Jump to content


Photo

[resolved, Won't Be Implemented] Dealing With Infection


  • This topic is locked This topic is locked
31 replies to this topic

#1 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 08 April 2012 - 02:00 PM

What are advantages of dealing with infected files at the end of the scan rather than taking action upon finding the infection?



#2 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 08 April 2012 - 02:13 PM

Hello smile.gif

It is much more elegant to have all the results on a page and take actions for all of them instead to be prompted every few minutes by the product.

With the second option, the scan will have to stop for you to take the action making the scan time even bigger.

So, the actions page will be always at the end.

Also, if an infection is detected by the On Access and resolved, that one won't appear at the final of the scan.

Let me know if you have other questions.

Take care.

#3 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 08 April 2012 - 02:48 PM

QUOTE (Christian @ Apr 8 2012, 05:13 PM) <{POST_SNAPBACK}>
Hello smile.gif

It is much more elegant to have all the results on a page and take actions for all of them instead to be prompted every few minutes by the product.

With the second option, the scan will have to stop for you to take the action making the scan time even bigger.

So, the actions page will be always at the end.



Why the scan would prompt or stopped for taking action, if I set the actions already? This situation can be overcome by running two routines at same time, one for detection and the second for action. Although it may consume more resources but would increase the overall scan speed.


QUOTE (Christian @ Apr 8 2012, 05:13 PM) <{POST_SNAPBACK}>
Hello smile.gif

Also, if an infection is detected by the On Access and resolved, that one won't appear at the final of the scan.

Take care.



In that case Bitdefender display "action failed (object was not found)", which I faced sometimes.

Edited by ONT, 08 April 2012 - 02:49 PM.


#4 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 08 April 2012 - 03:55 PM

Hello smile.gif

Why would someone love to guard the scanning process when can leave it to do the job an get back later to see the results an then take action?

This is a legitimate question...

The scan can not continue if the action is user depended and you will find the scan stopped and waiting for further instructions.

Take care.



#5 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 12 April 2012 - 09:51 PM

QUOTE (Christian @ Apr 8 2012, 06:55 PM) <{POST_SNAPBACK}>
Hello smile.gif

The scan can not continue if the action is user depended and you will find the scan stopped and waiting for further instructions.

Take care.



Why the scan can not continue? I rephrase my above post that when an infection found during the scan task, the routine for taking action on the infection opens in an other window and do whatever we set the action and it remain open but in idle state (and becomes active only when another infection is found), while the scan continue in its own window without any interrupt.

#6 werby3

werby3

    Frequent Poster

  • Banned
  • PipPipPip
  • 562 posts

Posted 13 April 2012 - 03:08 AM

Hello ONT

My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.

"Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?

My Best Regards

#7 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 13 April 2012 - 05:15 PM

Hello everyone smile.gif

I have a scenario: the product prompts the user to take actions after each detection during the Full System scan, but the user is not in from of the PC. In this ideal scenario, the scan will continue and for each detection the user is prompted.

When the user returns, the scan process is finished and he will have to take actions for all the malware.

Isn't this the same thing? It is better to take all the proper actions at the end of the scan and in some cases, you can select one action and apply it to all the discovered malware.

Take care.

#8 werby3

werby3

    Frequent Poster

  • Banned
  • PipPipPip
  • 562 posts

Posted 13 April 2012 - 09:21 PM

QUOTE (Christian @ Apr 13 2012, 06:15 PM) <{POST_SNAPBACK}>
...but the user is not in front of the PC...

First of all this is a crime!!!
And then, what if product sending a message to mobile phone and there is the ability to select proper action via that?? rolleyes.gif

P S: Is this a brilliant idea or what? biggrin.gif

Peace and Happiness

#9 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 16 April 2012 - 05:09 PM

QUOTE (werby3 @ Apr 13 2012, 06:08 AM) <{POST_SNAPBACK}>
Hello ONT

My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.


Kindly read my above post again.

QUOTE (Christian @ Apr 13 2012, 08:15 PM) <{POST_SNAPBACK}>
Hello everyone smile.gif

I have a scenario: the product prompts the user to take actions after each detection during the Full System scan, but the user is not in from of the PC. In this ideal scenario, the scan will continue and for each detection the user is prompted.

When the user returns, the scan process is finished and he will have to take actions for all the malware.

Isn't this the same thing? It is better to take all the proper actions at the end of the scan and in some cases, you can select one action and apply it to all the discovered malware.

Take care.



I am not suggesting this scenario.....just see Eset.


#10 werby3

werby3

    Frequent Poster

  • Banned
  • PipPipPip
  • 562 posts

Posted 17 April 2012 - 02:55 AM

Hello ONT,

Be sure I've carefully read your above post, although you've missed this
QUOTE
"Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?
from my above post.
Anyway, all I try to say is that "The best is the enemy of the good", a rule that Eset, Norton etc. seems to ignore and make our PCs running like a turtle.

Have a nice day.

#11 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 18 April 2012 - 05:08 PM

QUOTE (werby3 @ Apr 13 2012, 06:08 AM) <{POST_SNAPBACK}>
Hello ONT

My friend, I think, you want for a very simple and fast routine to become a complicated one where one routine runs over another routine and another routine runs over another routine (if multiple infection) and so on.

