Rootkit Scan Not Functional

I created the task for Rootkit Scan only and check only "Scan for Rootkits" and "Scan for Viruses" which is already checked by-default (and can't be unchecked) in Scan level. But when I run the task, it scans only for viruses and didn't scan for Rootkits. Also it didn't display "Scan for hidden files and process" instead showing "scan for viruses" unlike in Bitdefender 2010. The same issue is for Deep System Scan also.

Also I want to know what if I don't select any "Paths" for Rootkit Scan Task only? And what happened to the hidden items detected if I select "Takes no action"?

Find more posts tagged with

Comments

Rampant

If to look at this table it becomes clear that with treatment of rootkits at BitDefender it is absolutely bad.

pdf

Rampant

Still it would be desirable to learn, how affairs at BitDefender with treatment TDL4 are? Russian вендоры already added counteraction means to this rootkit, in the decisions, here I showed as with it Danilov's laboratory consults.

http://www.screentoaster.com/watch/stV0lVR...1FXQV1ZUl1dVlVc

unknown

Hi,

Rampant: Banned - posts set to invisible. Read the Forum Rules before posting!

ONT: first of all: how you came with the conclusion that the rootkit scan is not functional ? Because it was not displayed in your screenshot as scan option ? I have made the same settings as you and I see the following options in the scan log:

Scan for viruses: Yes

Scan for adware: No

Scan for spyware: No

Scan for applications: No

Scan for dialers: No

Scan for rootkits: Yes

Scan for keyloggers: No

Do whatever settings you need for the User defined task then start the scan. Wait for it to finish then send me the scan log along with ALL the options you used, EXACTLY as you set them so I can reproduce the scan you took.

coolcool1227

@how you came with the conclusion that the rootkit scan is not functional ?

I keep looking the scan task till it finished and there didn't appear any indication for scanning for rootkits as in the past.

The log file is attached.

/applications/core/interface/file/attachment.php?id=7319" data-fileid="7319" rel="">1292300977_1_01.xml

1292300977_1_01.xml

coolcool1227

I know scan for rootkits takes some time to complete and not in fraction of seconds. I execute the task again and its log file is attached.

/applications/core/interface/file/attachment.php?id=7324" data-fileid="7324" rel="">1292653344_1_01.xml

1292653344_1_01.xml

unknown

Hello,

I see the following in your scan log:

scanAdware="0"

scanSpyware="0"

scanApplications="0"

scanDialers="0"

scanKeyloggers="0"

scanFiles="0"

scanAllFiles="1"

scanUserDefined="0"

scanPacked="0"

scanArchives="0"

useSmartScan="0"

scanEmails="0"

scanRootkits="0"

scanAllRootkits="1"

scanBoot="0"

scanMemory="0"

scanRegistry="0"

quickScan="0"

quickScanMemory="0"

quickScanAutoruns="0"

quickScanPlugins="0"

scanCookies="0"

shutdownAfter="0"

passwordPrompt="0"

There are different types of rootkits and more than a single default type of scan performed by BitDefender. Can't explain you the exact scan process as it is not public information. You should keep in mind that scanning even with all options disabled, some of the scan options can't be disabled otherwise it will be nothing to scan after.

Also, take into consideration the definition of a rootkit:

A rootkit is a software system that consists of one or more programs designed to obscure the fact that the system has been compromised.

Also check this link: http://en.wiktionary.org/wiki/rootkit

As a conclusion to your report, I do not agree: according to the scan log you sent me, there is a scan performed to search for rootkits.

coolcool1227

Still facing the problem and needs some further clarification

Actually my main concern, for which I reported is that I keep seeing the task running for Rootkit Scan Only until it finished, but it didn't display "Scan for rootkits" in "Current Scan Operation" in the scan task window instead it displys the path for currently scanned items unlike in BD2010 in which it displays Scan for rottkits and takes sometime to complete the rootkits scan.

Also there the option to "unhide" the hidden files is not present any more rather than the option to disinfect the infected files is available.

scanRootkits="0"

scanAllRootkits="1"

Also should I set the value of "scanrootkits="1"?

unknown

Hi,

No, as the scanAllRootkits overpass the scanrootkits option into that XML file.