[resolved]New To Bdav 2010 - Settings Questions

You can change the default action that the product applies to infected/suspected files on real-time scanning from the Antivirus page, Shield tab, under Custom Level(for the Expert layout). For the on-demand scans, you may change the behavior on a per-task basis by right-clicking a task and selecting Properties, Custom.

On the other issue, currently we do not support a way to completely disable the loading of modules upon reboot, but you may choose to disable modules permanently within the product and this will be sufficient for most users.

You can change the default action that the product applies to infected/suspected files on real-time scanning from the Antivirus page, Shield tab, under Custom Level(for the Expert layout). For the on-demand scans, you may change the behavior on a per-task basis by right-clicking a task and selecting Properties, Custom.

On the other issue, currently we do not support a way to completely disable the loading of modules upon reboot, but you may choose to disable modules permanently within the product and this will be sufficient for most users.

Thanks for the quick reply.

I opened the real-time protection settings and expanded the tree to look at the Scan accessed files section and also the Action to take - First action & Second action settings. Neither one has an "ignore" function. This is my one specific issue. I have an old program that displays advertising. Both BDAV & the a/v program I previously used detect (and rightly so) a file named advert.dll as a threat. Previously, I was able to "ignore" this detection and continue using the program with no ill effect. With BDAV, it finds the file and gives me a message that !An object has been ignored because you do not have administrative rights to disinfect, delete or quarantine it. This is fine because I want to ignore it anyway, but this is probably only the case because it is Win 7 which has much tighter security settings than WinXP. My other 2 PCs are running WinXP and this seems to tell me that if I were to install BDAV on one of those PCs, it would have the administrative rights to disinfect, delete or quarantine the file which would "break" the program.

This message raises another question. Since BDAV is saying it doesn't have administrative rights on this Win 7 PC, do I have it installed incorrectly? If BDAV were to find a new detection next week, would it be unable to treat the new detection because of this?

I looked at the tasks for the various on-demand scans and didn't realize I could right-click to view the properties - thanks for pointing that out. I will have to do more reading on that.

What I had been doing is using Windows Explorer, navigating to a folder, right-clicking and selecting Scan with BitDefender which doesn't give me any scan options.

On closer inspection, you will find that the first option in the Action drop-downs is - Take no action. This is functionally equivalent to the Ignore option you requested.

An alternative would be to add the file to Exceptions list.

The right-click -> Scan with BitDefender feature uses the scan task named Contextual Scan. You can change settings for that at will.

On closer inspection, you will find that the first option in the Action drop-downs is - Take no action. This is functionally equivalent to the Ignore option you requested.

An alternative would be to add the file to Exceptions list.

The right-click -> Scan with BitDefender feature uses the scan task named Contextual Scan. You can change settings for that at will.

Well, I looked at the 1st Action drop-down & found 4 options & did not see "Take no action":

Deny access and continue

Disinfect file

Delete file

Move file to quarantine

The 2nd, 3rd & 4th Action drop-downs each have 3 selections - Disinfect file is not an available selection.

Just to be sure I understand, I see where I can exclude a path, but not to the file name level. Or again, am I missing something?

Thanks!

My bad. I was thinking about the on-demand scan. For real-time scans you have the Exclusions tab under the Antivirus page. You should be able to enable exclusions then add the file. I was able to add a specific item to the list by browsing to that folder and expanding it (I did test it this time:) )

No problem

As you explained, I was able to navigate to the file level & get it set in the Exclusion list, so I am good there.

I still need to know about the other issue I raised a couple of posts back:

"With BDAV, it finds the file and gives me a message that !An object has been ignored because you do not have administrative rights to disinfect, delete or quarantine it. This is fine because I want to ignore it anyway, but this is probably only the case because it is Win 7 which has much tighter security settings than WinXP. My other 2 PCs are running WinXP and this seems to tell me that if I were to install BDAV on one of those PCs, it would have the administrative rights to disinfect, delete or quarantine the file which would "break" the program.

Thanks!

EDIT: I checked my email settings under My Controls on the forum & its set to send email notifications when you reply, but I'm not getting any emails. Any idea why not?

To the best of my knowledge, this happens when the user accessing the file does not have the necessary rights to modify the file. For example if you were to execute an application contained in Program Files as a limited user(or administrator without elevation) you would lack the rights to change the files of the program and, in the event of a detection, BitDefender would refuse to modify it and simply deny your access to it. However, if you were to run the same application in the context of an elevated administrator, your user would have the necessary permissions to change infected files and thus clean or delete them.

