we come back to real-world applicability. If you’re running a deep scan in the middle of the night, do you care if it takes 10 minutes or two hours? If, for some strange reason, you run a scan while working on other tasks, do you care so long as there’s no noticeable impact on system resources? Honestly, we don’t. But for those who like numbers as a way to grade product options, here goes.
The first full system scan will almost always be the slowest. This is because most AV products perform some caching. The rationale is that, provided no malware is detected in the system, why reinvent the wheel? Why burn a lot of time and cycles performing deep inspection on files that are already known to be safe? This is akin to doing a differential backup rather than a full system backup.
AVG and McAfee are the big surprises here. In fact, there almost seem to be two approaches to deep scanning. Is it a coincidence that AVG and Kaspersky are in the back half of AV-C’s missed samples results? Maybe, but so is Microsoft, which is our second-slowest scanner behind GFI.
Subsequent deep scans seem generally to accrue cached data until a steady performance level is reached. For example, our three subsequent scan times for Symantec were 29:50, 6:01, and 6:15. Microsoft progressed from 1790 seconds to 361 and 375, or just over six minutes. So, our mean times reported here are actually skewed to the high side in cases where caching progresses to an eventual baseline. The notable exception is GFI, which clearly does not cache and exhibited no drop-off from the first scan to subsequent scans.