Rescue Mode
I would like to have access to edit the registry, bitdefender can remove the virus, which locks the system, but the modification in the registry can disable loading user profiles. Editing the registry can correct the situation.
Comments
-
Here's an example, just made this test. The system is locked, bitdefender scan revealed no problems.
Boot a recovery disk from Kaspersky Lab.
Start the registry editor, and find a virus that does not boot profile.
Edit the registry and loaded into the system.
Now the virus can be sent to labs bitdefender, to add to the base. I agree that this should be done advanced users, but can you go to meet us?0 -
Registry scanning and cleanup from the rescue mode and rescue CD environments is work in progress, but it won't be available to end-users to manually change things. An ETA was set to 'when it's done', since any improper action in this case can easily cause more harm than good.
It would appear that the sample is undetected, and at the moment realtime blocking is the only safe action. If you can, please provide a hash or sample.
Thank you.0 -
The damage has already been done by a virus, will not be worse)) and the sample I sent through the form.
http://www.bitdefender.com/site/Defense/fileSubmission
And why you do not agree to the Kaspersky Lab? they trust the users, or is it only in Russia?))0 -
Not necessarily.
Strictly speaking, if such samples were detected at the moment and removed without their registry entries, clients would be locked out.
We can pick up and clean traces of an infection if the infection is still there, but it is not up to an antivirus product to correct random invalid registry entries like winlogon paths. This applies just as well to previously cleaned infections that did not correct paths.
When saying it will not be available to clients I was referring to automatic registry cleanup.
Inclusion of a separate registry editor has nothing to do with trust. You simply cannot except users to know what the problem is, and then expect them to correct it themselves. Users who do know what to do probably have tools available to do so.0 -
........... I agree that this should be done advanced users, but can you go to meet us?........... And why you do not agree to the Kaspersky Lab? they trust the users, or is it only in Russia?))
Hi Rampant
Why you forget that this is a world of novice users, the era of trust worthy Advanced users is over. They have not implemented the very fundamental feature in Normal Mode in their esteemed products while you are asking for more complicated features to be implemented in Rescue Mode...... Just re-view the Feature request sub-forum, all our request are just cloned to the new location (and will hopefully continue to clone 20xx version) , but there are no chances and signs of implementation of any of the feature suggested.0 -
The damage has already been done by a virus, will not be worse
I believe I have not properly addressed this. There are two completely different things here.
Rampant posted about a sample that is not detected and mentioned that we are not offering a registry editor as part of Rescue Mode.
My opinion, and that of many of my colleagues, is that this should not be left to the user, but fixed on clean, as it happens while Windows is running. This specific thing is work in progress.
Without removing that, most novice users and, I believe I can safely assume, a large number of people considering themselves advanced users, would find that their system is not booting up properly after cleanup.
This is not to say that advanced users wouldn't know how to fix a problem. It just means a large number of them would find themselves searching for removed filenames in the registry, and that is not very productive. I hold that an advanced user can use a third-party tool for this, especially after noticing that no detection was picked up by the scanner.
If they do decide to include a registry editor in the Rescue Mode or Rescue CD, you'll probably see it there at some point.
On the other hand, I really see no need for one in normal mode.0 -
.......Without removing that, most novice users and, I believe I can safely assume, a large number of people considering themselves advanced users, would find that their system is not booting up properly after cleanup.
This is not to say that advanced users wouldn't know how to fix a problem. It just means a large number of them would find themselves searching for removed filenames in the registry, and that is not very productive. .......
What about the Roll-back option in case of any mistake?
Its good to enhance the cleaning routine to remove infection and all its traces and revert the damages made. What about the time frame in case of integrating the new routine while the advance user wants to clean the infection on the spot on urgent basis?0 -
While I understand your point of view, the two things are completely unrelated. The team working on enhancing cleanup to cover offline disinfection is not targeting a split product, nor would they be able to release it in a time-frame convenient to clients.
What I can say is that this support will not target individual routines. To the extent possible, this should, in the end, work for all cleanups done on a system.
I'll leave it to a colleague in support to post if inclusion of a separate editor will happen or not, as indicated by product teams.0 -
That's right, Catalin, I know a lot of ways to restore the system boot, I have a lot of specialized tools, I am an administrator security forum, I have a private practice in solving problems with the computer, but still I am a long-time user of products bitdefender, and if I delete all of its programs, and leave only your products, but that will all solutions to protect and restore the damaged systems, I'll tell you a huge thank you) I apologize for the bad English.
0 -
-
Would something similar to RegShot be what you are requesting to be implemented into the program?
-http://sourceforge.net/projects/regshot/
This does a before and after snapshot of your registry and allows you to compare differences made whether it be an install, uninstall, or malware infection.
I really, really like this idea but, as stated, could be harmful in the wrong hands.
You and ONT always come up with great ideas.0 -
..... could be harmful in the wrong hands.....
When someone don't want to implement such feature, its an excellent excuse .
And many thanks for your kind words for me.0