A few cons with Full Scan (and one pro)

DIVERSE
DIVERSE ✭✭✭

Preamble

I apparently went over the word limit (actually, the character limit) in drafting this, so I've split it into a few posts.

Background

Idly clicking around with my mouse on my computer (much like a monkey randomly banging on a keyboard hoping to produce a Shakespearean masterpiece), I happened to click on the System Scan icon within the Dashboard of Bitdefender Internet Security ("BIS"). It turns out that this does a 'full' scan of the system — all files.

The scan starts (practically) immediately following a single left-click of the mouse on the icon. There is no confirmation or prior warning that files may be irretrievably deleted (apparently old versions of the software — circa 2007! — did pop up a warning beforehand). I have a neutral stance on this, depending on the other factors.

As the scan ran, 57 files were automatically & immediately deleted, because BIS detected security threats in them.

Another 13 files were flagged as dangerous at the end of the scan, but had not been deleted because they were contained within archives from which the constituent file could not be disinfected, so that the only options were to delete the entire archive or ignore the purported problem. Ideally BIS should have also offered an option to selectively quarantine those archives. In any case, after reviewing the files, I opted to delete 1 and retain the other 12.

I suspect that 4 of the automatically deleted files (probably 4 copies of the identical file) were deleted as a consequence of false positive detections. Specifically, they were reported to infections of ...\Solution1\ClassLibrary1\bin\Debug\ClassLibrary1.exe and ...\Solution1\ClassLibrary1\obj\Debug\ClassLibrary1.exe with Gen:Variant.Bulz.179246 . Those EXE files seem to have been created circa 2002, and broadly fit with the description of another user: "Bitdefender suddenly detected a code exe file infected which was created a long time ago". I would not be overly critical of the occurrence of false positives occasionally.

I am running Bitdefender Internet Security build 27.0.18.96 on Windows 8.1 (64-bit).

Comments

  • DIVERSE
    DIVERSE ✭✭✭
    edited September 2023

    Files gone forever

    My larger concern is that not only was there no warning that the files would be deleted, but it seems to be impossible to undelete the files — they don't go to the Recycle Bin or quarantine; rather, they are permanently deleted.

    Functionality to undo the deletion of files has been requested before.

    That would also be necessary in order to be able to use alternative tools, like VirusTotal, to assess whether this was indeed a case of false positive detection.

    Strictly speaking, if the files can be undeleted, maybe it means that they were actually quarantined, rather than being truly "deleted".

    In my case, I think I would have copies of the file(s) on my backup HDD's. Although I wouldn't want to plug those HDD's in only for BIS to wipe the backup copies too!

  • DIVERSE
    DIVERSE ✭✭✭
    edited September 2023

    Settings not user-friendly

    One hypothetical justification for not warning the user of the impending permanent file deletions would be that "The setting is obvious to the user". I do not believe that such a justification can reasonably be applied in the case of BIS, due to the user-unfriendly nature of the settings interface, in combination with the relatively deep hierarchy to access the relevant setting.

    IMHO, natural places for the user to look to discover and/or change the setting would be under the ... Settings icon of BIS. Strangely, there's nothing relevant there.

    Another possibility might be to right-click on the relevant icon in the Dashboard (in this case, the System Scan icon). Or perhaps to click on a little sub-icon within the main icon (like the little pencil icon that appears upon hovering). But apparently that functionality isn't available in BIS.

    So where could it be?

    In the log (see screenshot above) I can see that a Primary action and a Secondary action are specified somewhere. (There should also be a clarification of what Primary action and a Secondary action mean, and how they relate to the user configurable settings.)

    How about under Utilities? No. Keep looking.

    Finally, by process of elimination, one looks under Protection Features. There is no System Scan listed. Perhaps Antivirus is relevant, but where to configure it, or change the settings?!? There is only a link saying Open: surely that will run the antivirus scan, won't it? No, it turns out that leads to a set of three tabs: Scans, Settings, and Advanced.

    Scans allows the user to selectively run scans, such as System Scan. So it would seem the relevant configuration is likely to be achievable under the Settings tab. No, wrong again!

    Finally it is found under the Advanced tab. (Advanced settings might be a more apt name, if this is to remain a separate tab.)

    Now, it might seem that the problems are at an end. But, as flagged above, the mapping of Threat actions setting to the a Primary action mentioned above seemly like it could be made clearer, and there's no obvious way to set the a Secondary action here.

    Another irritation was that the Advanced tab was not scrollable with the mouse wheel until after clicking within it (to give it focus?). Clicking within the tab should not be necessary, and many users would try to avoid this, lest they inadvertently affect some setting.

  • DIVERSE
    DIVERSE ✭✭✭
    edited September 2023

    One piece of good news ...and another head-scratcher

    Amongst all of this I was pleased with the speed of the scan.

    Back on 11 December 2018 I ran a full system scan with Kaspersky Internet Security. It took somewhere between 16 and 19 hours to scan 6.7 million "files" (as counted by KIS).

    Then over the past few days (pressing Pause a few times, which stops the scan and the timer) I ran a full system scan with Bitdefender Internet Security. It took almost 19 hours to scan 11.2 million "files" (as counted by BIS).

    Obviously the files have changed somewhat over the past ~5 years. I guess at roughly 5.5 million unchanged, 1.0 million deleted, 0.2 million modified, and 5.5 million new.

    But — bottom line — on the same laptop*, BIS was significantly faster than KIS.

    * Same HDD. Same OS. RAM was doubled (from 8 GB to 16 GB), but generally I wasn't actively using the computer while either scan was running.

    (Possibly this could be affected by details in the settings of KIS and/or BIS, such as in the rigour with which files were scanned. For example, I think KIS was configured to include scanning based on heuristics. On the other hand, BIS appears to be configured to not Scan archives; yet it definitely scanned some archives, because it asked me what to do about some of them, and the log shows that Scanned archives = 166994! So what does the Scan archives setting actually do? is the Scan archives setting just completely ignored?? Or is it somehow superseded/overruled by the Ignore archives greater than setting??)


    P.S. FWIW, the above results of KIS scanning had been posted online back in 2018. But, sadly, all of the old forum posts were wiped by Kaspersky.