Scanning Skips System Files

Hi,


Have a go at doing any kind of manual scan on a system folder then looking at the log file.


For example, if I do a contextual scan on the folder C:\WINDOWS\system, the log file tells me that only one object was scanned, even though there are several system files in that folder.


Similarly, a manual scan of the folder C:\WINDOWS\system32 completes far too quickly and seems to skip many of the 3000 or so files that are in that folder. This is despite selecting all options in the scan type properties.


This makes me worry that all types of scan, including 'Deep System Scan' and 'Full System Scan' are not really scanning every file on the computer. So for example if a virus was to replace a system file, it would not get detected.


Can anyone explain?


Thx

Comments

  • Hello PASroke,


    The same question has been asked before on our forum.


    BitDefender products have a Smart Scan module, which prevents re-scanning of unchanged, clean files. This is used to increase scanning speeds in both Realtime and OnDemand scans.


    Be assured that all files were scanned at one point in the past and, in case the files change, the files will be scanned again to ensure that they are clean (also an alert is shown in case they get infected).


    Cris.

  • Hi Cris and thanks for the reply. But I'm not convinced!


    The reason I'm not convinced is that I have recently tried a brand new fresh install of AV 2008 on a newly built machine, and the very first thing I did with BitDefender (after updating the virus definitions) was to try a contextual scan on the C:\WINDOWS\system folder, which I can guarantee had never been scanned before (I did not allow the initial scan that the program installer tries to get you to agree to). All files in it were skipped and not counted in the scan log.

  • alexcrist
    alexcrist
    edited September 2009

    BitDefender comes with a predefined whitelist of known files (list which is updated whenever necessary, through Automatic Updates, along with other types of updates) as well as a prebuild Smart Scan database. These contain signatures for files that are known to be clean, thus preventing the other engines from scanning them.


    This filtering ensures that files are not scanned until they are changed/replaced and is not based on file name and/or location.


    All in all, once a system file gets modified, it will be detected if it contains known malicious code.


    Cris.