Bdts 2010 Problems/help

A couple of questions i need to ask:


1) After scanning, sometimes BDTS 2010 asks to "choose an action" for the infected file.


But both the "choose an action" select boxes do not respond!


So i have to exit the scan without the virus being removed!


2) Please explain in which scans does the exclusions configured work.


It seems that exclusions configured are working only for system scans.


How can i configure it for contextual scan?


Also does the scanning time reduce due to the exclusions?


Which extensions are safe to be excluded?


In quick system scan log some scanned extensions and excluded extensions match! How can that be?


3) How can i know the description or threat level of the virus detected?


Any help would be appreciated !!

Comments

  • Hello kunalkoool,


    1) Please attach a scan log of a scan in which this situation occured. Also, what do you mean by "do not respond"? Does BitDefender freeze, or it just can't take the selected action?


    2) As far as I know, the Exclusions were designed to work only for Realtime/On-Demand System scans (depending on your Exclusion options). Contextual scans don't exclude any files.


    Exclusion make scans run faster, because it forces the BitDefender engine to skip certain files from scan. However, you have to be very careful which files you exclude, because one excluded, they could damage your system if they become infected (as BitDefender will completely ignore them, even if it could detect the threat).


    As far as "which extensions are safe to exclude", the most basic answer is none. Malware can take any form and don't depend on the file name or extension. If you have any particular strong reason why you want an extension to be excluded, then BitDefender offers you this option. But my personal advice is to NOT exclude any extensions.


    As for "scanned extensions and excluded extensions match!", please attach a log from such a scan.


    3) You can search the threat name in BitDefender Virus Encyclopedia. However, due to the incredibly large quantity of malware received and processed daily, assessing the threat level and providing descriptions for every detection is humanly impossible and BitDefender prefers using the time in analysing new samples and adding detection as fast as possible for new threats, and descriptions are written in the database only for threats that pose a higher risk.


    Cris.

  • 1) 'Do not respond' means nothing happens when i click on either of 'choose an action' select boxes, Bitdefender does not freeze. It happens every time when i have to manually select an action to remove detected viruses.(Though only 2 to 3 times i had to manually select)


    I am posting a recent log where 'choose an action' drop down box didnt work.


    2) One of the main reasons I use excluded extensions is because of docs(java) folder which contains huge number of files, mainly .class files. More than half of the time is wasted there.


    I thought exclusions can be configured for contextual scans because the log files show


    Excluded extensions: not configured


    3) I am also posting log where some scanned extensions and excluded extensions matched.


    I have attached .xml files. If it does not work i can give u screenshots.

    /applications/core/interface/file/attachment.php?id=5605" data-fileid="5605" rel="">Log_where_choose_an_action_didnt_work.xml

    /applications/core/interface/file/attachment.php?id=5606" data-fileid="5606" rel="">Scanned_ext_and_excluded_ext_matches.xml

  • alexcrist
    alexcrist
    edited October 2009

    Please follow these steps:


    1. Temporarily disable BitDefender Realtime Protection (you can leave the Firewall and other modules enabled)
    2. Open Explorer and type in the Address Bar this path:
      D:\System Volume Information\_restore{96715F35-1A33-4087-A38C-5419BFB349B9}\RP139\
      and press Enter.
    3. Find the file named A0181517.exe (WARNING! Do NOT open that file, as it might be infected)
    4. put that file in a password-protected archive, with the password infected
    5. Upload the archive on www.sendspace.com and post here the download link.
    6. Re-enable BitDefender Realtime Protection


    2) As I said, it's not a good idea to exclude extensions from scanning, especially since you are talking about high-risk executable files (such as .class). If you need to exclude something, exclude the folder you're working in, as those files have a low chance of being malware.


    3) About the second log you attached, I will post more info when I have it.


    Cris.

  • 1) I was worried when no action could be taken on the detected virus......


    So i deleted the file manually at that time.


    Well you didnt explain why 'choose an action' didnt work.


    I also told that 'choose an action' didnt work previously for some other scans.(I dont have those logs)

  • Well you didnt explain why 'choose an action' didnt work.


