coolcool1227

[resolved, Won't Be Implemented] Dealing With Infection

32 posts in this topic

What are advantages of dealing with infected files at the end of the scan rather than taking action upon finding the infection?

Share this post


Link to post
Share on other sites

Hello :)

It is much more elegant to have all the results on a page and take actions for all of them instead to be prompted every few minutes by the product.

With the second option, the scan will have to stop for you to take the action making the scan time even bigger.

So, the actions page will be always at the end.

Also, if an infection is detected by the On Access and resolved, that one won't appear at the final of the scan.

Let me know if you have other questions.

Take care.

Share this post


Link to post
Share on other sites
Hello :)

It is much more elegant to have all the results on a page and take actions for all of them instead to be prompted every few minutes by the product.

With the second option, the scan will have to stop for you to take the action making the scan time even bigger.

So, the actions page will be always at the end.

Why the scan would prompt or stopped for taking action, if I set the actions already? This situation can be overcome by running two routines at same time, one for detection and the second for action. Although it may consume more resources but would increase the overall scan speed.

Hello :)

Also, if an infection is detected by the On Access and resolved, that one won't appear at the final of the scan.

Take care.

In that case Bitdefender display "action failed (object was not found)", which I faced sometimes.

Edited by ONT

Share this post


Link to post
Share on other sites

Hello :)

Why would someone love to guard the scanning process when can leave it to do the job an get back later to see the results an then take action?

This is a legitimate question...

The scan can not continue if the action is user depended and you will find the scan stopped and waiting for further instructions.

Take care.

Share this post


Link to post
Share on other sites
Hello :)

The scan can not continue if the action is user depended and you will find the scan stopped and waiting for further instructions.

Take care.

Why the scan can not continue? I rephrase my above post that when an infection found during the scan task, the routine for taking action on the infection opens in an other window and do whatever we set the action and it remain open but in idle state (and becomes active only when another infection is found), while the scan continue in its own window without any interrupt.

Share this post


Link to post
Share on other sites

Hello ONT

My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.

"Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?

My Best Regards

Share this post


Link to post
Share on other sites

Hello everyone :)

I have a scenario: the product prompts the user to take actions after each detection during the Full System scan, but the user is not in from of the PC. In this ideal scenario, the scan will continue and for each detection the user is prompted.

When the user returns, the scan process is finished and he will have to take actions for all the malware.

Isn't this the same thing? It is better to take all the proper actions at the end of the scan and in some cases, you can select one action and apply it to all the discovered malware.

Take care.

Share this post


Link to post
Share on other sites
...but the user is not in front of the PC...

First of all this is a crime!!!

And then, what if product sending a message to mobile phone and there is the ability to select proper action via that?? :rolleyes:

P S: Is this a brilliant idea or what? :D

Peace and Happiness

Share this post


Link to post
Share on other sites
Hello ONT

My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.

Kindly read my above post again.

Hello everyone :)

I have a scenario: the product prompts the user to take actions after each detection during the Full System scan, but the user is not in from of the PC. In this ideal scenario, the scan will continue and for each detection the user is prompted.

When the user returns, the scan process is finished and he will have to take actions for all the malware.

Isn't this the same thing? It is better to take all the proper actions at the end of the scan and in some cases, you can select one action and apply it to all the discovered malware.

Take care.

I am not suggesting this scenario.....just see Eset.

Share this post


Link to post
Share on other sites

Hello ONT,

Be sure I've carefully read your above post, although you've missed this

"Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?
from my above post.

Anyway, all I try to say is that "The best is the enemy of the good", a rule that Eset, Norton etc. seems to ignore and make our PCs running like a turtle.

Have a nice day.

Share this post


Link to post
Share on other sites
Hello ONT

My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.

"Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?

My Best Regards

What I meant was that the detection and action routines run in parallel and not like you said. And regarding your second statement, I simply gives the example of Windows Vista and Windows 7. Windows 7 consumes more resources but faster than Vista.

Share this post


Link to post
Share on other sites

Hi ONT,

I'm not an expert but I think Vista was a completely failed system. BD is not a failed application although it needs improvement...

So, the worst must have an enemy but the good no.

My Best Regards

Share this post


Link to post
Share on other sites

The Bitdefender holds the threat while scanning but not in a proper way, because even then the detected threats can become active and are therefore detected by RTP and thus display in the scan logs “failed to perform action (object was not found)” in the end of scan task, which happen sometimes so silently and hiddenly in the previous versions (not sure about 2012) that there was neither any pop-up appear nor indication in the logs for that threat even if they were detected by RTP. So the scan task environment can not restrict the detected threats activity and thus RTP come into play in such situations. This is the real bug of the Scan Task. In my opinion the detected threats during scan task should be kept in the environment which denies accesses to all processes and executions even to RTP.

Edited by ONT

Share this post


Link to post
Share on other sites

Hi ONT,

I've not encountered such a situation till now so, if this happens, I have to agree with you about improvement at this point.

