Is "Scan with Bitdefender" useful?

DIVERSE

Sorry, the title might seem a bit provocative, but it's a genuine question.

Common situation:

1. Acquire a new file by internet download, or from an associate; save the file to local disk.
2. In Windows File Explorer navigate to the file, then use the context menu to "Scan with Bitdefender".
3. Run the file, or open the file in the relevant application.

Is the second step useful, or is it a waste of time, given that Bitdefender Internet Security ("BIS") is installed on this system with a typical configuration (i.e., background scanning for threats is enabled).

Let's suppose that the file is actually dangerous — infected with a virus, or malware, say — and that BIS is capable of detecting this during the on-demand scan initiated in step 2.

• Should I expect that BIS would have detected the threat somewhere in step 1, where the file is being downloaded to or copied to the local disk? In which case step 2 would be redundant.
• Should I expect that BIS would automatically scan the file when it is accessed to run/open in step 3, and thus detect the threat? In which case skipping step 2 would cause a minor delay in getting the notification about the threat, and dealing with the file (deleting, quarantining, etc.) …but from the perspective of avoiding harm, step 2 would be redundant.

Scott

Hi @DIVERSE

I like your question. Then let me answer your question with one of my own. Then what about System Scans? If a file is scanned during download, if it is scanned on-access, and if ATD is doing it's job in the background, are doing System Scans redundant? Is there something Bitdefender may miss on a download, that would be picked up later on during a scan, or again, would on-access or ATD pick up on it? @Flexx has a better understanding of these things than I do.

I still do the occasional Quick scan no matter what AV I use, but mostly done out of habit or peace of mind.

nuspieds

I tend to use this feature when I'm about to use a file that originated from an external source (e.g., a file I copied from another PC).

dvsls

All downloaded or copied files are scanned both online and locally upon download. However, for archives or ISO files, you could use the "Scan with Bitdefender" option. That said, if you extract or mount the archive/ISO, its contents will be scanned immediately as well. You are protected either way.

DIVERSE

Hi, @dvsls, I'm not sure I follow.

Certainly if an archive were individually password-protected, then BIS — along with any other product — wouldn't be able to scan it 'in situ', but would have to wait until extraction were occurring/completed.

But are you implying that potentially archives and ISO files that have not been password-protected might not be scanned automatically in the background unless/until they're being extracted/mounted? If so, that's not what I would have guessed.

@Scott, thanks. Yes, your follow-up is a very reasonable extension to my original query. Sorry, I can't seem to connect "ATD" with anything …my brain is stuck on "all the data" :-p

Scott

https://community.bitdefender.com/en/discussion/comment/350592#Comment_350592

Sorry, friend, I got lazy and posted the abbreviation for Advanced Threat Defense of the Protection/Protection features window in the app. As far as the job it does in protecting our devices in the background, apart from a scan.

https://www.bitdefender.com/consumer/support/answer/2024/

DIVERSE

By the way, I suppose one use case could be if a user has turned off all/many of the automated protections, but still wants the facility to manually initiate a scan. Perhaps that's one of the main scenarios where ad hoc "Scan with Bitdefender" (and "System Scan", …not to mention scanning of removable drives) is not redundant?

Psychologically I feel better to have the explicit confirmation "This file has been checked and found to be safe", rather than relying on an interpretation of the absence of any warning as an implication that the file is safe. Perhaps that's one of the other main rationales for such functionality: getting an (almost) immediate and explicit answer to the question, "Is this file safe?"

DIVERSE

Here is the message that appears if I manually initiate a scan of a password-protected file (in this case, a PDF file):

For the present discussion, the most pertinent aspect is: "These files will be automatically scanned when extracted."

Alexandru_BD

Hi,

Password-protected files belong in most cases to legitimate software. They are protected with a randomly generated password by their developers to avoid reverse engineering for malicious purposes. Most commonly, these are files that belong to another security solution, or files that belong to the operating system.
The password-protected archives require a password so that they can be opened and checked for malware. This notification appears because Bitdefender (or any other security solution) is unable to unpack the contents of such items and scan them. To actually scan their content, these files would need to either be extracted or otherwise decrypted.

DIVERSE

Hi, @Alexandru_BD.

