A few cons with Full Scan (and one pro)
Preamble
I apparently went over the word limit (actually, the character limit) in drafting this, so I've split it into a few posts.
Background
Idly clicking around with my mouse on my computer (much like a monkey randomly banging on a keyboard hoping to produce a Shakespearean masterpiece), I happened to click on the System Scan
icon within the Dashboard of Bitdefender Internet Security ("BIS"). It turns out that this does a 'full' scan of the system — all files.
The scan starts (practically) immediately following a single left-click of the mouse on the icon. There is no confirmation or prior warning that files may be irretrievably deleted (apparently old versions of the software — circa 2007! — did pop up a warning beforehand). I have a neutral stance on this, depending on the other factors.
As the scan ran, 57 files were automatically & immediately deleted, because BIS detected security threats in them.
Another 13 files were flagged as dangerous at the end of the scan, but had not been deleted because they were contained within archives from which the constituent file could not be disinfected, so that the only options were to delete the entire archive or ignore the purported problem. Ideally BIS should have also offered an option to selectively quarantine those archives. In any case, after reviewing the files, I opted to delete 1 and retain the other 12.
I suspect that 4 of the automatically deleted files (probably 4 copies of the identical file) were deleted as a consequence of false positive detections. Specifically, they were reported to infections of ...\Solution1\ClassLibrary1\bin\Debug\ClassLibrary1.exe
and ...\Solution1\ClassLibrary1\obj\Debug\ClassLibrary1.exe
with Gen:Variant.Bulz.179246 . Those EXE files seem to have been created circa 2002, and broadly fit with the description of another user: "Bitdefender suddenly detected a code exe file infected which was created a long time ago". I would not be overly critical of the occurrence of false positives occasionally.
I am running Bitdefender Internet Security build 27.0.18.96 on Windows 8.1 (64-bit).
Comments
-
Files gone forever
My larger concern is that not only was there no warning that the files would be deleted, but it seems to be impossible to undelete the files — they don't go to the Recycle Bin or quarantine; rather, they are permanently deleted.
Functionality to undo the deletion of files has been requested before.
- A simple Undo + Whitelist function will be amazing
- False Positives Using Bitdefender [Online] Scanner, I Need To Restore Them Please Help
That would also be necessary in order to be able to use alternative tools, like VirusTotal, to assess whether this was indeed a case of false positive detection.
Strictly speaking, if the files can be undeleted, maybe it means that they were actually quarantined, rather than being truly "deleted".
In my case, I think I would have copies of the file(s) on my backup HDD's. Although I wouldn't want to plug those HDD's in only for BIS to wipe the backup copies too!
1 -
Settings not user-friendly
One hypothetical justification for not warning the user of the impending permanent file deletions would be that "The setting is obvious to the user". I do not believe that such a justification can reasonably be applied in the case of BIS, due to the user-unfriendly nature of the settings interface, in combination with the relatively deep hierarchy to access the relevant setting.
IMHO, natural places for the user to look to discover and/or change the setting would be under the ...
Settings
icon of BIS. Strangely, there's nothing relevant there.Another possibility might be to right-click on the relevant icon in the Dashboard (in this case, the
System Scan
icon). Or perhaps to click on a little sub-icon within the main icon (like the little pencil icon that appears upon hovering). But apparently that functionality isn't available in BIS.So where could it be?
In the log (see screenshot above) I can see that a
Primary action
and aSecondary action
are specified somewhere. (There should also be a clarification of whatPrimary action
and aSecondary action
mean, and how they relate to the user configurable settings.)How about under
Utilities
? No. Keep looking.Finally, by process of elimination, one looks under
Protection Features
. There is noSystem Scan
listed. Perhaps Antivirus is relevant, but where to configure it, or change the settings?!? There is only a link sayingOpen
: surely that will run the antivirus scan, won't it? No, it turns out that leads to a set of three tabs:Scans
,Settings
, andAdvanced
.Scans
allows the user to selectively run scans, such asSystem Scan
. So it would seem the relevant configuration is likely to be achievable under theSettings
tab. No, wrong again!Finally it is found under the
Advanced
tab. (Advanced settings
might be a more apt name, if this is to remain a separate tab.)Now, it might seem that the problems are at an end. But, as flagged above, the mapping of
Threat actions
setting to the aPrimary action
mentioned above seemly like it could be made clearer, and there's no obvious way to set the aSecondary action
here.Another irritation was that the
Advanced
tab was not scrollable with the mouse wheel until after clicking within it (to give it focus?). Clicking within the tab should not be necessary, and many users would try to avoid this, lest they inadvertently affect some setting.1 -
One piece of good news ...and another head-scratcher
Amongst all of this I was pleased with the speed of the scan.
Back on 11 December 2018 I ran a full system scan with Kaspersky Internet Security. It took somewhere between 16 and 19 hours to scan 6.7 million "files" (as counted by KIS).
Then over the past few days (pressing
Pause
a few times, which stops the scan and the timer) I ran a full system scan with Bitdefender Internet Security. It took almost 19 hours to scan 11.2 million "files" (as counted by BIS).Obviously the files have changed somewhat over the past ~5 years. I guess at roughly 5.5 million unchanged, 1.0 million deleted, 0.2 million modified, and 5.5 million new.
But — bottom line — on the same laptop*, BIS was significantly faster than KIS.
* Same HDD. Same OS. RAM was doubled (from 8 GB to 16 GB), but generally I wasn't actively using the computer while either scan was running.
(Possibly this could be affected by details in the settings of KIS and/or BIS, such as in the rigour with which files were scanned. For example, I think KIS was configured to include scanning based on heuristics. On the other hand, BIS appears to be configured to not
Scan archives
; yet it definitely scanned some archives, because it asked me what to do about some of them, and the log shows thatScanned archives
=166994
! So what does theScan archives
setting actually do? is theScan archives
setting just completely ignored?? Or is it somehow superseded/overruled by theIgnore archives greater than
setting??)P.S. FWIW, the above results of KIS scanning had been posted online back in 2018. But, sadly, all of the old forum posts were wiped by Kaspersky.
1