Spybot-Search & Destroy’s Detection Rules
Scanning a computer using antivirus, anti-malware, anti-spyware, or anti-trojan software uses a detection database. The database can be located on the local computer or in the servers of the security software vendors. The detection signatures or database to find malware should be updated by the security research team of the vendor, allowing the virus scanner to detect correctly and miss known trojans, malware, spyware or viruses.
Spybot-S&D also contains detection signatures but the default detection rules for Spybot Search and Destroy will not completely scan the computer. Below we explain step by step how to make Spybot-S&D detect everything it should and can detect.
Exclusions in Spybot-S&D
Most virus and spyware scanners provide an option to exclude files, processes or folders to scan. Adding a path, file or folder in an exclusion list means the antivirus or antispyware will not scan those files or folders. Some scanners’ default settings will exclude a folder to scan to save time in scanning large files, and users may add folders or drives for this reason as well. Sometimes files are added automatically when they are “allowed” or “trusted” by the user in a pop up dialogue.
This is actually the only way to add them in Spybot-S&D. You can exclude items to scan but there’s no option to manually add which files or folders to exclude during a scan. You can run a scan using the program and if it find threats in files or programs that you trust, right-click the detected item and then choose to “Ignore”. The ignored item will be added in the "
The only other exclusion method that is available in Spybot-S&D program involves not files or locations in the file structure, but settings to Ignore file extensions, cookies, system internals and products. All of these settings can only be accessed when using the Advanced mode.
Ignored Potentially Unwanted Programs in Spybot-S&D
The default detection rules for Spybot Search and Destroy are to ignore detection of some potentially unwanted programs (PUPs). For years Spybot-S&D has ignored detection of CDilla and SideStep, for instance:
The checked item in Ignore products means Spybot-S&D can detect the products but they are going to be ignored if found during a scan. If you prefer using Spybot-S&D to scan for anything it can detect, remove the check-mark before the boxes of CDilla and SideStep, or other checked items you aren’t confident are safe, that the program might ignore in future detection signature updates.
When the Spybot-S&D team issues updates or you install new versions the list of ignored products can be updated as well. Always review the “Ignore Products” list when using Spybot-S&D after an update. Make sure that you don’ let it exclude an unfamiliar item during a scan.
Image credit: Screenshot taken by the author.