Skip to main content

ON PREMISES SOLUTIONS

Scanning for malware

The main objective of Bitdefender Endpoint Security Tools is to keep your computer free of malware. It does that primarily by scanning in real time accessed files, e-mail messages and any new files downloaded or copied to your computer. Besides real-time protection, it also allows running scans to detect and remove malware from your computer.

You can scan the computer whenever you want by running the default tasks or your own scan tasks (user-defined tasks). Scan tasks specify the scanning options and the objects to be scanned. If you want to scan specific locations on your computer or to configure the scan options, configure and run a custom scan.

At any point during the scan, you can see the progress in the Events timeline.

Scanning a file or folder

You should scan files and folders whenever you suspect they might be infected. Right-click the file or folder you want to be scanned and select Scan with Bitdefender Endpoint Security Tools. The scan will starts and you can monitor the progress on the Events timeline.

At the end of the scan, you will see the result. For detailed information, click View Log.

Running a quick scan

Quick Scan uses in-the-cloud scanning to detect malware running in your system. Running a quick scan usually takes less than a minute and uses a fraction of the system resources needed by a regular virus scan.

Quick Scan is preconfigured to allow scanning:

  • Running processes, boot sectors and registry.

  • Critical memory regions

  • Only new and changed files

  • For rootkit, adware, spyware and dialer applications in critical OS paths such as: %windir%\\system32\\, %temp%, /etc, /lib.

  • For Potentially Unwanted Applications (PUA).

To run a quick scan, follow these steps:

  1. Open the Bitdefender Endpoint Security Tools window.

  2. Click the Actions button best_actions_menu_button.png on the upper-right corner.

  3. Click Quick Scan.

  4. Wait for the scan to complete. You can see the progress of the scan in the timeline. Once complete, click View Log to see detailed results.

Running a full scan

The Full Scan task scans the entire computer for all types of malware threatening its security, such as viruses, spyware, adware, rootkits and others.

Note

Because Full Scan performs a thorough scan of the entire system, the scan may take a while. Therefore, it is recommended to run this task when you are not using your computer.

If you want to scan specific locations on your computer or to configure the scanning options, configure and run a custom scan. For more information, please refer to Configuring and Running a Custom Scan.

Before running a full scan, make sure Bitdefender Endpoint Security Tools is up-to-date with its malware signatures. Scanning your computer using an outdated signature database may prevent Bitdefender Endpoint Security Tools from detecting new malware found since the last update. For more information, please refer to Updates.

Full Scan is configured to allow scanning:

  • Running processes, boot sectors and registry.

  • Email archives and network files from all drives, including removable ones.

  • For rootkits, adware, spyware, keylogger and dialer applications, on all drives, including removable ones.

  • For Potentially Unwanted Applications (PUA)

  • Browser cookies

To run a full scan, follow these steps:

  1. Open the Bitdefender Endpoint Security Tools window.

  2. Click the Actions button best_actions_menu_button.png on the upper-right corner.

  3. Click Full Scan.

  4. Wait for the scan to complete. You can see the progress of the scan in the timeline. Click View Details to see the details of the scan in progress. You can also pause, postpone or stop the scan.

  5. Bitdefender Endpoint Security Tools will automatically take the recommended actions on detected files. Once complete, click View Log to see detailed results.

Configuring and running a custom scan

To configure a scan for malware in detail and then run it, follow these steps:

  1. Open the Bitdefender Endpoint Security Tools main window.

  2. Click the Actions button best_actions_menu_button.png on the upper-right corner.

  3. Click New Custom Scan. The Custom Scan window will open.

  4. Configure the scanning options: Aggressive, Normal, Permissive, Custom. Use the description below the option to identify the scan level that better fits your needs.

  5. Select the target of the scan on the left-side pane.

  6. You can also configure the scan to run the task with low priority by selecting the corresponding check box. This decreases the priority of the scan process. You will allow other programs to run faster and increase the time needed for the scan process to finish.

    After configuring the custom scan, you can save it as a favourite. To do this, enter a name and click the Favourite button best_favourite_scan_button.png.

Advanced users might want to take advantage of the scan settings Bitdefender Endpoint Security Tools offers. To configure the scan options in detail, click Custom and then Settings.

Alternately, you can configure and run a custom scan by using the product command line utility. For details, refer to the Using the Command Line Interface chapter.

File types

On the File types tab, specify which types of files you want to be scanned. You can set the security agent to scan all files (regardless of their file extension), application files only or specific file extensions you consider to be dangerous.