    I needed that file so I can test it in the same conditions as you. It's not normal for that action-list not to work, and if we don't have a specific case to test with, we can't give an explanation.


    If it happens again, please send me the file.


    About scanned/excluded extensions, please post what extensions did you define as excluded and/or to be scanned (in the Exclusions tab and in the scan task properties).


    Cris.

  • I can only configure extensions to be excluded but not configure extensions to be scanned.


    If BDTS 2010 can configure extensions to be scanned then tell me so.


    I dont remember exactly which extensions i excluded before that scan but


    as of now i have defined the following extensions to be excluded:-


    3gp,avi,class,cpp,doc,docx,gif,htm,html,jar,java,javax,jpeg,jpg,mp3,mp4,mpg,shtm


    l,txt,wav,xml

  • alexcrist
    alexcrist
    edited October 2009

    You can define a list of extensions to be scanned by going to Antivirus -> Virus scan, right click on the task you want and choose Properties. Then click Custom and edit this option:


    post-60-1255155347_thumb.jpg


    Let me know if there are any extensions defined there.


    When you add extensions there, it means that only those extensions will be scanned (other extensions will be ignored).


    Also, by default, all scan tasks are set to Scan all files.


    Cris.

  • Thanks for letting me know about the scanned extensions.


    Can u tell the most common virus extensions so that i can define a fast scan.


    Earlier you told that Exclusions were designed to work only for Realtime/On-Demand System scans.


    Do On-Demand System scans include user defined tasks and cloned tasks? (besides deep system scan,system scan,quick system scan and auto logon scan)


    Will there be any conflict if i configure scanned extensions and excluded extensions?

  • alexcrist
    alexcrist
    edited October 2009

    Malware files are almost always executable files, so their filetypes include (but not limited to): exe, scr, bin, com, class, cmd, bat, swf.


    BitDefender already has a predefined (longer) list of executable filetyes. To use it, in the Custom settings of a task select Scan program files only.


    However, this option might drop a lot the detection rate, and I highly advise that you do NOT use it for Realtime Protection (realtime protection has a similar setting, but it's independent of the options you choose in OnDemand tasks).


    Basically, filetyes are only informative, so the system knows what to do when the user double-click a file. But if a malicious process internally executes a file by calling CreateProcess, then it doesn't matter at all the filetype of the executed file. It can be anything from EXE, to MP3, AVI, BMP, or it can even have no extension at all. This is because, when actually executing a file, the filename/extension is completely irrelevant, and only the file's internal structure and content matters.


    Bottom line: any filetype can contain a malware, as I said in a previous post.


    About conflicts, I am not sure which options (Excluded or scanned extensions) take precedence over the other. So if an extension is defined in both lists, I am not sure what will happen. I will try to find this out and let you know.


    Cris.

  • Do On-Demand System scans include user defined tasks and cloned tasks? (besides deep system scan,system scan,quick system scan and auto logon scan)


    There seems to be a real problem with 'choose an action' select box.


    I dont know whether its a bug or an installation problem.


    I just did a rootkit scan and both 'choose an action' boxes do not work.


    It was just one file sccfg.sys (folder lock). I do not want to delete the file but i just wanted to know whether 'choose an action' didnt work for 1 or 2 files or it never works.


    So 'choose an action' NEVER works whenever i have to manually select an action for a detected virus.

  • 1) If the same extension is defined as both excluded and to-be-scanned extenson (in the OnDemand task options), then the Exclusion list will take precedence. This means that an Exclusion will always be applied, and the files/extensions defined as excluded will never be scanned, no matter how the OnDemand task is configured.


    So NO, there aren't any conflicts if you define the same extension as both scanned and excluded (it just won't be scanned).


    2) Exclusion rules also apply to user-defined tasks. Exclusions don't apply to the Contextual Scan task.


    3) About the problem you have with "choose an action", I will contact someone about this problem when I have the chance (probably on Monday).


    Cris.

  • Thanks a lot Cris for the info.


    Meanwhile i have specified second action(move to quarantine) for an infected file for most scans.


    It works and so now i wont have to manually choose an action.