coolcool1227

Skipped Items

54 posts in this topic

A question:

i> Does the whole file (declared clean) move to the Cache or some information associated with it?

Edited by JAGUARS

Share this post


Link to post
Share on other sites

ii> I want to know the criteria of saying the file is "Clean"? e.g if I run a scan, total scanned items are 58600, skipped items are 5800 and infected items are 100, but still the 58600-100=58500 items are cleaned but whole of them are not considered as Skipped Items and move to SmartScan Cache and only 5800 items are declared as skipped items….Why?

Edited by JAGUARS

Share this post


Link to post
Share on other sites

1) If the infected files are present in SmartScan Cache which the Bitdefender has no detection or failed to detect even by Heuristics and AVC, are there any chances that such infection will be spread from the that Cache or it is like Quarantine, in which the quarantined infections are stored in special format and thus no chances of spreading?

2) Why the whole database will be erased if it contains infected files which are detected later upon adding their detection? Only the infected instances should be re-scanned.

3) If the definitions entered into the product, the cache is automatically cleared, so the cache is repeatedly cleared during 24 hrs. And SmartScan feature would be appeared useless if I did scan e.g on daily basis and also when the definitions entered to product and the Auto Scan is disabled.

Share this post


Link to post
Share on other sites

Hi :)

I will answer to your questions:

@ JAGUARS

1. The file are classified using a sophisticated system. Only files can be added to the database, not processes, and not pieces of code.

2. The Cache is populated in time, depending how often do you scan your PC. A file can be added to the database only if was scanned at least once

If that file is changed or moved, it will be rescanned.

Not all files are added to the database and please remember that in this database only we only store important files(.exe, .dll, .dat, .com, .bat, etc files)

The photos, videos or music and other things like this are not added there.

@ ONT

1. No. The database is encrypted and only the product can access it. There are not stored physically in that database, there are only classified with location, name, etc

2. That measure is taken for security reasons. If we do not clean that database, the product can not compare the files with the latest update because they are excluded by default.

3. Rarely a file from that database is classified as malware, we have taken all the measures.

So the database is not cleared at 24h, it could be stored in the initial state for months.

The database is populated by Auto Scan and by the On-Demand module(when the user runs a scan manually).

Take care.

Share this post


Link to post
Share on other sites

Respected Christian, your statement is in contradiction with Cris.

You are saying ....There are not stored physically in that database, there are only classified with location, name, etc

and

If that file is changed or moved, it will be rescanned.

while Cris said ....This filtering ensures that files are not scanned until they are changed/replaced and is not based on file name and/or location.

Kindly clarify.

Edited by ONT

Share this post


Link to post
Share on other sites

Hello :)

Since 2010, many changes were made to the Smart Cache and I posted the latest features.

Take care.

Share this post


Link to post
Share on other sites

So the whole file is copied to database?

Share this post


Link to post
Share on other sites

Once I faced the situation that the skipped items were much greater than the scanned items shown in the scan log. Is this normal?

Share this post


Link to post
Share on other sites

Hello :)

Did you also scanned the memory?

Have you saved the scan log?

Take care.

Share this post


Link to post
Share on other sites

Hi Christian

You talked about the Whitelist, so

1) How do I see the whitelist?

2) What is the need of Cloud System to add the files to the whitelist? Does the whitelist can't be updated during regular BD updates?

3) How do the user know when the Cloud System add the files to the whitelist? Any indication.

And regarding the skipped items greater than scanned items, I had a topic here. Kindly this issue is not occurring normally and not for every scans. I also faced this issue in BD2013 Beta.

Share this post


Link to post
Share on other sites

Hello :)

This started to be a more general discussion and I will move the topic to Bitdefender 2012 area.

I will return with answers to those questions.

Thank you!

Share this post


Link to post
Share on other sites

Thanks for the move, it's been an interesting read.

Share this post


Link to post
Share on other sites

Hi :)

Now let's get back to those questions:

1. You can't is encrypted and embedded in the engine.

2. The cloud system is used to check the availability of the file added in the database, but the update process is the one that adds a file or removes one from there.