While that may be true, the focus of this discussion was on the benefits of user-initiated scans through "Scan with Bitdefender" (and possibly user-initiated system scans, and even automated scans of removable drives), and on 25 February I had already stated that no security product can scan the contents of a password-protected (encrypted) file — until they are opened with the password. [Although if the contents do not mutate and the password does not change, then the signature of the encrypted file can still be informative.]

At risk of extending the digression, I think the origin of password-protected files depends on the circumstances. For example, medical records, legal documents, financial records, and copyrighted materials might commonly be password-protected too. That is what I commonly encounter.

Alexandru_BD

@DIVERSE I think the scenario you mentioned above is a good example - one use case could be if a user has turned off all/many of the automated protections, but still wants the facility to manually initiate a scan. IF, for example, you are required to disable some of the security modules for troubleshooting purposes, software installation compatibility reasons, or other reasons, the contextual scan would certainly prove useful, especially if you end up with a suspicious file or download while some of your defenses are disabled. If you receive a file (via email, USB, or download, etc.), an on-demand scan allows you to check it before opening it. This ensures no threats entered while protection was off.
Furthermore, if you suspect a particular folder, drive, or external device (USB, external HDD) is compromised, or something just doesn't feel right about it, you can manually scan it rather than waiting for the real-time scan to trigger. And yes, real-time scanners do not deeply inspect compressed files (ZIP, RAR, ISO, etc.) unless they are extracted. An on-demand scan allows you to inspect contents without extracting them.

Like dvasilas pointed out earlier, you are protected either way. While real-time scanning acts as the first line of defense, I think on-demand scanning is a backup tool nice to have for deeper security investigations. It ensures that malware that may have slipped through initial defenses, stayed dormant, or was introduced via offline methods can still be caught before causing any damage.

Regards

DIVERSE

Hi, @Alexandru_BD.

Thanks, that is very helpful.

In particular, as per my response to @dvsls , I had not been aware and had not expected that
"real-time scanners do not deeply inspect compressed files (ZIP, RAR, ISO, etc.) unless they are extracted".

Therefore I suppose that a further scenario in which an on-demand scan would be beneficial is when forwarding a non-encrypted archive to someone. For instance:

1. I download or am sent a compressed file (ZIP, RAR, ISO, 7z, …) — perhaps from a seemingly reliable source.
   But I haven't created the archive myself, so I can't personally vouch for the contents.
   The file is not encrypted (not password-protected).
2. I haven't extracted the contents, so Bitdefender's automated real-time scan has not "deeply" inspected the compressed file.
3. I decide to send the file to an associate by email, or perhaps copy it to an external drive for them.
   The associate might not have good security software on their computer. Therefore, to reduce the risk to my associate, I should initiate an on-demand scan of the archive before emailing/copying.

Admittedly it is not a common scenario in my own experience, but it certainly could happen. For instance, maybe my internet connection is better, so a friend asks if I can help them to download a large ISO file from some online source. Maybe I'm a longstanding member of a committee, and the Secretary circulates the last ten years' worth of records in a compressed archive "for reference", which I never look at because I figure that I have my own scrappy notes, but when someone new joins the committee, I figure I can do them a favour by forwarding the archive.

Not to get too technical, but could we please clarify one point: suppose that we have a ZIP file with no compression. In other words, a ZIP file created using the "store" option. Would Bitdefender's real-time scanner "deeply" inspect the contents because it is not compressed, or would the real-time scanner not "deeply" inspect the contents because it is an archive (in ZIP format)? I'm guessing the latter, but please confirm.

—DIVERSE

Kobac

I came on here to ask the very question that DIVERSE posed here. I am used to saving a file sent to me via email or downloaded from the Internet, and then right-clicking on that file to initiate "Scan with Bitdefender." I was telling somebody my process and after telling him, I began wondering whether it was actually necessary to initiate a scan this way or does Bitdefender automatically scan downloaded files without my intervention.

Most often these files are MS Word files, PDF files, and EXE or MSI files for a new program.

I am running Bitdefender Total Security under Windows 10 Pro.

dvsls

https://community.bitdefender.com/en/discussion/comment/350807#Comment_350807

All these filetypes are being scanned before download.

@DIVERSE

Archives are also scanned by our web protection layer. However, you can enable an additional setting in Protection - Antivirus called "Scan Archives" to scan local archives before opening them, archives that were copied from other sources.