BD Episode 2: The Return of the Forced Scans
Some of you may be aware of the forced drive scans which plagued the client in early 2021. Scans would run one hour after every time you booted up your system and would go through reading all your drives and files using up CPU and thrashing physical drives (100% usage). These scans also completely ignored any exception settings you may have setup.
A few days ago, I noticed the behaviour had returned (ironically just a few days after BD informed me they were finally closing the original tickets from 2021). But BD had learnt from its past failures and this time the scans begin immediately the system boots into windows. The old tricks of using the ‘offline disk’ command to hide drives so they don’t get scanned no longer worked. The drives were immediately in use by BD and the command could not unmount drives when the scan had already begun. There was no way to stop the scans this time. The Empire (I mean BD) had won?
We are your overlords! Your system will be thrashed to within an inch of its life on start-up and you will like it! ?
The first scan I noticed, I shut down my computer mid-way and physically unplugged the drives I didn’t want scanned. After booting up all the remaining solid-state drives were scanned and I hoped that would be the end of it. Maybe it was just a one-off. But no, I’ve seen the scan run twice since then. Not on every boot up though, so perhaps it is on some kind of timer this time around.
NB: The sound of my 3 mechanical drives being thrashed is why I tend to notice this where others with only solid-state drives might not. My OS and programs run off the solid-state drives and I use the mechanical drives purely for data storage. They spend most of their life idle and when they spin up, I often have a look to see why and what is accessing them if it wasn’t a direct action on my part.
Why dont the BD developers understand that there are customers that want the real-time protection but want to run scans when they want to and not have them forced upon them?
The first time around it took over 4 months to get these forced scans removed from the client. Almost 3 months of that I was treated as if I was an idiot and my system had something wrong with it. Eventually being offered a reward by BD for identifying the issue with the client by the end of things. I’m not keen to spend another 4 months fighting BD support into acknowledging this is actually occurring. Please just fix whatever you recently changed.
Only run full system scans when the customer wishes them to occur. If there is some new vulnerability which makes you feel there should be a full scan of customer systems (this was the reasoning for the 2021 forced scans, log4j – in that case). How about adding a popup in the system try letting the customer know what yo are doing? I would much rather see a popup like that then the annoying popups prompting me to save all my passwords with you that keep appearing recently.
And just run the scan once (ONCE!) and let the real-time protection handle things after that. What is this obsession with forcing scans on customers every day or every boot over and over for the same thing?
I plan to investigate further and I will post back here if am able to add more information behind the behaviour of these new forced scans. Initially they look very similar to the ones last year, just triggering earlier after system start-up.
Internet Security (Paid), Windows10 Pro64, Ryzen7 5800X, 32GB RAM, RTX3070, 5 internal storage drives, 2x ext hot-swap drives