Skipped Items Options

[Christian]

Hi Omer

In that situation, the Smart Cache is populated by the On Access scanner and when a Full System Scan is run. In a case of a false positive, the file is removed from the database in the update process. In some special cases, when a new version of our engine is released or some routines enter in the product, the Smart Cache is cleared and the process starts over again.

Thank you.

[ONT]

1) In all this discussion, I forget to ask what attributes of the files which are considered to be necessary for the file authenticity/verification is checked/compared by SmartScan feature. e.g. Checksum, Digital Signature, Timestamp, Hashes etc or some UIDs assigned to the files are compared or combination of above?

2) Does the SmartScan feature depend on the File System?

3) What if the file (that was skipped in the last scan) is moved to another location?

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Welcome back.

I will now answer to your questions:

1. This answer is classified, I can not provide you details about the criteria that we use to add files to Smart Scan. All you need to know is that those files are 100% clean and no malware will be added by mistake in there.

2. No, is does not depend on the file system. All known file systems from Windows, Mac OS X and Linux are recognized by Smart Scan.

3. If the file is moved to another location, it will still be considered clean and the database will be updated during the next scan(made by the user on demand or by Auto Scan).

Have a great weekend!

[ONT]

Some more information from an old topic

BitDefender comes with a predefined whitelist of known files (list which is updated whenever necessary, through Automatic Updates, along with other types of updates) as well as a prebuild Smart Scan database. These contain signatures for files that are known to be clean, thus preventing the other engines from scanning them.

This filtering ensures that files are not scanned until they are changed/replaced and is not based on file name and/or location.

All in all, once a system file gets modified, it will be detected if it contains known malicious code.

Cris.

[Christian]

Hi (IMG:style_emoticons/default/smile.gif)

Yes, Cris is right.

With the release of the 2012 products, some improvements were maid to the engines and the whitelisting process is a lot faster.

Also, during the scan process, files are added to the whitelist using also the cloud system.

Take care.

[JAGUARS]

A question:

i> Does the whole file (declared clean) move to the Cache or some information associated with it?



This post has been edited by JAGUARS: May 2 2012, 04:36 AM

[JAGUARS]

ii> I want to know the criteria of saying the file is "Clean"? e.g if I run a scan, total scanned items are 58600, skipped items are 5800 and infected items are 100, but still the 58600-100=58500 items are cleaned but whole of them are not considered as Skipped Items and move to SmartScan Cache and only 5800 items are declared as skipped items….Why?

This post has been edited by JAGUARS: May 2 2012, 04:42 AM

[ONT]

1) If the infected files are present in SmartScan Cache which the Bitdefender has no detection or failed to detect even by Heuristics and AVC, are there any chances that such infection will be spread from the that Cache or it is like Quarantine, in which the quarantined infections are stored in special format and thus no chances of spreading?

2) Why the whole database will be erased if it contains infected files which are detected later upon adding their detection? Only the infected instances should be re-scanned.

3) If the definitions entered into the product, the cache is automatically cleared, so the cache is repeatedly cleared during 24 hrs. And SmartScan feature would be appeared useless if I did scan e.g on daily basis and also when the definitions entered to product and the Auto Scan is disabled.

[Christian]

Hi (IMG:style_emoticons/default/smile.gif)

I will answer to your questions:

@ JAGUARS

1. The file are classified using a sophisticated system. Only files can be added to the database, not processes, and not pieces of code.

2. The Cache is populated in time, depending how often do you scan your PC. A file can be added to the database only if was scanned at least once

If that file is changed or moved, it will be rescanned.

Not all files are added to the database and please remember that in this database only we only store important files(.exe, .dll, .dat, .com, .bat, etc files)

The photos, videos or music and other things like this are not added there.

@ ONT

1. No. The database is encrypted and only the product can access it. There are not stored physically in that database, there are only classified with location, name, etc

2. That measure is taken for security reasons. If we do not clean that database, the product can not compare the files with the latest update because they are excluded by default.

3. Rarely a file from that database is classified as malware, we have taken all the measures.

So the database is not cleared at 24h, it could be stored in the initial state for months.

The database is populated by Auto Scan and by the On-Demand module(when the user runs a scan manually).

Take care.

[ONT]

Respected Christian, your statement is in contradiction with Cris.

You are saying ....There are not stored physically in that database, there are only classified with location, name, etc

and

If that file is changed or moved, it will be rescanned.

while Cris said ....This filtering ensures that files are not scanned until they are changed/replaced and is not based on file name and/or location.

Kindly clarify.

This post has been edited by ONT: May 5 2012, 04:52 PM

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Since 2010, many changes were made to the Smart Cache and I posted the latest features.

Take care.

[JAGUARS]

So the whole file is copied to database?

[Christian]

Hi (IMG:style_emoticons/default/smile.gif)

No, only the hash is stored. Is like a "fingerprint" for a file.

You have here all the details:

http://en.wikipedia.org/wiki/Hash_function

Take care.

[ONT]

Once I faced the situation that the skipped items were much greater than the scanned items shown in the scan log. Is this normal?

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

Did you also scanned the memory?

Have you saved the scan log?

Take care.

[ONT]

Hi Christian

You talked about the Whitelist, so


1) How do I see the whitelist?

2) What is the need of Cloud System to add the files to the whitelist? Does the whitelist can't be updated during regular BD updates?

3) How do the user know when the Cloud System add the files to the whitelist? Any indication.

And regarding the skipped items greater than scanned items, I had a topic here. Kindly this issue is not occurring normally and not for every scans. I also faced this issue in BD2013 Beta.

[Christian]

Hello (IMG:style_emoticons/default/smile.gif)

This started to be a more general discussion and I will move the topic to Bitdefender 2012 area.

I will return with answers to those questions.

Thank you!

[columbo]

Thanks for the move, it's been an interesting read.

[Christian]

Hi (IMG:style_emoticons/default/smile.gif)

Now let's get back to those questions:

1. You can't is encrypted and embedded in the engine.

2. The cloud system is used to check the availability of the file added in the database, but the update process is the one that adds a file or removes one from there.

3. You won;t know, that's the magic thing. All process is automatic without user intervention.

Regarding those skipped items, you have here the answer, the official one:

http://forum.bitdefender.com/index.php?sho...ost&p=92876

Thank you!

[ONT]

Kaspersky has iSwift and iChecker technologies for doing the the same job as SmartScan feature by Bitdefender, but the files detected by iSwift and iChecker are listed in the logs. So I would like to suggest that there is an option to see the list of Skipped Items. Kindly consider above said only a suggestion, not a comparison.

Hi (IMG:style_emoticons/default/smile.gif)

Regarding those skipped items, you have here the answer, the official one:

http://forum.bitdefender.com/index.php?sho...ost&p=92876

Thank you!

It is not clear to me and if you don't mind, kindly elaborate it further? And why it does not happen every time even when I run the Scan Tasks one after the other without updating the product?

This post has been edited by ONT: Jul 12 2012, 04:25 PM