[resolved, Won't Be Implemented] Dealing With Infection

What are advantages of dealing with infected files at the end of the scan rather than taking action upon finding the infection?

Comments

  • rootkit
    rootkit ✭✭✭

    Hello :)


    It is much more elegant to have all the results on a page and take actions for all of them instead to be prompted every few minutes by the product.


    With the second option, the scan will have to stop for you to take the action making the scan time even bigger.


    So, the actions page will be always at the end.


    Also, if an infection is detected by the On Access and resolved, that one won't appear at the final of the scan.


    Let me know if you have other questions.


    Take care.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited April 2012
    Hello :)


    It is much more elegant to have all the results on a page and take actions for all of them instead to be prompted every few minutes by the product.


    With the second option, the scan will have to stop for you to take the action making the scan time even bigger.


    So, the actions page will be always at the end.


    Why the scan would prompt or stopped for taking action, if I set the actions already? This situation can be overcome by running two routines at same time, one for detection and the second for action. Although it may consume more resources but would increase the overall scan speed.


    Hello :)


    Also, if an infection is detected by the On Access and resolved, that one won't appear at the final of the scan.


    Take care.


    In that case Bitdefender display "action failed (object was not found)", which I faced sometimes.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Why would someone love to guard the scanning process when can leave it to do the job an get back later to see the results an then take action?


    This is a legitimate question...


    The scan can not continue if the action is user depended and you will find the scan stopped and waiting for further instructions.


    Take care.

  • Hello :)


    The scan can not continue if the action is user depended and you will find the scan stopped and waiting for further instructions.


    Take care.


    Why the scan can not continue? I rephrase my above post that when an infection found during the scan task, the routine for taking action on the infection opens in an other window and do whatever we set the action and it remain open but in idle state (and becomes active only when another infection is found), while the scan continue in its own window without any interrupt.

  • Hello ONT


    My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.


    "Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?


    My Best Regards

  • rootkit
    rootkit ✭✭✭

    Hello everyone :)


    I have a scenario: the product prompts the user to take actions after each detection during the Full System scan, but the user is not in from of the PC. In this ideal scenario, the scan will continue and for each detection the user is prompted.


    When the user returns, the scan process is finished and he will have to take actions for all the malware.


    Isn't this the same thing? It is better to take all the proper actions at the end of the scan and in some cases, you can select one action and apply it to all the discovered malware.


    Take care.

  • ...but the user is not in front of the PC...


    First of all this is a crime!!!


    And then, what if product sending a message to mobile phone and there is the ability to select proper action via that?? :rolleyes:


    P S: Is this a brilliant idea or what? :D


    Peace and Happiness

  • Hello ONT


    My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.


    Kindly read my above post again.


    Hello everyone :)


    I have a scenario: the product prompts the user to take actions after each detection during the Full System scan, but the user is not in from of the PC. In this ideal scenario, the scan will continue and for each detection the user is prompted.


    When the user returns, the scan process is finished and he will have to take actions for all the malware.


    Isn't this the same thing? It is better to take all the proper actions at the end of the scan and in some cases, you can select one action and apply it to all the discovered malware.


    Take care.


    I am not suggesting this scenario.....just see Eset.

  • Hello ONT,


    Be sure I've carefully read your above post, although you've missed this

    "Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?
    from my above post.


    Anyway, all I try to say is that "The best is the enemy of the good", a rule that Eset, Norton etc. seems to ignore and make our PCs running like a turtle.


    Have a nice day.

  • Hello ONT


    My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.


    "Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?


    My Best Regards


    What I meant was that the detection and action routines run in parallel and not like you said. And regarding your second statement, I simply gives the example of Windows Vista and Windows 7. Windows 7 consumes more resources but faster than Vista.

  • Hi ONT,


    I'm not an expert but I think Vista was a completely failed system. BD is not a failed application although it needs improvement...


    So, the worst must have an enemy but the good no.