I only remember a threat (I cannot remember the type), 2 months ago, that could not be solved. Although BD deleted it, after restart, it appeared again and again so, I was forced to run "System restore" that finally solved this. I don't know if we're talking for the same thing (I'm not an expert) but I have to thank you for your info!

Have a nice week!

Edited by werby3

Share this post


Link to post
Share on other sites

I agree with ONT , because while we finish full scan and we select (Take proper action) , press continue , then disinfection process starts .

Which is taking almost same or half of the time and is very irritating .

Also scan of Removable drive is very slow like .. 8 gb usb flash drive taking 1.5 hr. , after taking proper action it takes the same time again.

many times problem occurs like

1-pc hang

2-pc restarts

3-power failure

Then we have to start full scan again!!

If we select action -> disinfect or quarantine , then in we expect it to happen in any scan

So it is a gentle request to BD people, kindly make disinfection process at the time of scanning which is very convenient and hassle free.

:unsure:

Share this post


Link to post
Share on other sites

Me agree too....that the cleaning or disinfection processes takes lot of time in 2012 version especially on the exe files.

Share this post


Link to post
Share on other sites
Hi ONT,

I've not encountered such a situation till now so, if this happens, I have to agree with you about improvement at this point.

I only remember a threat (I cannot remember the type), 2 months ago, that could not be solved. Although BD deleted it, after restart, it appeared again and again so, I was forced to run "System restore" that finally solved this. I don't know if we're talking for the same thing (I'm not an expert) but I have to thank you for your info!

Have a nice week!

Read this topic for information. And what you mention later, it was the issue that the Bitdefender takes action on the virus e.g delete, but even then the same infected file was remain there. Now it is fixed. I forget the topic posted by user on this forum, but I also experienced this issue. And it is the totally different thing, not what I am discussing.

Edited by ONT

Share this post


Link to post
Share on other sites
The Bitdefender holds the threat while scanning but not in a proper way, because even then the detected threats can become active and are therefore detected by RTP and thus display in the scan logs “failed to perform action (object was not found)” in the end of scan task, which happen sometimes so silently and hiddenly in the previous versions (not sure about 2012) that there was neither any pop-up appear nor indication in the logs for that threat even if they were detected by RTP. So the scan task environment can not restrict the detected threats activity and thus RTP come into play in such situations. This is the real bug of the Scan Task. In my opinion the detected threats during scan task should be kept in the environment which denies accesses to all processes and executions even to RTP.

Hi :)

The On-Access is acting normal in a standard malware-antivirus "relationship" :D

If the file is caught in memory, the action is instant, why should it wait for the On-Demand task to finish?

Malware can have different components and behavior. When it is discovered bu the On-Access module, the action is instant, as it should be.

Take care.

Share this post


Link to post
Share on other sites

Actually I want to say that when the infection is detected during the scan task, it should be under the custody or responsibility of scan task and not of the RTP.

Share this post


Link to post
Share on other sites

Hi :)

The action will be taken by the On-Access module only if an external resource(like Explorer or other software) is accessing that location and the files are scanned by the Real Time Protection.

If not, you can take the actions at the end.

Take care.

Share this post


Link to post
Share on other sites

You said that the action will be taken by the On-Access module only if an external resource (like Explorer or other software) is accessing that location and the files are scanned by the Real Time Protection. And my concern is that the any access to the infection found during Scan Task by the external resource or whatever it is, should be blocked or denied for RTP also and RTP should not scan and control it and the user then have to take action at the end of scan. But only that particular accessed of the external source is blocked by RTP and the target which is infection, is handled by Scan Task.

What I understand with your replies is, I have a scenario that I have run a Scan Task and there are multiple infections in the PC, whenever any infected file is scanned by Scan Task, since it is accessed by Scan Task so also the On-Access or Real Time Protection come into play at that moment and the infected file is detected by both Scan Task and RTP simultaneously, but RTP have priority over the Scan Task for taking action and it just perform and it should happen for every similar infection type. Am I right?

Share this post


Link to post
Share on other sites

Hi :)

The RTP will always have top priority. An on demand task is user dependent, the RTP protects automatically the PC and has to move really fast.

Everyone in this world will want the threat eliminated immediately, rather than wait 2-3 hours for the scan to finish.

If the threat is discovered in the same time by RTP and the On-Demand Scan, the RTP will take the proper actions first.

Take care.

Share this post


Link to post
Share on other sites

Hi Christian

With reference to the post

https://my.bitdefender.com/en_us/my/?lang=e...6cefc071b00003a

I want to say that "display the list of infections found during scan not at the end of the scan and I am not talking about the action which are taken at the end of scan.

In this whole post I am talking on the action taken during scan and not about viewing the infection during scan. Hope this will become clear to you now. I think Eset has the similar feature I requested on the Beta Feedback.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.