First Time Scanning With Bd...qs
Just today I dloaded BD AV V10. I am still getting accustomed to it as I have used other paid for AV and Antispyware up till now.
As we speak it is doing a deep scan. It is 93% complete and it is listing 8 *suspect* objects in the Virus info section.
However currently only 2 of the 8 are shown in the Event List...I might have cleared Log during the scan? Would that explain the missing 6?
I am very confident that they are all false positives. The absence of one of these files (c:\program files\microsoft office\office11\startup\fxequation.dot) now prevents MS Office from loading a programme (FXequation) that it has done successfully for the past several months .
What did I do wrong? Is/was there a way for me to get BD to ignore these files?
Comments
-
Hi,
You can put them in your exclusion list to not scan the parent folder or the actual file.
Secondly if you are sure these are false positives, send them to BitDefender, they will investigate the file and if it is not a virus they will flag them as beeing clean. The next time you then update your virus definitions the files will no longer be detected as infected. But for now, put them in your exclusion list.0 -
Hi,
You can put them in your exclusion list to not scan the parent folder or the actual file.
Thanks for the reply. Where in BD does one establish an "Exclusion List"?Secondly if you are sure these are false positives, send them to BitDefender, they will investigate the file and if it is not a virus they will flag them as beeing clean.
But as of now where is the one file I was particulary concerned with; mentioned in my first post? Because right now that programme which used to load as an addon to MS Word no longer does....due to the...absence? of that file. I didnt want it deleted.0 -
Hello 21Rouge
To exclude a folder during an on demand open BitDefender go to antivirus,scanning,rightclick on the scan you wanted to execute choose change scanpath press on add new folder and browse to the folder you don't wanted to be scanned. Don't forget to uncheck it. To exclude a folder in realtime mode go to shield,custom level,exclude path from scan,add (new) item and browse to the folder you don't wanted to be scanned press on ok.
Can you please post the scanreport of the latest scan. To do so go to general,events,use the filter for anti-virus, doubelclick on your last scanreport press on more info.
Regards
Niels0 -
Hello 21Rouge
To exclude a folder during an on demand open BitDefender go to antivirus,scanning,rightclick on the scan you wanted to execute choose change scanpath press on add new folder and browse to the folder you don't wanted to be scanned.
I appreciate the quick reply Niels. I should have looked just a bit more on these forums as the procedure is described in another thread...sorry. So you can only exclude a folder as opposed to a specific file?To exclude a folder in realtime mode go to shield,custom level,exclude path from scan,add (new) item and browse to the folder you don't wanted to be scanned press on ok.
Oh so I have to exclude in realtime as well if I dont want BD picking it up outside of a requested/scheduled scan?Can you please post the scanreport of the latest scan. To do so go to general,events,use the filter for anti-virus, doubelclick on your last scanreport press on more info.
I mst have cleared the Log as nothing is shown . Do I need to scan again to generate the "scanreport" or is it still somewhere on my computer?
Again thanks for the help.0 -
Can you please post the scanreport of the latest scan. To do so go to general,events,use the filter for anti-virus, doubelclick on your last scanreport press on more info.
