Scans Encrypted Files

dmayo
dmayo
in General talk

I'm trying out BD Internet Security 2008 and like it, but I find that it doesn't mark my password-protected data files and archives as such; it goes ahead and scans them, apparently. The number of files scanned in a directory seems to match the number including encrypted ones. The files are encrypted by various programs.


On the initial scan during installation of BD, a number of files under Norton SystemWorks CleanSweep were marked as password-protected, for reasons which others may understand (I don't).


What might explain BD's ignoring the encryption of files?

Comments

  • ljl269x
    ljl269x


    I thouht this would work: 2hybekg.jpg


    But my scan produced this log:


    BitDefender Log File !!!!!


    Product : BitDefender Antivirus 2008


    Version : BitDefender UIScanner v.11


    Log date : 10:11:59 05/07/2008


    Log path : C:\Documents and Settings\LL\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1215267119_1_02.xml


    Scan Paths:Path0000: F:\


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : Yes


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : Yes


    Scan memory processes : Yes


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : No


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : Move to Quarantine


    Default action for hidden objects : Move to Quarantine


    Scan engines summary


    Number of virus signatures : 1345248


    Archive plugins : 42


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 42


    System plugins : 4


    Unpack plugins : 7


    Overall scan summary


    Scanned items : 30790


    Infected items : 0


    Suspicious items : 0


    Resolved items : 0


    Individual viruses found : 0


    Scanned directories : 3813


    Scanned boot sectors : 40


    Scanned archives : 573


    Input-output errors : 0


    Scan time : 00:00:10:57


    Files per second : 46


    Scanned processes summary


    Scanned : 37


    Infected : 0


    Scanned registry keys summary


    Scanned : 408


    Infected : 0


    Scanned cookies summary


    Scanned : 0


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    Resolved issues:Object Name Threat Name Final Status


    Objects that were not scanned: Object Name Reason Final Status


    F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12139.zip=]DBXtract.exe Password-Protected No action was possible


    F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12139.zip=]DBXtract50.htm Password-Protected No action was possible


    F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12176.zip=]DBXtract.exe Password-Protected No action was possible


    F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12176.zip=]DBXtract50.htm Password-Protected No action was possible


    so either Exceptions doesnt work or I dont understand something like the scope of those Exceptions. I dont know what a 'packed' file is (I know it isnt an archive) either but I do know 'email scans' refer to when they r d/l from server & r redundant if u have real time(on access) scanner on since they'll be scanned when ur Email app(OE,OX,..) opens them.


    Any & all comments/suggestions are welcome.


    HTH-Larry

  • ljl269x
    ljl269x
    I'm trying out BD Internet Security 2008 and like it, but I find that it doesn't mark my password-protected data files and archives as such; it goes ahead and scans them, apparently. The number of files scanned in a directory seems to match the number including encrypted ones. The files are encrypted by various programs.


    On the initial scan during installation of BD, a number of files under Norton SystemWorks CleanSweep were marked as password-protected, for reasons which others may understand (I don't).


    What might explain BD's ignoring the encryption of files?


    Encrypted & password protected r 2 different things- latter is like a safe & pig latin is analagous to 1st ( WW2 enigma code did encrypt & was broken by Allies)


    So u can do both.


    HTH-Larry

  • alexcrist
    alexcrist

    You say that BD scans the password protected files. Well...the scan log that you posted states otherwise (I market with BLUE the part that clearly states that the protected items were skipped):



    Objects that were not scanned: Object Name Reason Final Status


    F:\RECYCLER\S-1-5-21-3936860944-2075014391-284059253-1005\Df12139.zip=]DBXtract.exe Password-Protected No action was possible


    [...]


    The password-protected situation was largely discussed here: http://forum.bitdefender.com/index.php?showtopic=3584


    Cris.

  • dmayo
    dmayo

    Cris, you've got two users mixed up. I reported that BD was either scanning password-protected files or ignoring them without flagging them. It was LarryL that posted the log, and his problem was the opposite: he didn't understand why the files were flagged as password-protected.