"Although it may consume more resources.." what does it make you believe that "..would increase the overall scan speed"?

My Best Regards


What I meant was that the detection and action routines run in parallel and not like you said. And regarding your second statement, I simply gives the example of Windows Vista and Windows 7. Windows 7 consumes more resources but faster than Vista.

#12 werby3

werby3

    Frequent Poster

  • Banned
  • PipPipPip
  • 562 posts

Posted 19 April 2012 - 05:32 AM

Hi ONT,

I'm not an expert but I think Vista was a completely failed system. BD is not a failed application although it needs improvement...
So, the worst must have an enemy but the good no.

My Best Regards

#13 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 22 April 2012 - 07:56 AM

The Bitdefender holds the threat while scanning but not in a proper way, because even then the detected threats can become active and are therefore detected by RTP and thus display in the scan logs “failed to perform action (object was not found)” in the end of scan task, which happen sometimes so silently and hiddenly in the previous versions (not sure about 2012) that there was neither any pop-up appear nor indication in the logs for that threat even if they were detected by RTP. So the scan task environment can not restrict the detected threats activity and thus RTP come into play in such situations. This is the real bug of the Scan Task. In my opinion the detected threats during scan task should be kept in the environment which denies accesses to all processes and executions even to RTP.

Edited by ONT, 22 April 2012 - 07:57 AM.


#14 werby3

werby3

    Frequent Poster

  • Banned
  • PipPipPip
  • 562 posts

Posted 22 April 2012 - 02:43 PM

Hi ONT,

I've not encountered such a situation till now so, if this happens, I have to agree with you about improvement at this point.
I only remember a threat (I cannot remember the type), 2 months ago, that could not be solved. Although BD deleted it, after restart, it appeared again and again so, I was forced to run "System restore" that finally solved this. I don't know if we're talking for the same thing (I'm not an expert) but I have to thank you for your info!

Have a nice week!

Edited by werby3, 22 April 2012 - 02:48 PM.


#15 Susankool

Susankool

    Newbie

  • Members
  • 1 posts

Posted 22 April 2012 - 09:46 PM

better to scan and check results later

#16 bms1978

bms1978

    Newbie

  • Members
  • 4 posts

Posted 24 April 2012 - 06:30 AM

I agree with ONT , because while we finish full scan and we select (Take proper action) , press continue , then disinfection process starts .
Which is taking almost same or half of the time and is very irritating .

Also scan of Removable drive is very slow like .. 8 gb usb flash drive taking 1.5 hr. , after taking proper action it takes the same time again.

many times problem occurs like
1-pc hang
2-pc restarts
3-power failure

Then we have to start full scan again!!


If we select action -> disinfect or quarantine , then in we expect it to happen in any scan

So it is a gentle request to BD people, kindly make disinfection process at the time of scanning which is very convenient and hassle free.
unsure.gif

#17 JAGUARS

JAGUARS

    Regular Poster

  • Regular Bitdefender Poster
  • PipPip
  • 145 posts

Posted 25 April 2012 - 12:12 PM

Me agree too....that the cleaning or disinfection processes takes lot of time in 2012 version especially on the exe files.

#18 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 25 April 2012 - 04:03 PM

QUOTE (werby3 @ Apr 22 2012, 05:43 PM) <{POST_SNAPBACK}>
Hi ONT,

I've not encountered such a situation till now so, if this happens, I have to agree with you about improvement at this point.
I only remember a threat (I cannot remember the type), 2 months ago, that could not be solved. Although BD deleted it, after restart, it appeared again and again so, I was forced to run "System restore" that finally solved this. I don't know if we're talking for the same thing (I'm not an expert) but I have to thank you for your info!

Have a nice week!



Read this topic for information. And what you mention later, it was the issue that the Bitdefender takes action on the virus e.g delete, but even then the same infected file was remain there. Now it is fixed. I forget the topic posted by user on this forum, but I also experienced this issue. And it is the totally different thing, not what I am discussing.

Edited by ONT, 25 April 2012 - 04:04 PM.


#19 ONT

ONT

    Guru Poster

  • Banned
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male

Posted 26 April 2012 - 09:04 PM

Any reply on my post #13.

#20 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 28 April 2012 - 10:30 AM

QUOTE (ONT @ Apr 22 2012, 08:56 AM) <{POST_SNAPBACK}>
The Bitdefender holds the threat while scanning but not in a proper way, because even then the detected threats can become active and are therefore detected by RTP and thus display in the scan logs “failed to perform action (object was not found)” in the end of scan task, which happen sometimes so silently and hiddenly in the previous versions (not sure about 2012) that there was neither any pop-up appear nor indication in the logs for that threat even if they were detected by RTP. So the scan task environment can not restrict the detected threats activity and thus RTP come into play in such situations. This is the real bug of the Scan Task. In my opinion the detected threats during scan task should be kept in the environment which denies accesses to all processes and executions even to RTP.


Hi smile.gif

The On-Access is acting normal in a standard malware-antivirus "relationship" biggrin.gif

If the file is caught in memory, the action is instant, why should it wait for the On-Demand task to finish?

Malware can have different components and behavior. When it is discovered bu the On-Access module, the action is instant, as it should be.

Take care.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users