Avast! Internet Security: Big difference Amount scanned and properties of Disk

[REDACTED]

 I use Avast! Internet Security.  I ran a Full System Scan.  The amount of data tested is 375.2 GB.   I don't have any media attached.  No CD/DVD.  I looked at the properties of my Hard drive:  NTFS system, Used space is 246 GB.  Free Space is 207 GB.  Capacity is 453 GB.  There is only one partition.  No special drive with a backup of the original OS.

I could understand being off by a little.  I would imagine that a zipped file would show up in properties as less than the actual amount of data that Avast! would indicate.  But, I don't think there is any way I have 111 GB of zipped files.  After doing a quick search for zip files, I estimate I have about 8 GB of zipped files.  There were several files that couldn't be scanned because the archive was password protected. But most of those look like dlls.  One was a  'decompression bomb' inside a downloaded .exe.  But there is no way it is 100GB. 

 I'm sure I'm missing something, but what is it?

[DavidR]

As you say, the windows explorer data on disk isn't going to be the same as that found on a scan.

You don't say what scan you were doing and if that scan was on default settings ?
So it is hard to say the likely outcome of the scan (data scanned), many files actually aren't scanned, those that are inert (such as zip files) or aren't targeted by malware or don't present a immediate threat.

Zip, or rather compressed files doesn't only include .zip files, some executables will also be highly compressed (self extracting executable files) and these wouldn't feature on your search.

The NTFS structure can have a file that has a very small size reported but could have massive ADS element (alternate data streams) that isn't actually reported by explorer. https://en.wikipedia.org/wiki/NTFS#Attribute_lists.2C_attributes.2C_and_streams

As you can see from the above it is very hard to determine what is actually scanned and it is more likely to be quite accurate as it is recording everything that is extracted and scanned.



With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.

I used to have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. But I have ceased this practice for some time now, based in the above.