Jump to content

Contextual Scan - Objects Scanned Questions


Recommended Posts

I just peformed a contextual scan of the latest installer file for Apache Open Office using both MBAM 2.0 and BD W8 Security.

 

MBAM 2.0 scan said one object scanned

BD W8 Security said 47,722 objects scanned.

 

While I didn't realize that many files were in the OO installer I know it is a lot more than one.

 

Also the MBAM 2.0 contextual scan took only 8 seconds compared the BD W8 Security contextual scan which took 26 seconds and listed the number of objects scanned per second, 47,722/26 = 1,835 per second.

 

My questions are

 

1.   Does a MBAM 2.0 contextual scan, scan within an archive that is not password protected? From the short time it took to complete the scan, i.e. 8 seconds vs the time it took BD W8 Security to complete the scan; i.e 26 seconds I am thinking maybe the MBAM contextual scan does not scan within within an an archive that is not password protected.

 

2.   If MBAM 2.0 contextual scan does scan with a non-password protected archive, why is the object scan number only one?

Link to post
Share on other sites

Please post the log from the scan.  No product can scan a password protected archive - that's impossible unless they somehow allow you to provide the password.

Sorry if I was unclear (see below).   The file or archive is not password protected

 

1.   Does a MBAM 2.0 contextual scan, scan within an archive that is not password protected?

 

2.   If MBAM 2.0 contextual scan does scan with a non-password protected archive,

 

 

I just did a rescan on the computer I am now using. BD Scanned 47,720 objects of file type = 0. (see below)  The total objects scanned were 47,722.

 

BD W8 Security Scan Log Pertinent Sections Only

 

<?xml-stylesheet type="text/xsl" href="C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\ondemand.xsl"?>

<ScanSession creator="Bitdefender Windows 8 Security" name="Contextual Scan" installPath="C:\Program Files\Bitdefender\Bitdefender Windows 8 Security\" creationDate="Monday, April 07, 2014 9:07:36 PM" originalPath="C:\Users\xxxx\AppData\Roaming\Bitdefender\Desktop\Profiles\Logs\2ab858ed-450b-4bb6-b67c-8e3c45ec13ac\1396930025_1_01.xml" >

        <ScanPaths>

            <path>E:\My Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-US.exe</path>

        </ScanPaths>

                <TypeSummary type="0"

            scanned="47720"

 

 

Evidently MBAM scanned only the 'Open Office.txf' file within the Apache_OpenOffice_4.0.1_Winx86_install_en-US.exe' file.  There is a text file within the installer.  That is what MBAM must have scanned.  The file Apache Open Office installer file itself is not password protected.and contains the 'OpenOpen.txt' file

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 4/7/2014

Scan Time: 9:15:00 PM

Logfile: MBAM Scan Log of Open Office.txt

Administrator: Yes

Version: 2.00.1.1004

Malware Database: v2014.04.07.14

Rootkit Database: v2014.03.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Enabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: xxxxx

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 1

Time Elapsed: 0 min, 17 sec

Memory: Disabled

Startup: Disabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

 

Link to post
Share on other sites

  • Root Admin

There could be a couple of issues going on here.  Let's try to verify what's going on.  There is a known issue with Context scanning that will be fixed in the next release where certain special characters prevent it from scanning.

 

Please create a new folder like D:\NewTestFolder and place several copies of executable files in that folder.  Then right click and do a Context scan and post back that log please.

Link to post
Share on other sites

Three installers scanned and logs attached

 

1.  Kindle for PC Installer - Size 37,264KB Scan time 26 seconds

 

2.  Nitro PDF Reader Installer x64 - Size 35,296KB Scan time 8 seconds

 

3. Todo EaseUS Backup installer - Size 116,186KB Scan time 12 seconds

 

 

MBAM Contextual Scan Log Kindle For PC Installer.txt

MBAM Contextual Scan Log Nitro PDF Reader Installer.txt

MBAM Contextual Scan Log Todo EaseUS Backup Installer.txt

Link to post
Share on other sites

  • Root Admin

Sorry cannot speak to how or what any other scanners do as I don't use BD - however we only scan very specific files for infections that can potentially pose a threat.

BD may possibly be extracting the installer which we do not.  We examine archive file not installers.

 

Now if you do that same test but create a new folder named:   D:\New!TestFolder and put those same files in it I don't think it will scan them.

Link to post
Share on other sites

Sorry cannot speak to how or what any other scanners do as I don't use BD - however we only scan very specific files for infections that can potentially pose a threat.

BD may possibly be extracting the installer which we do not.  We examine archive file not installers.

 

Now if you do that same test but create a new folder named:   D:\New!TestFolder and put those same files in it I don't think it will scan them.

If appears hueristics scanning is included in Customs scans while it is not in a Contextual scan.  If heuristics scanning during the folder scan is scanning the objects within the installer files in the folder than why not add heuristics scanning to Contextual Scans?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.