Scanner Clean-Up Does Not Function Properly
- Scanner does not clean all objects on first clean-up pass; multiple clean-up passes required to remove all objects.
- Object removal takes an excessive amount of time (in the case of 342 files a total of 9 minutes).
- Threats detected counter in the Scanner does not match Task item log “Items scan” number.
Equivalent samples can be downloaded from Virussign.com: Free Malware Feeds - VirusSign
NOTE: Attached video is in AVI format using Microsoft Video 1 codec. It should be viewable using Windows Media Player, VLC Player or Class Media Player.
The video is 15 minutes long. From 3 to 12 minutes (9 minutes) the scanner is removing the objects.
Can you reproduce the problem & if so how reliably?:
Yes. Reproducible every time - at will.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Scan large malware pack from Virussign.com.
2: Scan detects malicious items.
3: Apply “Clean-up” action.
4: Re-scan remaining items; items not removed during initial clean-up in Step 3 are re-detected
5: Apply “Clean-up” action.
6: Re-scan remaining items; items not removed during 2nd clean-up in Step 5 are re-detected
7: Apply “Clean-up” action.
8: Re-scan remaining items; all items detected by original scan Step 1 are now removed.
9: Check “Tasks” log; “Items scanned” numbers do not match the actual number of items scanned.
One or two sentences explaining what actually happened:
I scanned large malware pack (355 files) from Virussign.com. The scanner detected 342 items. Upon clean-up, only 303 files were removed. Re-scanned malware pack (52 remaining files). Scanner detected 16 items. Upon clean-up, 37 items remained. Re-scanned malware pack (37 remaining files). Scanner detected 1 item. Upon clean-up, 36 items remained.
Only 13 files should remain (355 files in malware pack - 342 files detected by scanner = 13 files).
Scan clean-up took 9 minutes.
One or two sentences explaining what you expected to happen:
I expected scanner to remove all detected items, the scan time to take perhaps only 1 minute, and for the Task logs to match the actual number of files scanned.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
Not Applicable.
Any software except CIS/OS involved? If so - name, & exact version:
No.
Any other information, eg your guess at the cause, how you tried to fix it etc:
OneDrive download links to the exact malware packs used in the video:
04\10 Virussign - https://onedrive.live.com/redir?resid=2C645D108A1E40C7!4867&authkey=!AFlFTRDY_cFp1ds&ithint=file%2Czip
04\11 VIrussin - https://onedrive.live.com/redir?resid=2C645D108A1E40C7!4868&authkey=!AAf6jrVti09-QsY&ithint=folder%2C
04\12 Virussign - https://onedrive.live.com/redir?resid=2C645D108A1E40C7!4869&authkey=!ALaK_qJUmLrQDuI&ithint=file%2Czip
ARCHIVE PASSWORD: virussign
B. YOUR SETUP
Exact CIS version & configuration:
8.2.0.4591 - Proactive Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
All.
Have you made any other changes to the default config? (egs here.):
Yes. Configuration file attached.
Have you updated (without uninstall) from CIS 5, 6 or 7?:
No.
[b]if so, have you tried a clean reinstall - if not please do?[/b]:
Not necessary.
Clean install Windows OS < 1 week, no "bloat\crapware"; clean install CIS.
Have you imported a config from a previous version of CIS:
No.
[b]if so, have you tried a standard config - if not please do[/b]:
Issue is independent of configuration; I have tried different configuration\settings - does not correct issue.
THE ISSUE IS NOT SYSTEM DEPENDENT; I have tried on different machines - Intel, AMD, i3, i5, A8, A10, desktop, laptop.
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 8.1 x86-64 OEM (Toshiba\AMD), “Always Notify,” Administrator, No VM used.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=None b=None
C. ATTACH REQUIRED FILES
- Video (zipped, AVI format playable using Windows Media Player, VLC Player or Classic Media Player).
OneDrive download link:
https://skydrive.live.com/redir?resid=2C645D108A1E40C7!4693
- Configuration file.
- Antivirus Log.
- Task Log.
[attachment deleted by admin]