    My Best Regards

  • coolcool1227
    coolcool1227 ✭✭✭
    edited April 2012

    The Bitdefender holds the threat while scanning but not in a proper way, because even then the detected threats can become active and are therefore detected by RTP and thus display in the scan logs “failed to perform action (object was not found)” in the end of scan task, which happen sometimes so silently and hiddenly in the previous versions (not sure about 2012) that there was neither any pop-up appear nor indication in the logs for that threat even if they were detected by RTP. So the scan task environment can not restrict the detected threats activity and thus RTP come into play in such situations. This is the real bug of the Scan Task. In my opinion the detected threats during scan task should be kept in the environment which denies accesses to all processes and executions even to RTP.

  • werby3
    edited April 2012

    Hi ONT,


    I've not encountered such a situation till now so, if this happens, I have to agree with you about improvement at this point.


    I only remember a threat (I cannot remember the type), 2 months ago, that could not be solved. Although BD deleted it, after restart, it appeared again and again so, I was forced to run "System restore" that finally solved this. I don't know if we're talking for the same thing (I'm not an expert) but I have to thank you for your info!


    Have a nice week!

  • better to scan and check results later

  • I agree with ONT , because while we finish full scan and we select (Take proper action) , press continue , then disinfection process starts .


    Which is taking almost same or half of the time and is very irritating .


    Also scan of Removable drive is very slow like .. 8 gb usb flash drive taking 1.5 hr. , after taking proper action it takes the same time again.


    many times problem occurs like


    1-pc hang


    2-pc restarts


    3-power failure


    Then we have to start full scan again!!


    If we select action -> disinfect or quarantine , then in we expect it to happen in any scan


    So it is a gentle request to BD people, kindly make disinfection process at the time of scanning which is very convenient and hassle free.


    :unsure:

  • Me agree too....that the cleaning or disinfection processes takes lot of time in 2012 version especially on the exe files.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited April 2012
    Hi ONT,


    I've not encountered such a situation till now so, if this happens, I have to agree with you about improvement at this point.


    I only remember a threat (I cannot remember the type), 2 months ago, that could not be solved. Although BD deleted it, after restart, it appeared again and again so, I was forced to run "System restore" that finally solved this. I don't know if we're talking for the same thing (I'm not an expert) but I have to thank you for your info!


    Have a nice week!


    Read this topic for information. And what you mention later, it was the issue that the Bitdefender takes action on the virus e.g delete, but even then the same infected file was remain there. Now it is fixed. I forget the topic posted by user on this forum, but I also experienced this issue. And it is the totally different thing, not what I am discussing.

  • Any reply on my post #13.

  • rootkit
    rootkit ✭✭✭
    The Bitdefender holds the threat while scanning but not in a proper way, because even then the detected threats can become active and are therefore detected by RTP and thus display in the scan logs “failed to perform action (object was not found)” in the end of scan task, which happen sometimes so silently and hiddenly in the previous versions (not sure about 2012) that there was neither any pop-up appear nor indication in the logs for that threat even if they were detected by RTP. So the scan task environment can not restrict the detected threats activity and thus RTP come into play in such situations. This is the real bug of the Scan Task. In my opinion the detected threats during scan task should be kept in the environment which denies accesses to all processes and executions even to RTP.


    Hi :)


    The On-Access is acting normal in a standard malware-antivirus "relationship" :D


    If the file is caught in memory, the action is instant, why should it wait for the On-Demand task to finish?


    Malware can have different components and behavior. When it is discovered bu the On-Access module, the action is instant, as it should be.


    Take care.

  • Actually I want to say that when the infection is detected during the scan task, it should be under the custody or responsibility of scan task and not of the RTP.

  • rootkit
    rootkit ✭✭✭

    Hi :)


    The action will be taken by the On-Access module only if an external resource(like Explorer or other software) is accessing that location and the files are scanned by the Real Time Protection.