3. You won;t know, that's the magic thing. All process is automatic without user intervention.

Regarding those skipped items, you have here the answer, the official one:

http://forum.bitdefender.com/index.php?sho...ost&p=92876

Thank you!

Share this post


Link to post
Share on other sites

Kaspersky has iSwift and iChecker technologies for doing the the same job as SmartScan feature by Bitdefender, but the files detected by iSwift and iChecker are listed in the logs. So I would like to suggest that there is an option to see the list of Skipped Items. Kindly consider above said only a suggestion, not a comparison.

Hi :)

Regarding those skipped items, you have here the answer, the official one:

http://forum.bitdefender.com/index.php?sho...ost&p=92876

Thank you!

It is not clear to me and if you don't mind, kindly elaborate it further? And why it does not happen every time even when I run the Scan Tasks one after the other without updating the product?

Edited by ONT

Share this post


Link to post
Share on other sites

Hello :)

If we log those elements, the scan log will have thousands lines and it is unpractical.

Usually the skipped items appear only in Full System scan.

Take care.

Share this post


Link to post
Share on other sites

I still not understand why the Skipped Items were greater then the Scanned Items displayed during the Device Detection Scan Task?

Why the files inside the archives and installers are usually not added to Skipped Items e.g if i've the ISO of the Microsoft Office 2007, no files are added to skipped items even if I keep the ISO file to the location?

Share this post


Link to post
Share on other sites

Hello :)

Can you please provide me a scan log so I can further investigate this situation?

Take care.

Share this post


Link to post
Share on other sites

Hi

1) Log File: 1345635600_1_01

It is the contextual scan of the ISO of the Hiren Boot CD, but there are no skipped items although there are also no over-compressed items. Why? Isn't it possible that the whole archive (regardless of its size and pack/re-pack during scanning) can be added to the skipped items or the files inside the archive or both can't be added to skipped items?

2) Can the Over-Compressed items be added to the Skipped Items as they posses no threat.

3) Log Files: 1345636066_1_01, 1345644204_1_01, 1345647151_1_01

At-last I managed to find out the way how the skipped items can be greater than the scanned items. I dis-connect the internet connection, so no updates for Bitdefender, then I run the Full System Scan Tasks three time one after the other without restarting the system. And found that the skipped items can be greater than scanned items until any change is made to the SmartScan Cache and/or any change is made to the file already in the skipped items list. But I think the total items (Scanned + Skipped Items) should be same for all the above three scans. Is this correct?

1345635600_1_01.xml

1345636066_1_01.xml

1345644204_1_01.xml

1345647151_1_01.xml

Edited by ONT

Share this post


Link to post
Share on other sites

Hi Christian

Would you like to reply after asking for the logs?

Share this post


Link to post
Share on other sites

Hello :)

Let's see now:

There were no skipped items in the first case because those files from the ISO archive are unknown and they are not added to the Smart Cache. Archives and some types of files are not added to this database(like music, photos, etc).

For the second situation, the answer is no and those elements will be logged separately.

The skipped items can be grater than the ones scanned. If you run several scan one after another, more files will be skipped because they are added to the database and since they were not modified from the last scan, they are automatically skipped(clean files).

In the last scan log, the number of skipped items is greater and this is perfectly normal.

Take care.

Share this post


Link to post
Share on other sites
Hi Christian

You talked about the definitions added, so the Smart Scan Database is not scanned by Heuristics ........

I need the answer of above asked query and also this one "Is the Smart Scan Database can be build by scanning the files by the protection methods Signature, Heuristics, Generic Detection, and Behavioral Detections etc"?

Share this post


Link to post
Share on other sites
3. If the file is moved to another location, it will still be considered clean and the database will be updated during the next scan(made by the user on demand or by Auto Scan).

@ JAGUARS

2. The Cache is populated in time, depending how often do you scan your PC. A file can be added to the database only if was scanned at least once

If that file is changed or moved, it will be rescanned.

There is contradiction in your own statements about the moving of the file. First you said that the added moved file is considered clean, only SmartScan database will be updated and in the 2nd statement you said if the added file is moved, it will be rescanned. You are requested to clarify this as rescanning of the file and updating the database for respective files are two different things.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now