The primary target is to stop infections from getting into your system. This should be done by the realtime scanner and you should not have to deal with malicious files after that point.

On the other issue, I'm not sure why this would happen(maybe the notifications get filtered as spam?). You could try using the "Track this topic" under options in the top of the topic.

Being new to Win 7, I'm just beginning to learn about administrator and administrator with elevation. When I first booted this PC, I only created one user ID and it was at the password protected administrator level. I was under that ID when I installed BDAV. It was when BDAV ran its first scheduled full system scan where I saw this warning message. It found the advert.dll file but could do nothing with it. Is this normal or should BDAV be able to treat this file? Is it installed wrong?

As far as the forum board, I tried clicking on subscribe but it said I already was subscribed. All my spam filters are turned off. Besides, I did get the account information email, the forum registration email & a thank you email for trying BD. I dunno!?!

I'll have to ask a colleague to take over here. This is outside my area.

OK.

BDAV crashed earlier. I submitted the requested crash report.

What exactly are you trying to do when you get the message about 'Administrative rights' ? Can you give me some examples please? When you install on Vista / Win7 it's highly recommended to right click to the installation kit file and select 'Run as Administrator'. After reading the topic so far I do believe that you haven't installed BitDefender correctly.

You mentioned the file "advert.dll" as being found after a scan. What was the exact message displayed ? Can you please locate the file, create a password protected archive and upload it HERE ? I would like to send the file to our labs.

Sorry for the delay in responding, I've been busy today.

Thinking that I may not have initially installed BDAV with the correct administrator privledges, I used the BD removal tool (BitDefender_Uninstall_Tool.exe) to uninstall. I then downloaded and saved the stub installer bitdefender_antivirus.exe. I right-clicked on it and picked Run as administrator to reinstall. It ran to normal completion, but did not appear to make a difference.

After re-installing, I opened the BD Security Center and clicked Antivirus-->Virus Scan. I clicked on Run Task for System Scan and let it run to completion. It found and alerted to the advert.dll file. This file is part of an old (v3.0.2) free version of CuteFTP that I have used on many PCs over the years. The dll file displays ads, but is otherwise harmless. I've had to ignore this detection (Aureate) with previous a/v programs, so I am used to it, which is what I was looking for in BDAV - a way to ignore its detection.

At the end of the System Scan, I got this:

Followed by this:

In this case, its OK because I want to ignore this particular detection, but what about new virus detections?

I can still send you the dll file if you really want or need it. Let me know.

Thanks!

Hi,

Please pack the dll file and password protect the archive. Upload it HERE and send me a PM with the download link.

The issue can be resolved by adding the file to exclusions into the Antivirus module within BitDefender Security Center if you wish to ignore it. If the file is 100 % harmless the detection will be removed.

File zipped & uploaded. PM sent with the download link and zip file password (good thing I had WinZip installed on my desktop to add the password).

What about the system administrator rights messages and the detection getting ignored? What would happen if I got a real virus on the laptop? Is BDAV not going to be able to treat it?

I can't answer yet to that question however you will get all the details as soon as I will have the results from my colleagues.

Read your PM - thanks. Its just a little disturbing that BDAV detected the "virus" but couldn't do anything with it because of administrative privledges. I really makes me wonder what would happen if a "real" virus got on my PC!?! <_<

Hi Nikki,

The submitted file is an Aureate product and falls under Adware category. As such, detection for this will be retained (but it may be given another name at some point).

The process known as advert.dll will attempt to store advertising banners and other information about your surfing habits while you are surfing the internet with Internet Explorer.

advert.dll is considered to be a security risk, not only because spyware removal programs flag Advert as spyware, but also because a number of users have complained about its performance.

I would recommend you to create a ticket with us and further investigate to check and see if your computer got infected or not. I have escalated your ticket ID 201008041001802 to one of my colleagues from the Malware team and he will assist you further.

Best regards,

Thanks for following up on this. Its very satisfying to find a company and staff that actually do what they say they are going to do. I really appreciate it!

I am not too concerned about this adware. I have run this version of CuteFTP (which installs the advert.dll file) since 1999 on many PCs and it has never caused a problem other than the banner ads. Every other a/v product I've used detects it and I just set it to ignore. I have no problem doing the same with BDAV.

Thanks again!

I really could use some help with this problem.