    If not, you can take the actions at the end.


    Take care.

  • You said that the action will be taken by the On-Access module only if an external resource (like Explorer or other software) is accessing that location and the files are scanned by the Real Time Protection. And my concern is that the any access to the infection found during Scan Task by the external resource or whatever it is, should be blocked or denied for RTP also and RTP should not scan and control it and the user then have to take action at the end of scan. But only that particular accessed of the external source is blocked by RTP and the target which is infection, is handled by Scan Task.


    What I understand with your replies is, I have a scenario that I have run a Scan Task and there are multiple infections in the PC, whenever any infected file is scanned by Scan Task, since it is accessed by Scan Task so also the On-Access or Real Time Protection come into play at that moment and the infected file is detected by both Scan Task and RTP simultaneously, but RTP have priority over the Scan Task for taking action and it just perform and it should happen for every similar infection type. Am I right?

  • rootkit
    rootkit ✭✭✭

    Hi :)


    The RTP will always have top priority. An on demand task is user dependent, the RTP protects automatically the PC and has to move really fast.


    Everyone in this world will want the threat eliminated immediately, rather than wait 2-3 hours for the scan to finish.


    If the threat is discovered in the same time by RTP and the On-Demand Scan, the RTP will take the proper actions first.


    Take care.

  • Hi Christian


    With reference to the post


    https://my.bitdefender.com/en_us/my/?lang=e...6cefc071b00003a


    I want to say that "display the list of infections found during scan not at the end of the scan and I am not talking about the action which are taken at the end of scan.


    In this whole post I am talking on the action taken during scan and not about viewing the infection during scan. Hope this will become clear to you now. I think Eset has the similar feature I requested on the Beta Feedback.

  • rootkit
    rootkit ✭✭✭
    edited June 2012

    Hello ONT :)


    Thank you for your feedback!


    Actually, I redirected you to this topic because the discussion will continue over here.


    As you can see, the Scan process window is not that big and putting there all the detected files during the scan(think about how it will look with over 200 infected files) will force us to put there a scroll bar and that doesn't look that great in that window.


    For now, the list of infections and the action for them will remain for the end of scan window.


    Have a great weekend!

  • Hello ONT :)


    Thank you for your feedback!


    Actually, I redirected you to this topic because the discussion will continue over here.


    As you can see, the Scan process window is not that big and putting there all the detected files during the scan(think about how it will look with over 200 infected files) will force us to put there a scroll bar and that doesn't look that great in that window.


    For now, the list of infections and the action for them will remain for the end of scan window.


    Have a great weekend!


    Why doesn't it look great? I don't think so, the scroll bar does not look odd, it will be informative for users. I will be keen to know whats going on during scan process in Real Time.


    Your product should not be so much Silent :rolleyes:

  • rootkit
    rootkit ✭✭✭
    edited July 2012

    Hello :)


    We will see what can be done in Bitdefender 2013 with User Mode.


    Take care.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited July 2012
    Hello :)


    We will see what can be done in Bitdefender 2013 with User Mode.


    Take care.


    So what changes/improvements have been made to the User Mode in the 2013 version considering above discussion.

  • rootkit
    rootkit ✭✭✭

    Hi ONT :)


    The module is a lot flexible that the one from Bitdefender 2012.


    We will try to improve it for those that want a more interactive product.


    I will post here when I have more details.


    Take care.

  • Everyone in this world will want the threat eliminated immediately, rather than wait 2-3 hours for the scan to finish.


    Take care.


    By the way I am also talking the same but for all the Scan Tasks along with the RTP.

  • rootkit
    rootkit ✭✭✭
    edited July 2012

    Hello :)


    I talked to my colleagues about this request and it won't be implemented in the product because it pretty annoying to take actions for each files.


    I already explained the process in my other posts from this topic.


    Thank you in advance for understanding and for your feedback!


    Take care.

This discussion has been closed.