Malware scan log

gaslad · April 8, 2008, 1:59am

When installing CFP 3, I recall running an anti-malware scan.

Can anyone tell me where anything detected by this scan is quarantined to, or if there is a log of this scan kept (and if so , where)?

panic · April 8, 2008, 7:42am

WOW! Great question! I’ve got to admit I don’t know, but I will see if I can find out, straight after I give myself an uppercut for not thinking to look into this earlier.

Ewen

gaslad · April 9, 2008, 3:45pm

Thanks.

The reason I ask, is that a CFP 3 user in another forum either deleted or quarantined 3 files that the scanner had found, without first checking if they were FPs. No harm appears to have been done, but I’d like to find out what was actually done, in case important files were deleted.

I recall that the CFP malware scanner detected at least one FP on my PC, which I confirmed by running the file by VirusTotal and virusscan.jotti. So I did nothing.

panic · April 9, 2008, 11:10pm

G’day,

As follows is an extract of a PM from Egemen on tis;

Hello Ewen,

CFP quarantine is not a traditional AV-style quarantine but a set of paths that CFP blocks access to. This information is stored in the registry. Normally AV-programs create a quarantine folder, and move malware into this folder. But CFP does not do this. CAV will do like this.

Malware scanning does not produce any logs. Until CAV, many things are missing right now.

Hope this info helps,
Ewen

gaslad · April 10, 2008, 1:41am

Thanks for that, Ewen.

If I understand you correctly, CFP 3 at installation is recommending an anti-malware scan with no option to quarantine detections, no option to restore FP deletions, and no log of anything deleted.

Well, that’s hardly a scanner I would recommend to the average user. Am I missing something here?

Info-Sec · April 10, 2008, 1:55am

I would leave everything it detects. CFP’s scanner has been known to falsely report viruses. Trust a ‘real’ antivirus scanner such as NOD32, or avira.

panic · April 10, 2008, 2:30am

I agree. The scanner built into CFP V3 is not one your could recommend as the sole means of AV detection on a PC. As Info-Sec said, trust a “real” AV. It is using what I believe is the first cut of the scanning engine that will be used in CASV3. The engine is bloody fast, compared to other AV scanners. All that remains to be seen is its detection capabilities, logging, quarantining, frequency of updates etc.

Ewen

gaslad · April 10, 2008, 2:55am

Thanks, Ewen and Info-Sec.

I wasn’t worried about myself- I have Nod32, (AntiVir Premium for a backup scan) and a whole arsenal of on-demand anti-malware scanners. I can smell a FP a mile away. Hell, they have all been FPs for years on my PC.

But I’ve been recommending CFP 3 to others, and as far as I can see, this D+ antimalware scanner should never have been included or recommended as part of the install, in its current state. The average user deserves a default scanner that backs up his deletions, IMHO. I’m very disappointed in Comodo for this lapse.