Scans Encrypted Files
I'm trying out BD Internet Security 2008 and like it, but I find that it doesn't mark my password-protected data files and archives as such; it goes ahead and scans them, apparently. The number of files scanned in a directory seems to match the number including encrypted ones. The files are encrypted by various programs.
On the initial scan during installation of BD, a number of files under Norton SystemWorks CleanSweep were marked as password-protected, for reasons which others may understand (I don't).
What might explain BD's ignoring the encryption of files?
Comments
-
I thouht this would work:
But my scan produced this log:
BitDefender Log File !!!!!
Product : BitDefender Antivirus 2008
Version : BitDefender UIScanner v.11
Log date : 10:11:59 05/07/2008
Log path : C:\Documents and Settings\LL\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1215267119_1_02.xml
Scan Paths:Path0000: F:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : Move to Quarantine
Default action for hidden objects : Move to Quarantine
Scan engines summary
Number of virus signatures : 1345248
Archive plugins : 42
Email plugins : 6
Scan plugins : 12
Archive plugins : 42
System plugins : 4
Unpack plugins : 7
Overall scan summary
Scanned items : 30790
Infected items : 0
Suspicious items : 0
Resolved items : 0
Individual viruses found : 0
Scanned directories : 3813
Scanned boot sectors : 40
Scanned archives : 573
Input-output errors : 0
Scan time : 00:00:10:57
Files per second : 46
Scanned processes summary
Scanned : 37
Infected : 0
Scanned registry keys summary
Scanned : 408
Infected : 0
Scanned cookies summary
Scanned : 0
Infected : 0
Remaining issues:Object Name Threat Name Final Status
Resolved issues:Object Name Threat Name Final Status
Objects that were not scanned: Object Name Reason Final Status
F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12139.zip=]DBXtract.exe Password-Protected No action was possible
F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12139.zip=]DBXtract50.htm Password-Protected No action was possible
F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12176.zip=]DBXtract.exe Password-Protected No action was possible
F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12176.zip=]DBXtract50.htm Password-Protected No action was possible
so either Exceptions doesnt work or I dont understand something like the scope of those Exceptions. I dont know what a 'packed' file is (I know it isnt an archive) either but I do know 'email scans' refer to when they r d/l from server & r redundant if u have real time(on access) scanner on since they'll be scanned when ur Email app(OE,OX,..) opens them.
Any & all comments/suggestions are welcome.
HTH-Larry0 -
I'm trying out BD Internet Security 2008 and like it, but I find that it doesn't mark my password-protected data files and archives as such; it goes ahead and scans them, apparently. The number of files scanned in a directory seems to match the number including encrypted ones. The files are encrypted by various programs.
On the initial scan during installation of BD, a number of files under Norton SystemWorks CleanSweep were marked as password-protected, for reasons which others may understand (I don't).
What might explain BD's ignoring the encryption of files?
Encrypted & password protected r 2 different things- latter is like a safe & pig latin is analagous to 1st ( WW2 enigma code did encrypt & was broken by Allies)
So u can do both.
HTH-Larry0 -
You say that BD scans the password protected files. Well...the scan log that you posted states otherwise (I market with BLUE the part that clearly states that the protected items were skipped):
Objects that were not scanned: Object Name Reason Final Status
F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12139.zip=]DBXtract.exe Password-Protected No action was possible
[...]
The password-protected situation was largely discussed here: http://forum.bitdefender.com/index.php?showtopic=3584
Cris.0 -
Cris, you've got two users mixed up. I reported that BD was either scanning password-protected files or ignoring them without flagging them. It was LarryL that posted the log, and his problem was the opposite: he didn't understand why the files were flagged as password-protected.
You say that BD scans the password protected files. Well...the scan log that you posted states otherwise (I market with BLUE the part that clearly states that the protected items were skipped):
The password-protected situation was largely discussed here: http://forum.bitdefender.com/index.php?showtopic=3584
Cris.0 -
Right, at Bletchley Park. They did great work there, but it helped that they got their hands on one of the machines.
I think you may have put your finger on the answer to my question, but I'm not entirely sure. Programs that encrypt data do require a password to open the files, so as a practical matter it's not useful to distinguish encryption from password protection. The files I'm referring to, which range from password-protected PDFs to (password-protected) archives made by a dedicated encryption program, all go unflagged by BitDefender. If that's as it should be and I just don't understand what BitDefender means by "password-protected," I can be content. However, I'd like to make sure that's the case.
Regards,
DebittoEncrypted & password protected r 2 different things- latter is like a safe & pig latin is analagous to 1st ( WW2 enigma code did encrypt & was broken by Allies)
So u can do both.
HTH-Larry0 -
OK, sorry about that. I really didn't notice that the two posts were made by different users.
Also, your question was kinda vague. But your last post sheds some light over your question.
In short, the items which BD refers to as password-protected are only files which are found inside password-protected archives (ZIP, RAR, BIN, 7z, etc....). These types of archives, normally, can be unpacked by BitDefender, and the files inside can be scanned for threats. But when that archive is protected, the files cannot be extracted without a password, therefore they cannot be scanned. So those files are marked as not scanned: password protected.
Other types of password protection (such as encrypted files, protected PDFs, encrypted customized archive formats which BD doesn't know) are not flagged as password-protected. Those files (which are not known-archive formats) are scanned by BitDefender as one individual files, regardless if they are encrypted, password-protected, or whatever.
Cris.0 -
In short, the items which BD refers to as password-protected are only files which are found inside password-protected archives (ZIP, RAR, BIN, 7z, etc....). These types of archives, normally, can be unpacked by BitDefender, and the files inside can be scanned for threats. But when that archive is protected, the files cannot be extracted without a password, therefore they cannot be scanned. So those files are marked as not scanned: password protected.
Other types of password protection (such as encrypted files, protected PDFs, encrypted customized archive formats which BD doesn't know) are not flagged as password-protected. Those files (which are not known-archive formats) are scanned by BitDefender as one individual files, regardless if they are encrypted, password-protected, or whatever.
Cris.
Well said. Perhaps Cris u could tell me what a 'packed' file is.I havent a clue.
Your help is MUCH appreciated. Thanks- bye- Larry0 -
A packed file is a file on which was used a packer. Usually, these files are executables (EXE, DLL), and the packer basically is a "on-the-fly" archiver (it makes the application smaller by compacting the code inside and, when you execute the application, it extracts the full code in memory before the actual execution).
Some advantages of packers are:
- smaller applications
- code protection (offers some degree of protection against reverse engineering)
- virus and intrusion protection (on self-unpack, the application checks itself for code modifications)
However, the packers have a downside. Because they compact and, sometimes, encrypt the code (to make it harder to be "read"), virus creators started to use packers on their creations, so even if an AV knows the actual virus, because the code is packed the threat might go on undetected. And that's why AV products must know how to unpack the files, and scan the real code inside of them. And these files show up in BitDefender as "packed files".
Other details about packers can be found on Wikipedia
Cris.0 -
Cris,
That was a very clear answer to a somewhat vague question. Thanks a lot.
Debitto0