    You say that BD scans the password protected files. Well...the scan log that you posted states otherwise (I market with BLUE the part that clearly states that the protected items were skipped):


    The password-protected situation was largely discussed here: http://forum.bitdefender.com/index.php?showtopic=3584


    Cris.

  • dmayo
    dmayo

    Right, at Bletchley Park. They did great work there, but it helped that they got their hands on one of the machines.


    I think you may have put your finger on the answer to my question, but I'm not entirely sure. Programs that encrypt data do require a password to open the files, so as a practical matter it's not useful to distinguish encryption from password protection. The files I'm referring to, which range from password-protected PDFs to (password-protected) archives made by a dedicated encryption program, all go unflagged by BitDefender. If that's as it should be and I just don't understand what BitDefender means by "password-protected," I can be content. However, I'd like to make sure that's the case.


    Regards,


    Debitto


    Encrypted & password protected r 2 different things- latter is like a safe & pig latin is analagous to 1st ( WW2 enigma code did encrypt & was broken by Allies)


    So u can do both.


    HTH-Larry

  • alexcrist
    alexcrist
    edited July 2008

    OK, sorry about that. I really didn't notice that the two posts were made by different users.


    Also, your question was kinda vague. But your last post sheds some light over your question.


    In short, the items which BD refers to as password-protected are only files which are found inside password-protected archives (ZIP, RAR, BIN, 7z, etc....). These types of archives, normally, can be unpacked by BitDefender, and the files inside can be scanned for threats. But when that archive is protected, the files cannot be extracted without a password, therefore they cannot be scanned. So those files are marked as not scanned: password protected.


    Other types of password protection (such as encrypted files, protected PDFs, encrypted customized archive formats which BD doesn't know) are not flagged as password-protected. Those files (which are not known-archive formats) are scanned by BitDefender as one individual files, regardless if they are encrypted, password-protected, or whatever.


    Cris.

  • ljl269x
    ljl269x
    In short, the items which BD refers to as password-protected are only files which are found inside password-protected archives (ZIP, RAR, BIN, 7z, etc....). These types of archives, normally, can be unpacked by BitDefender, and the files inside can be scanned for threats. But when that archive is protected, the files cannot be extracted without a password, therefore they cannot be scanned. So those files are marked as not scanned: password protected.


    Other types of password protection (such as encrypted files, protected PDFs, encrypted customized archive formats which BD doesn't know) are not flagged as password-protected. Those files (which are not known-archive formats) are scanned by BitDefender as one individual files, regardless if they are encrypted, password-protected, or whatever.


    Cris.


    Well said. Perhaps Cris u could tell me what a 'packed' file is.I havent a clue.


    Your help is MUCH appreciated. Thanks- bye- Larry

  • alexcrist
    alexcrist
    edited July 2008

    A packed file is a file on which was used a packer. Usually, these files are executables (EXE, DLL), and the packer basically is a "on-the-fly" archiver (it makes the application smaller by compacting the code inside and, when you execute the application, it extracts the full code in memory before the actual execution).


    Some advantages of packers are:


    - smaller applications


    - code protection (offers some degree of protection against reverse engineering)


    - virus and intrusion protection (on self-unpack, the application checks itself for code modifications)


    However, the packers have a downside. Because they compact and, sometimes, encrypt the code (to make it harder to be "read"), virus creators started to use packers on their creations, so even if an AV knows the actual virus, because the code is packed the threat might go on undetected. And that's why AV products must know how to unpack the files, and scan the real code inside of them. And these files show up in BitDefender as "packed files". :)


    Other details about packers can be found on Wikipedia ;)


    Cris.

  • dmayo
    dmayo

    Cris,


    That was a very clear answer to a somewhat vague question. Thanks a lot.


    Debitto

All Time Leaders

Categories

Defenders of the month