coolcool1227

Skipped Items

54 posts in this topic

BitDefender 2010 has a new feature called SmartScan, which decreases the duration of the scan by adding clean files to a cache so that they will be skipped at the next scan if the files have not been accessed or modified in any way. If a file that is already present in the cache is accessed, then it will be removed from the cache.

I have some queries about Bitdefender Skipped Items

1) Is this "Cache" created by Bitdefender is different for the same files (e.g C:\Windows) scanned through "Deep System Scan" ' and "Contextual Menu Scan"?

2) What type of files are added to skipped items other than the criteria "Clean"?

3) Does this Bitdefender cache will be cleared after restarting the PC?

4) If I run "Deep System Scan" first then "Context Menu Scan" of Same Drives, the time span of "Context Menu Scan", will the time span of Scan be lower?

5) What is the path of this Bitdefender Cache?

6) Does it occupy space on harddisk?

Hoping detailed reply

Regards

Share this post


Link to post
Share on other sites

Hello ONT,

I will try to respond to your questions in the exact order you asked:

1) The "Cache" created by Bitdefender is the same for all types of scans*, also for all the scanned files . Once you ran a scan, the clean files are moved to this Cache. Also, BitDefender is scanning all the files and processes accessed in real time. These are also added to the same cache if they are clean.

2) Yes, only the clean files are moved to this Cache. When you will start a scan, BitDefender will first check this Cache in order to know what files it will skip. Also, once a file from the Cache is modified, it will automatically be removed from the cache list and BitDefender will scan it again in order to make sure the file is clean.

3) The Cache will not be deleted when you reboot or turn off your PC.

4) Yes, if you run a Deep system scan the cleaned files will be added to the Cache list. Then, when you will run another type of scan the time span should be lower.

5) The path for the Cache is:

C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner

and the data is stored in: smartscn.dat, smartscn.inc2 and smartscn.inc3

6) The Cache can store up to 50 000 files. In this way it cannot occupy to much space on the hard disk. Also, the scanning process would not be efficient anymore if it would be bigger.

You can also check the size on disk for these 3 files.

Should you need any information please do not hesitate to contact us.

Thank you.

Share this post


Link to post
Share on other sites
Hello ONT,

I will try to respond to your question in the exact order you asked:

1) The "Cache" created by Bitdefender is the same for all types of scans*, also for all the scanned files . Once you ran a scan, the clean files are moved to this Cache. Also, BitDefender is scanning all the files and processes accessed in real time. These are also added to the same cache if they are clean.

2) Yes, only the clean files are moved to this Cache. When you will start a scan, BitDefender will first check this Cache in order to know what files it will skip. Also, once a file from the Cache is modified, it will automatically be removed from the cache list and BitDefender will scan it again in order to make sure the file is clean.

3) The Cache will not be deleted when you reboot or turn off your PC.

4) Yes, if you run a Deep system scan the cleaned files will be added to the Cache list. Then, when you will run another type of scan the time span should be lower.

5) The path for the Cache is:

C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner

and the data is stored in: smartscn.dat, smartscn.inc2 and smartscn.inc3

6) The Cache can store up to 50 000 files. In this way it cannot occupy to much space on the hard disk. Also, the scanning process would not be efficient anymore if it would be bigger.

You can also check the size on disk for these 3 files.

Should you need any information please do not hesitate to contact us.

Thank you.

Dear Carmen Cernev

Thanks for prompt response

I've some more queries regarding subject

1)How long the Bitdefender Cache can store files? I mean e.g if I scan a pen drive of my colleague, a Device Detection Scan, and some files are stored in Bitdefender Cache as skipped items, but this pen drive seemingly not plug into my PC in future, so how long these files saved in Cache even if they are not accessed in any way?

2)And in reply to sixth query, you only mention the max no. of files and not the max. size of Cache.I mean the max. size may be occupied by a single file,may be by two or may be by e.g 46780 files.

Regards

Share this post


Link to post
Share on other sites

Hello ONT,

I am very sorry for the late response to your queries.

1) The Bitdefender Cache will store the files until they will be modified again. However, these files will not be skipped forever. They will be scanned first time, second time, forth time, 8th time, and so on. In this case we can make sure that the file is still clean. If it is then it will stay in cache and it will be skipped during the scanning process.