Scanning all files provides best protection, while scanning applications only can be used to perform a quicker scan. Applications (or program files) are far more vulnerable to malware attacks than other types of files. This category includes the following file extensions:

386; a6p; ac; accda; accdb; accdc; accde; accdp; accdr; accdt; accdu; acl; acr; action; ade; adp; air; app; as; asd; asp; awk; bas; bat; bin; cgi; chm; cla; class; cmd; cnv; com; cpl; csc; csh; dat; dek; dld; dll; doc; docm; docx; dot; dotm; dotx; drv; ds; ebm; esh; exe; ezs; fky; frs; fxp; gadget; grv; hlp; hms; hta; htm; html; iaf; icd; ini; inx; ipf; isu; jar; js; jse; jsx; kix; laccdb; lnk; maf; mam; maq; mar; mat; mcr; mda; mdb; mde; mdt; mdw; mem; mhtml; mpp; mpt; mpx; ms; msg; msi; msp; mst; msu; oab; obi; obs; ocx; oft; ole; one; onepkg; ost; ovl; pa; paf; pex; pfd; php; pif; pip; pot; potm; potx; ppa; ppam; pps; ppsm; ppsx; ppt; pptm; pptx; prc; prf; prg; pst; pub; puz; pvd; pwc; py; pyc; pyo; qpx; rbx; rgs; rox; rpj; rtf; scar; scr; script; sct; shb; shs; sldm; sldx; smm; snp; spr; svd; sys; thmx; tlb; tms; u3p; udf; url; vb; vbe; vbs; vbscript; vxd; wbk; wcm; wdm; wiz; wll; wpk; ws; wsf; xar; xl; xla; xlam; xlb; xlc; xll; xlm; xls; xlsb; xlsm; xlsx; xlt; xltm; xltx; xlw; xml; xqt; xsf; xsn; xtp

  • Scan options for archives

    Archives containing infected files are not an immediate threat to the security of your system. The malware can affect your system only if the infected file is extracted from the archive and executed without having real-time protection enabled. However, it is recommended to use this option in order to detect and remove any potential threat, even if it is not an immediate threat.

  • Scan email archives

    Select this option if you want to enable scanning of email message files and email databases, including file formats such as .eml, .msg, .pst, .dbx, .mbx, .tbb and others.

What to scan?

On the Scan tab, select the corresponding check boxes to enable the desired scan options.

  • Scan boot sectors

    You can set Bitdefender Endpoint Security Tools to scan the boot sectors of your hard disk. This sector of the hard disk contains the necessary computer code to start the boot process. When a virus infects the boot sector, the drive may become inaccessible and you may not be able to start your system and access your data.

  • Scan for rootkits

    Select this option to scan for rootkits and hidden objects using such software.

  • Scan memory

    Select this option to scan programs running in your system's memory.

  • Scan registry

    Select this option to scan registry keys. Windows Registry is a database that stores configuration settings and options for the Windows operating system components, as well as for installed applications.

  • Scan for keyloggers

    Select this option to scan for keylogger software.

  • Scan for Potentially Unwanted Applications (PUA)

    A Potentially Unwanted Application (PUA) is a program that may be unwanted on the PC and sometimes comes bundled with freeware software. Such programs can be installed without the user's consent (also called adware) or will be included by default in the express installation kit (ad-supported). Potential effects of these programs include the display of pop-ups, installing unwanted toolbars in the default browser or running several processes in the background and slowing down the PC performance.

  • Scan only new and changed files

    By scanning only new and changed files, you may greatly improve overall system responsiveness with a minimum trade-off in security.

  • Scan cookies

    Select this option to scan the cookies stored by browsers on your computer.

What to do?

  • Infected files

    Files detected as infected match a malware signature in the Bitdefender Malware Signature Database.

  • Suspect files

    Files are detected as suspicious by the heuristic analysis. Suspicious files cannot be disinfected, because no disinfection routine is available.

  • Rootkits

    Rootkits represent specialized software used to hide files from the operating system. Though not malicious in nature, rootkits are often used to hide malware or to conceal the presence of an intruder into the system.

Take proper actions

Depending on the type of detected files, one or several of the following options are available:

  • Delete

    Removes detected files from the disk.

    If infected files are stored in an archive together with clean files, Bitdefender Endpoint Security Tools will attempt to delete the infected files and reconstruct the archive with the clean files. If archive reconstruction is not possible, you will be informed that no action can be taken so as to avoid loosing clean files.

