From: "Virus Guy" 

> "David H. Lipman" wrote:
>
>> Answer:
>>
>> "No, not currently. Theoretically it has the capability to do so via
>> the change to the engine which allows it to scan all offline user
>> registry hives, but as implemented now it wouldn't scan the registry
>> hives from an offline drive. "
>
> Thanks for finding that out.  I use Mbam maybe once a year on a computer
> owned by a familiy member, but other than that my use of AV/AM tools is
> very very low.
>
> Can you explain why the makers of MBAM (and probably other AV/AM
> software also) do not recognize that a USEFUL way to scan a suspect
> drive is to remove it and connect it in slave mode to another
> (presumably clean or trusted) computer?
>
> Why do they not recognize the merits and advantages of scanning a
> suspect drive (including the registry) while it is in an "offline" or
> inactive state, and react accordingly by giving their products the
> ability to do that?

YW VG.  Happy Holidays to you.>

Because it is a consumer geared COTS application.

Computer Technicians are expected to use Techbench which is licensed for 
that kind of 3rd party technical service.

For the business arena, it is MBAM Endpoint Security.

-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 

--- NewsGate v1.0 gamma 2