Regarding your example, since the file you would scan from the pen drive will never be accessed again, unfortunately it will stay in the cache. But you do not need to worry about that because the number was raised to 100 000 files in the cache.

2) The Cache does not have a maximum size and it will not be very big because it is just a database where there are stored the location and the date when the clean files were last modified.

Please let me know if I can provide you with any other information regarding this issue.

Thank you.

Share this post


Link to post
Share on other sites

Dear Carmen Cernev

I understood precisely your reply and I didn't feel resentment on your late response.I think one should not be impatient in such a multitude of queries in this forum.

Regards

Share this post


Link to post
Share on other sites

Hello Carmen Cernev

How do I see the list of files added to skipped items?

Share this post


Link to post
Share on other sites

1)Is there any way to see what files are added to skipped items?

2)Does the SmartScan feature of Bitdefender depends on file formats e.g exe, dll, lnk, ttf, inf, sys, com, chm, zip, rar etc or any file can be added to skipped items ?

3)The path for the Cache is:

C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner

and the data is stored in: smartscn.dat, smartscn.inc2 and smartscn.inc3

During the scan e.g Deep System Scan or On-Line Scan, does this cache be also scanned or it'll be excluded by default, if yes, does the skipped items removed from the list as the cache is accessed? Putting an other way if this cache is accessed by Bitdefender or other security software during scan, will the files added to skipped items remain in the list or removed?

Share this post


Link to post
Share on other sites
1)Is there any way to see what files are added to skipped items?

No.

2)Does the SmartScan feature of Bitdefender depends on file formats e.g exe, dll, lnk, ttf, inf, sys, com, chm, zip, rar etc or any file can be added to skipped items ?

No.

3)During the scan e.g Deep System Scan or On-Line Scan, does this cache be also scanned or it'll be excluded by default, if yes, does the skipped items removed from the list as the cache is accessed?

Smartscan database is automatically managed by BitDefender (including new entires or removals).

Internal technical details and exact working method are not publicly available at this time.

Cris.

Share this post


Link to post
Share on other sites

Hello all,

I have a question. Can I exploit the network property of bitdefender to create a shared folder for a specific computers not shared for all computers?

Q2: How I can add windows explorer to a firewall save process? I mean some time bidefender block the process of win explorer from browsing another computer in my network? add: even ping command block from bitdefender.

thanks a lot

Share this post


Link to post
Share on other sites

What happens when new virus definitions are out? will the cache gets deleted and generated again? as all the files needs to be scanned for new virus?

Share this post


Link to post
Share on other sites

Hi and welcome to our forums.

Please note that if a file was changed by the user or by another software, that file will not be skipped during the scan and it will rescanned again.

In some cases when the guys from our lab introduce some new routines in the engine, the "cache" can be reset and the scan process starts from zero.

Thank you.

Share this post


Link to post
Share on other sites

I understand. But my question is there is a possibility for some files to become virus after the new virus update isn't it? so when that files are not opened by me it wont get modified but still the virus will be present in my system as i have not modified it and the scans will skip unmodified files. so there should be a mechanism to take care this such that when whole new virus definition set is introduced the cache should get cleared and all the files should be checked for new virus.

Share this post


Link to post
Share on other sites

Welcome back srinivasr

Not every file is added in that database.

The files added to the database are system files, executables any other files.

For your question, I have an answer: if a file from the SmartCache database is declared infected by our lab, a definition will be created.

After this, the update will be pushed on the server. When the product is updated(ant the definition is included in that update), the database will be erased and the SmartCache will start from zero. The files will be added again and the process can continue without user intervention.

The described situation is like worst case scenario and that file will be deleted/disinfected by our product.

Thank you.

Share this post


Link to post
Share on other sites

ok thanks i understand now. Skipped files are unmodified files but the system files only get added to database. I have another question too. How the cache gets generated? for example i have 2 OS one is WIN XP and another one is WIN 7 X64. i use both and i access files from both the windows. so the files get modified when Bitdefender is not running. As i have installed BD only in Win 7 how does bitdefender recognize it? or will the change in the files gets detected when i open Win 7 again?

Share this post


Link to post
Share on other sites

Hi

The database can remember up to 300.000 files and in the near future, this number will be extended.

The cache gets generated when the PC is used. Our engines continuously scan your machine(on access scanning) and also during a full scan, some files are added to Smart Cache.

In your case, you can install Bitdefender in the other OS and you will have 2 independent caches and it's a lot easier to scan all the files from both operating systems.

