Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

When do I actually need to run a virus scan?


Do you have more than one anti-virus program running at any one time, to stop newly arriving viruses, or do you just have them ready to run when you’ve got a virus and want to clean it out?

Virus scanners are best used to prevent viruses from ever reaching your machine, but you raise a very good issue that most folks don’t realize.

There are two types of scans, and each has a place and a purpose.

Become a Patron of Ask Leo! and go ad-free!


The most common type of scan is the continuous “real-time” scan that watches for viruses in data as it arrives (and possibly as it leaves) your computer. I say it’s the most common because it’s enabled in the default configuration of most anti-virus programs.

“Most anti-virus programs include both types of scans; real-time and on-demand.”

Using a real-time scan, the anti-virus software will hook into your network connection and simply watch the data coming and going to and from your machine, watching for viruses. If it identified one, then it takes appropriate action and alerts you.

Typically, real-time scans are considered the safest, since viruses are caught before they’ve ever had a chance to run on your machine. Some will also prevent email-borne viruses from arriving in your inbox as well.

It’s extremely important that there be only one real-time scanner running at a time, as they can conflict with each other resulting in false positives, missed viruses, program crashes or worse. But fortunately, one real-time scanner is all you need.


With an “on-demand”, or scheduled scan the virus program simply examines the contents of your hard disk, reading the contents of every file looking for viruses. Naturally, reading everything on your hard drive can take a little time.

Free virus scans are often on-demand. You initiate a scan, and a while later the scanner tells you whether or not your machine is infected and whether or not it was able to remove the infections.

When an on-demand scan is complete no further scanning is performed until the next on-demand scan. It runs, scans everything, and then finishes.


Most anti-virus programs include both types of scans, real-time and on-demand. Most will enable the continuous real-time scans by default, but also offer some form of scheduler so that you can automatically run the on-demand scans.

I typically advise having a couple of additional on-demand scanners ready (or at least selected) when it comes time to track down a particularly nasty  virus that perhaps your regular virus scanner misses.

For what it’s worth, I actually don’t run a real-time scan, since I’m fairly well protected in other ways and find that real-time scans can occasionally interfere with the performance of my machine. They’ve also been known to cause other anomalous behavior – most commonly with email. I do, however, run an on-demand scan which is scheduled every night.


Regardless of what type of scan you run, it’s critical that you make sure that the database of virus definitions your scanner uses is as up-to-date as possible. Most anti-virus programs include a scheduler for that as well, and I make sure that mine is configured to download the latest database every night.

Whether you run a real-time scanner or a nightly or other periodic scan, remember that it’s critical to do something. The days of being blissfully ignorant about viruses is long past.

(This is an update to an article originally published in December, 2004.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

12 comments on “When do I actually need to run a virus scan?”

  1. Hey leo,

    Ill keep this simple as possible. I bought a new computer and it had the free norton anitivirus program for 40 days. to renew it 90$. so should i renew it or shall i just get a free AVG antivirus program? is the free ones good or the paid ones better? thanks for your time and also sorry updates for the anitivirus means that specialy for the program or for the whole computer. because i cant see updates just for the antivirus program. thanks

  2. hi Leo I just downloaded a free virus scan from Winantispyware. Do you know if this was a good thing to do or not?

    I’m not familiar with that one.


  3. If you live near a Fry’s Electronics store they have a Norton AntiVirus 3-user copy (works fine for just one computer) for $49.95 with a $30 mail-in rebate, and a $20 upgrade mail-in rebate. Fry’s seems to do this every year. I haven’t paid more than tax for Norton AntiVirus in 3-4 years. So if you have Norton AntiVirus the 2008 version is free. If not it’s only $20 this year and probably free next year.

  4. You mentioned you run your scan at night. Does that mean that computer DOES NOT need to be on for the scan to run? Thanks so much!

    It means that I leave my computers running at night. Your computer must be on to run scans.

    – Leo
  5. Hi Leo,

    I have a small querry. I have an antivirus on my machine. The Real time scan is always ON. But when i do a manual scan i find some of my files were infected with virus which the Real Time scan didnt find out. Can u suggest me what was the possible problem as to why The Real Time Scan didnt notice about the virus?????????

    I have only one Antivirus running on my machine.

    It’s difficult to say without knowing exactly what anti-virus program you’re using. Some “real time” scans only scan what’s coming in over your internet connection, for example. If a file arrives some other way, say through windows networking, it might not be caught. Similarly some programs don’t real-time scan everything even on the internet – they scan browser activity and email, but might skip peer-to-peer file sharing applications or other apps. As you’ve seen, a periodic full scan is an important step in addition to real-time.

    – Leo
  6. ok! but i think antivirus are also bad. they makes computer slow and eats up the bandwidth of internet connection for updating.

    In general the impact is minimal, and far outweighs the risks you might be taking by not using one.


  7. @kim: The website scans files with over 30 different antivirus programs. If your program is on the list of software they use, it’s certainly legit. Here’s the list

    If its not on the list, the safer choice is not to use it. There are MANY phony antivirus programs.

  8. A on demand scanner nightly may be the answer for older computers. All these newer real time programs hogs the memory and speed the older computers do not have. May be a good choice if just visit Yahoo, Gmail and other mainline sites. If I did banking or credit cards I would do after the nightly scan only!

  9. I have a friend never uses antivirus installed on its PC.
    he only runs every 2 or 3 days avasoft adware free and its machines work clean soft full processor speed during long time (years)

  10. I did not see NOD32 on the list, is it still among the top 2 as in 2006 with you Leo? Thank you, I so appreciate your site.

  11. I don’t think your article answers the question you posed as a title, to wit: “When do I actually need to run a virus scan?”

    I was hoping to get some authoritative guidance here on how often an on-demand scan needs to be done when I employ real-time scans 24/7? If the answer is weekly, then I figure I can stop my nightly on-demand scans and reduce the associated wear and tear on my hard drives not to mention the electricity it takes so spin those drives and touch every file on all my hard drives by a factor of 86%. Your answer to this, Leo, may help millions of us make our hard drives last longer and also help save the planet by reducing unnecessary energy consumption.

    Thanks for your articles – I’ve learned a lot on your site.

    When in doubt: daily. Ultimately, though, I can’t give you a one-size-fits-all answer because it depends much to much on how you use your computer, what your safety habits are and more.



Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.