Sequence Of Actions, Taking Proper Actions Options

[ONT]

What is the sequence of actions by Bitdefender if we select “Taking Proper Actions” in Normal Mode and Rescue Mode?

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Depending on the class of malware the actions are:

1. Disinfect
2. Move to quarantine
3. Delete
4. Rename
5. Block

If all of these can not be applied, the user is prompted to scan the PC in Rescue Mode.

Take care.

[ONT]

What if the file is deleted by Bitdefender when I select Take proper Actions and the detection is False Positive?

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

The file will be deleted if everything else falls.

Trust me, the ones detected as heuristically won't get deleted.

Take care.

[ONT]

What everything? But if the False +ve is the signature based?

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

There is no such thing.

All files are checked multiple times before a definition in released. All False Positives are detected generically or heuristically.

Take care.

[ONT]

Why the option "Take Proper Action" is time consuming if it takes action according to the malware type?

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Welcome back!

The engine is analyzing the malware so it can take the best decision from that list.

Take care.

[ONT]

Hello (IMG:style_emoticons/default/smile.gif)

Welcome back!

The engine is analyzing the malware so it can take the best decision from that list.

Take care.

What do you mean by that? I think the engine is already analyzed/detected the malware during scanning and decide the cleaning routine for it e.g if the Bitdefender detected an infection "Application.ActualSpy.S" during scan, the action for it say quarantine should already be selected by-default for it and Bitdefender should not consider not any other such as delete, disinfect, rename etc.

What I mean that as the signatures defining the malware type, so as the specific cleaning routine for that type should already be decided.

[Christian]

Hi (IMG:style_emoticons/default/smile.gif)

Bitdefender is detecting the malware instantly, but the routine runs only at the end of the scan. Not always send to quarantine is the best action for a malware. This is only useful for a False Positive. No one wants malware in their PC, even if it is inactive in and encrypted in our quarantine.

Also, as I mentioned here, I have escalated this to our developers to see what can be made:

http://forum.bitdefender.com/index.php?showtopic=35463

Thank you!

[ONT]

Hi (IMG:style_emoticons/default/smile.gif)

Bitdefender is detecting the malware instantly, but the routine runs only at the end of the scan. Not always send to quarantine is the best action for a malware. This is only useful for a False Positive. No one wants malware in their PC, even if it is inactive in and encrypted in our quarantine.

Also, as I mentioned here, I have escalated this to our developers to see what can be made:

http://forum.bitdefender.com/index.php?showtopic=35463

Thank you!

A question about "Take Proper Action": How the Bitdefender decide the best decision from the list?


Also I rephrase the statement in my previous post that based on the malware malicious action, antivirus add its detection as signatures for it, i.e naming the malware. I want to say that in a similar way Bitdefender assign the action routine for it. So two things will be assigned to the malware, its name and its respective cleaning routine (disinfect, quarantine, delete, rename or block etc). So that when the option "Take Proper Action" is selected, the best decision is already defined for the malware and also present in the Virus Definitions and Bitdefender DO NOT have to analyze later. Otherwise the option "Take Proper Action" becomes Improper most of the time and is always time consuming as it has to choose one from five cleaning action.

A detailed reply is requested.

[Christian]

Hello ONT (IMG:style_emoticons/default/smile.gif)

From trojans, backdoors, rootkits and all the other classes that can not be disinfected, the action will always be delete / send to quarantine because there is nothing to block/rename or disinfect and a normal user doesn't want malware in his PC.

For file infectors, the action is disinfect and is this can not be performed, the product will delete or quarantine the file(depending on the settings).

Since Auto Pilot was created to take care of everything without prompts, the product has to take decisions based on the malware.

We are doing our best to avoid False Positives and as I previously mentioned here http://forum.bitdefender.com/index.php?showtopic=35463, we will find a formula to minimize the impact of the automatic actions taken by the product.

I will get back to you when I have fresh information about this and I will post them here:

http://forum.bitdefender.com/index.php?showtopic=35463

Take care.

[ONT]

What about Hybrid infections?

[bms]

What happen if after 3 hours scan bitdefender showing error and exit from scanning without taking any action to detected threats. Why should I waste another 3 hours for the same task.. It is better take action which is decided = disinfect , quarantine. at the time of scanning. sincere request No.1 in detection is not enough product should be stable and user friendly.

Attached File(s)

 scan_error_inbetween.png ( 303.61K ) Number of downloads: 6

 

[ONT]

What happen if after 3 hours scan bitdefender showing error and exit from scanning without taking any action to detected threats. Why should I waste another 3 hours for the same task.. It is better take action which is decided = disinfect , quarantine. at the time of scanning. sincere request No.1 in detection is not enough product should be stable and user friendly.

What you said has been discussing in this post "Dealing With Infection"

[Christian]

Hello everyone (IMG:style_emoticons/default/smile.gif)

For polymorphic malware or those that have more than one component you can always use the Rescue CD or Rescue Mode.

@ bms

Please reboot and rerun the scan. It should run properly and it will clean those infections.

Take care.

[ONT]

Hello (IMG:style_emoticons/default/smile.gif)

The file will be deleted if everything else falls.

Trust me, the ones detected as heuristically won't get deleted.

Take care.

Kindly see the attachment. I did contextual scan of the folder and select "Take Proper Actions" at the end of the scan and both the files are deleted, also the one which is detected heuristically "Gen:Trojan.Heur.Hype.fm3@au0FVfei".

Also the "Take Proper Actions" takes about 4-5 mins to take action which was selected "delete" by the cleaning routine. That is why I was asking in the posts 9 and 11 in this topic.

Attached File(s)

 1345218484_1_02.xml ( 3.87K ) Number of downloads: 5

 

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Could you please send me the samples via PM so I can take a look?

Thank you!

[ONT]

PM sent.

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

I will use the samples for the situations described in those topics.

Tank you very much.

Take care.