The files from the cache are automatically checked after each update.

Thank you.

Share this post


Link to post
Share on other sites

ok. I have another question too. Auto scan is based on this Smart cache right? when only system files and .exe files gets added to this file how will the auto scan scans all the files in PC except boot sector?

Share this post


Link to post
Share on other sites

Hi

The Auto Scan is a new feature and was introduced for the first time in Bitdefender 2012.

I've answered to your questions in general and I've took in the equation all versions of our product(the antivirus engine).

Auto Scan is a light on-demand scan that silently scans all your data for malware and takes the appropriate actions for any infections found. Auto Scan finds and uses time-slices when system resource usage falls below a certain threshold to perform recurring scans of the entire system.

Benefits of using Auto Scan:

-It has close to zero impact on the system.

-By pre-scanning the entire hard-disk, future on-demand tasks will be completed extremely fast.

-On-access scanning will also take significantly less time.

Basically is a continuous scan that helps to populate the Smart Cache. It doesn't scan boot sectors, registry and all the other options. The Real Time protection takes care of these.

It's recommended to run a full system once a month.

Thank you.

Share this post


Link to post
Share on other sites

Thanks. But as i told in my older post auto scan scans only the modified files after the last scan it does not scan all the files. why is that so?

so auto scan is accessing the database to scan the files. so how that process works? how will the auto scan create a new entries in database?

as it scans only the modified files?

Share this post


Link to post
Share on other sites

Welcome back srinivasr

The Auto Scan scans the modified files from the last scan and all the new files created in the system. It is useless to scan the same file again if the file was not modified.

The Auto Scan verifies if that files is in the database or not. If not, it will be scanned. If was declared clean during a previous scan, it will be skipped. I've told you that you don't have to worry if a file from the cache is declared infected because when definition enters in the product, the cache is automatically cleared.

The Auto Scan creates entries for the new files found in the system. When the scan cycle is finished and a new cycle is started(I've told you what is Auto Scan in my last post), only the modified files and new files are scanned.

Thank you.

Share this post


Link to post
Share on other sites

Hi Christian

You talked about the definitions added, so the Smart Scan Database is not scanned by Heuristics and what about the False Positives? How the Smart Scan database is scanned if the Auto Scan is turned OFF or in 2011 version?

Share this post


Link to post
Share on other sites

Hi Omer

In that situation, the Smart Cache is populated by the On Access scanner and when a Full System Scan is run. In a case of a false positive, the file is removed from the database in the update process. In some special cases, when a new version of our engine is released or some routines enter in the product, the Smart Cache is cleared and the process starts over again.

Thank you.

Share this post


Link to post
Share on other sites

1) In all this discussion, I forget to ask what attributes of the files which are considered to be necessary for the file authenticity/verification is checked/compared by SmartScan feature. e.g. Checksum, Digital Signature, Timestamp, Hashes etc or some UIDs assigned to the files are compared or combination of above?

2) Does the SmartScan feature depend on the File System?

3) What if the file (that was skipped in the last scan) is moved to another location?

Share this post


Link to post
Share on other sites

Hello :)

Welcome back.

I will now answer to your questions:

1. This answer is classified, I can not provide you details about the criteria that we use to add files to Smart Scan. All you need to know is that those files are 100% clean and no malware will be added by mistake in there.

2. No, is does not depend on the file system. All known file systems from Windows, Mac OS X and Linux are recognized by Smart Scan.

3. If the file is moved to another location, it will still be considered clean and the database will be updated during the next scan(made by the user on demand or by Auto Scan).

Have a great weekend!

Share this post


Link to post
Share on other sites

Some more information from an old topic

BitDefender comes with a predefined whitelist of known files (list which is updated whenever necessary, through Automatic Updates, along with other types of updates) as well as a prebuild Smart Scan database. These contain signatures for files that are known to be clean, thus preventing the other engines from scanning them.

This filtering ensures that files are not scanned until they are changed/replaced and is not based on file name and/or location.

All in all, once a system file gets modified, it will be detected if it contains known malicious code.

Cris.

Share this post


Link to post
Share on other sites

Hi :)

Yes, Cris is right.

With the release of the 2012 products, some improvements were maid to the engines and the whitelisting process is a lot faster.

Also, during the scan process, files are added to the whitelist using also the cloud system.

Take care.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now