Custom Scan Gives No Warning When A Target Is Unavailable

bd127

A custom scan does not give any indication when a target is missing, e.g. a scan of a external HDD when the drive is not connected, or a scan of a folder when the folder has been deleted or renamed.

The scan will appear to run normally and the summary reports no threats found. There is also nothing in the log to indicate that the target could not be scanned.

The screenshot shows a totally misleading entry reporting "Scan task finished successfully" when in fact the external HDD was not connected.

Bitdefender IS2012 Version 15.0.34.1437, Windows XP SP3

rootkit

Welcome back bd127

I can confirm you that the phenomenon is normal(in other words FaD-Functions As Designed).

Even if you put just one target under Custom Scan and that target is unavailable for some reasons, under the Custom Scan function, Bitdefender scans also the loaded drivers, the RAM memory and some critical registry areas.

This was implemented for security reasons.

Thank you.

bd127

OK Cristi, if that's the design, let me pose some simple questions. I've put in my own answers but would be interested in your responses.

Q1) From a user's perpective what is the purpose of a custom scan?

A) To analyse a designated set of files, the targets.

Q2) What is a successful outcome?

A) Completing the analysis of the targets

Q3) What is an unsuccessful outcome?

A) Not completing the analysis of the targets

Q4) How is the user informed about the outcome?

A) Via a report

Q5) What should be in the report?

A) An accurate description of the analysis bringing attention to

• 1. Problems that were encountered in the execution of the analysis

2. Threats that were detected in the targets or their environment.

My interpretation of the current design is that it forgot why it exists. The targets should be central, of the highest importance, and the scan editor certainly gives the impression that they are. The user is shown the following message if no targets are selected.

The phrase "You must choose which items MUST be scanned" is used. I have capitalised the word MUST to emphasise the implied contract between the scanner and the user, which is to analyse the chosen targets.

Moving forward to the point where the scanner has done it's work and issued a report. The user reads the summary and sees that the scan task finished successfully and that no threats were found. The assumption I would make is that the target was scanned but I now know that is may not have been.

So the situation is that something that MUST be scanned might not have been.

Surely that warrants a mention in the report?

rootkit

Welcome back.

All those answers are correct from my point of view too.

In order to scan just the selected target(without memory, registry, etc), you need to create a custom task with these parameters(under Scan Options):

I will forward your request to our Developers. Thank you very much for your feedback.

Take care.