Actually it seems as if the Live-Protection-Scanner does scan only Applications, if they start.
But the Scanner dont scan all files in generally on writing and/or reading.
If for example a new bat or txt files is getting created (writing) or opened (reading) on the computer, the Live-Protection wont scan this file automaticly.

Hello,

That's correct, as a text file is not an executable.
The Live Protection monitors every created/running process and scans each process.
It blocks malicious processes before they start.

Best regards
Sandra
Team Spybot

If for example a new bat or txt files is getting created (writing) or opened (reading) on the computer, the Live-Protection wont scan this file automaticly.

The following test case might make sense: Does the Live Protection do its job when a (malicious) executable is started from within the .bat file?

The following test case might make sense: Does the Live Protection do its job when a (malicious) executable is started from within the .bat file?
I will try this.

But what if the bat itself is harmful, even without starting a executable? - The Live-Protection would not prevent against a harmful script, i guess.

I will try this.

But what if the bat itself is harmful, even without starting a executable? - The Live-Protection would not prevent against a harmful script, i guess.

Good point that might be worth investigating... LP monitors all process creations, plus a list of most recently used files before they're even opened. Depending on the script type, it might be e.g. cmd.exe that is executed as a process. In that case, it depends on whether the code analyzing the command line is intelligent enough to detect the batch file as the important parameter.

As for scanning all files on reading/writing, that's a performance issue. If I compare this with other AV tools, some even restrict files by type or extension even further to give the impression of a fast tool. Maybe we can make this (on-read/write-access) optional in 2.2, and maybe based on file type.

Actually i think, its really an issue, which maybe should be tought about for the next version, Spybots Live-Protection, actually really scans only executable files but since Spybot now have an AV-Engine, also non-exectubale files, such as images, bats, cmd, js, vbs should be included into the scan, because also they can incluse harmfull code herself or can be used to cover harmfull code.

I knew scanning all files on reading/writing is a performance issue and since many users may have another AV in use next to Spybot, it need to be paid attention on the conflict-potential too, but, as PepoMK, sayed, depending the code, maybe its worth to think about it.

EDIT: i wrote harmless in my previos post instead of, correctly harmfull. (Maybe the admin can remove my previos post.