Regards
Niels
Although I had cleared the log I see that the scan report is still available in c:\documents and settings\allusers\application data\BitDefender\profiles\logs:
Virus Statistics
Scan path : C:\
Folders : 7336
Files : 598719
Memory processes scanned : 53
Archives : 124949
Runtime packers : 21103
Identified viruses : 0
Infected files : 0
Memory processes infected : 0
Suspect files : 8
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 27
Scan time : 01:37:27
Scan speed (files/sec) : 102
Spyware Statistics
Registry keys scanned : 1684
Registry keys infected : 0
Cookies scanned : 122
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 809122
Scan plugins : 16
Archive plugins : 40
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1187734134.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies
Summary:
C:\Documents and Settings\D\Desktop\Email Backup June 25 2006\Sent Items.dbx=>(message 4213)=>[subject: Re: Abort Report][Date: Fri, 19 Sep 2003 17:11:31 -0400]=>(MIME part)=>(message body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Dl\Desktop\Email Backup June 25 2006\Sent Items.dbx=>(message 5047)=>[subject: Re: MS office][Date: Thu, 5 Jun 2003 18:57:05 -0400]=>(MIME part)=>(message body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\D\Desktop\Old Dell Laptop\Email messages as of S.16 2006\Sent Items.dbx=>(message 4266)=>[subject: Re: Abort Report][Date: Fri, 19 Sep 2003 17:11:31 -0400]=>(MIME part)=>(message body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\D\Desktop\Old Dell Laptop\Email messages as of S.16 2006\Sent Items.dbx=>(message 5100)=>[subject: Re: MS office][Date: Thu, 5 Jun 2003 18:57:05 -0400]=>(MIME part)=>(message body) Suspect: Exploit.Iframe.Vulnerability
C:\Program Files\Efofex\FXE\FXEquation.DOT Suspect: Macro.VBA
C:\Program Files\Efofex\FXE\FXEquation97.DOT Suspect: Macro.VBA
C:\Program Files\Microsoft Office\Office10\Startup\FXEquation.DOT Suspect: Macro.VBA
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\FXEquation.DOT Suspect: Macro.VBA0 -
Hello 21Rouge
You can also exclude a file then you have to select add file. But be aware that in the free version you don't have realtime protection so you can't use the option to exclude a folder in realtime mode.
BitDefender just says that these macro's are suspecious. This doesn't mean that they are malicious.
I suggest that you make a topic in the malware section and archive
the follow files: FXEquation.dot,FXEquation97.dot in a password protected archive with the follow password:
infected.
Glad that I could help you.
Regards
Niels0 -
BitDefender just says that these macro's are suspecious. This doesn't mean that they are malicious.
I suggest that you make a topic in the malware section and archive
the follow files: FXEquation.dot,FXEquation97.dot in a password protected archive with the follow password:
infected.
Just an update: I did send the suspicious file off to BD, late yesterday morning. Here is the reply I got a little over 12 hours later:
We have received the answer from our virus lab analysts, the File
FXEquation.DOT is declared clean and exception for this type of macro has been
added.
About a year ago I had a similar problem with "Freedom's" AV programme ie a false postive on a file. It took almost 3 weeks of emails before they recognized it was clean.0 -
Hello 21Rouge
Good that you have send the samples but the virus researchers check also the malware section on this forum. Here they aren't everyday active.
Regards
Niels0 -
I notice when there is any BD scan that the Spyware statistics are greyed out. ("Results" and "Time" are black)
And I have yet to see "Spyware threats detected" to be anything but zero. This doesnt seem likely.0 -
Hello 21Rouge
So you don't see how many files that are being scanned? But it depends also what kind of scan you have done. Quick scan doesn't scan on spyware so that could clarify why spyware is greyed out.
You will only see a number when BitDefender detected something as spyware. So it's normal that sometimes you see 0.
Regards
Niels0 -
So you don't see how many files that are being scanned? But it depends also what kind of scan you have done. Quick scan doesn't scan on spyware so that could clarify why spyware is greyed out.
Here is a screen shot of a full scan. Middle section is greyed out for antispyware porgression. And there isnt one scan I have seen in the past 3 days that shows anything but 0 for "Spyware Threats Detected"0 -
Hello 21Rouge
That is normal behaviour nothing to worry about. The reason why you didn't see the number changed by spyware threats detected is because there weren't any detected on your system.
Regards
Niels0 -
Secondly if you are sure these are false positives, send them to BitDefender, they will investigate the file and if it is not a virus they will flag them as beeing clean. The next time you then update your virus definitions the files will no longer be detected as infected.
It is almost a month later and still these same files are flagged as suspicious macros. I had emailed BD 3 weeks ago and got very prompt emails saying that the files I submitted were clean and very soon BD would pass them by. Three more emails again indicating that all would be fine within 24 to 48 hours and yet now a month later nothing has changed.0