  • Ignore

    No action will be taken on the detected files. After the scan is completed, you can open the scan log to view information on these files.

  • Move to quarantine

    Quarantined files cannot be executed or opened; therefore, the risk of getting infected disappears.

  • Disinfect

    Removes the malware code from the infected file and reconstruct the original file.

Checking scan logs

Each time you perform a scan, a scan log is created. The scan log contains detailed information about the logged scanning process, such as scanning options, the scanning target, the threats found and the actions taken on these threats.

You can open the scan log directly from the main window, once the scan is completed, by clicking View Log.

To check scan logs at a later time, follow these steps:

  1. Open the Bitdefender Endpoint Security Tools main window.

  2. Click the Filter button best_filter_icon.png to open the Filters menu.

  3. Click the Antimalware button. Here you can find all malware scan events, including threats detected by on-access scanning, recent scans, user-initiated scans and status changes for automatic scans.

  4. Click an event to view details about it.

  5. To open the scan log, click View Log. The scan log will be displayed.

In addition, each type of scan has its own specific folder that can be found in: [install_path]\Bitdefender\Logs\system.

In this section:
boot sectors

A rootkit is a set of software tools that offer administrator-level access to a system. The term was first used for the UNIX operating systems and it referred to recompiled tools that provided intruders administrative rights, allowing them to conceal their presence so as not to be seen by the system administrators.

The main role of rootkits is to hide processes, files, logins, and logs. They may also intercept data from terminals, network connections, or peripherals if they incorporate the appropriate software.

Rootkits are not malicious in nature. For example, systems and even some applications hide critical files using rootkits. However, they are mostly used to hide malware or to conceal the presence of an intruder in the system. When combined with malware, rootkits pose a great threat to the integrity and the security of a system. They can monitor traffic, create backdoors into the system, alter files and logs and avoid detection.

Adware is often combined with a host application that is provided at no charge as long as the user agrees to accept the adware. Because adware applications are usually installed after the user has agreed to a licensing agreement that states the purpose of the application, no offense is committed.

However, pop-up advertisements can become an annoyance, and in some cases degrade system performance. Also, the information that some of these applications collect may cause privacy concerns for users who were not fully aware of the terms in the license agreement.

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers.

Spyware's similarity to a Trojan horse is the fact that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

A sector at the beginning of each disk that identifies the disk's architecture (sector size, cluster size, and so on). For startup disks, the boot sector also contains a program that loads the operating system.

A rootkit is a set of software tools that offer administrator-level access to a system. The term was first used for the UNIX operating systems and it referred to recompiled tools that provided intruders administrative rights, allowing them to conceal their presence so as not to be seen by the system administrators.

The main role of rootkits is to hide processes, files, logins, and logs. They may also intercept data from terminals, network connections, or peripherals if they incorporate the appropriate software.

Rootkits are not malicious in nature. For example, systems and even some applications hide critical files using rootkits. However, they are mostly used to hide malware or to conceal the presence of an intruder in the system. When combined with malware, rootkits pose a great threat to the integrity and the security of a system. They can monitor traffic, create backdoors into the system, alter files and logs and avoid detection.

Adware is often combined with a host application that is provided at no charge as long as the user agrees to accept the adware. Because adware applications are usually installed after the user has agreed to a licensing agreement that states the purpose of the application, no offense is committed.

However, pop-up advertisements can become an annoyance, and in some cases degrade system performance. Also, the information that some of these applications collect may cause privacy concerns for users who were not fully aware of the terms in the license agreement.

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers.

Spyware's similarity to a Trojan horse is the fact that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

A rootkit is a set of software tools that offer administrator-level access to a system. The term was first used for the UNIX operating systems and it referred to recompiled tools that provided intruders administrative rights, allowing them to conceal their presence so as not to be seen by the system administrators.

The main role of rootkits is to hide processes, files, logins, and logs. They may also intercept data from terminals, network connections, or peripherals if they incorporate the appropriate software.

Rootkits are not malicious in nature. For example, systems and even some applications hide critical files using rootkits. However, they are mostly used to hide malware or to conceal the presence of an intruder in the system. When combined with malware, rootkits pose a great threat to the integrity and the security of a system. They can monitor traffic, create backdoors into the system, alter files and logs and avoid detection.

A keylogger is an application that logs anything you type.

Keyloggers are not malicious in nature. They can be used for legitimate purposes, such as monitoring employees or children activity. However, they are increasingly being used by cyber-criminals for malicious purposes (for example, to collect private data, such as login credentials and social security numbers).