Skip to main content

Scanning for malware

The main objective of Bitdefender Endpoint Security Tools is to keep your computer free of malware. This is achieved by scanning accessed files, email messages, and any new files downloaded or copied to your computer in real time. Apart from real-time protection, it also allows running scans to detect malware and remove it from your computer.

You can scan the computer whenever you want by running default tasks or your own scan tasks (user-defined tasks). Scan tasks specify the scanning options and the objects to be scanned. If you want to scan specific locations on your computer, or to configure the scan options, configure and run a custom scan.

You can view the progress of the scanning process in the Events timeline.

Scanning a file or folder

You should scan files and folders whenever you suspect they might be infected. Right-click the file or folder you want to be scanned and select Scan with Bitdefender Endpoint Security Tools. The scan starts and you can monitor the progress on the Events timeline.

At the end of the scan, you can see the result. For detailed information, click View Log.

Running a quick scan

Quick Scan uses in-the-cloud scanning to detect malware running on your system. Running a quick scan usually takes less than a minute, and uses a fraction of the system resources needed by a regular virus scan.

Quick Scan is configured by default to allow scanning for:

  • Running processes, boot sectors, and registry

  • Critical memory regions

  • Only new and changed files

  • rootkit, adware, spyware and dialer applications in critical OS paths such as: %windir%\\system32\\, %temp%, /etc, /lib.

  • Potentially Unwanted Applications (PUA).

To run a quick scan, follow these steps:

  1. Open the main window of Bitdefender Endpoint Security Tools.

  2. Click the best_actions_menu_button.png Actions button in the upper-right corner.

  3. Click Quick Scan.

  4. Wait for the scan to complete. You can see the progress of the scan in the timeline. Once completed, click View Log to see the detailed results.

Running a full scan

The Full Scan task scans the entire system for all types of malware threatening its security, such as viruses, spyware, adware, rootkits and others.

Note

Because a Full Scan performs a thorough scan of the entire system, the scan may take a while. Therefore, it is recommended to run this task when you are not using your computer.

If you want to scan specific locations on your computer, or to configure the scanning options, configure and run a custom scan. For more information, refer to Configuring and Running a Custom Scan.

Before running a full scan, make sure Bitdefender Endpoint Security Tools is up to date in terms of malware signatures. Scanning your computer using an outdated signature database may prevent Bitdefender Endpoint Security Tools from detecting new malware found since the last update. For more information, refer to Updates.

Full Scan is configured to allow scanning for:

  • Running processes, boot sectors and registry

  • Email archives and network files from all drives, including removable ones

  • rootkits, adware, spyware, keylogger and dialer applications, on all drives, including removable ones

  • Potentially Unwanted Applications (PUA)

  • Browser cookies

To run a full scan, follow these steps:

  1. Open the main window of Bitdefender Endpoint Security Tools .

  2. Click the best_actions_menu_button.png Actions button in the upper-right corner of the window.

  3. Click Full Scan.

  4. Wait for the scan to complete. You can see the progress of the scan in the timeline. Click View Details to see the details of the scan while in progress. You can also pause, postpone, or stop the scan.

  5. Bitdefender Endpoint Security Tools automatically takes recommended actions on detected files. Once completed, click View Log to see detailed results.

Configuring and running a custom scan

To configure a scan for malware, in detail, and then run it, follow these steps:

  1. Open the main window of Bitdefender Endpoint Security Tools.

  2. Click the best_actions_menu_button.png Scan Tasks button in the upper-right corner.

  3. Click New Custom Scan.

    The Custom Scan window is displayed.

  4. Choose one the scanning options: Aggressive, Normal, Permissive, or Custom. Use the description below each option to identify the scan level that better suits your needs.

  5. Select the target of the scan in the left-side pane.

  6. You can also configure the scan to run the task with low priority by selecting the corresponding check box. This decreases the priority of the scan process, allows other programs to run faster, and increases the time needed for the scan process to finish.

    After configuring the custom scan, you can save the settings as a favourite item. To do this, enter a name and click the best_favourite_scan_button.png Favourite button.

Advanced users might want to take advantage of the scan settings that Bitdefender Endpoint Security Tools offers. To configure the scan options in detail, click Custom , and then Settings.

Alternatively, you can configure and run a custom scan by using the product command line utility. For details, refer to Using the Command Line Interface.

File types

In the File types tab, specify which types of files you want to be scanned. You can set the security agent to scan all files (regardless of their file extension), application files only, or specific file extensions you consider to be dangerous.

Scanning all files provides the best protection, while scanning only applications can be used to perform a quicker scan. Applications (or program files) are far more vulnerable to malware attacks than other types of files. This category includes the following file extensions:

386; a6p; ac; accda; accdb; accdc; accde; accdp; accdr; accdt; accdu; acl; acr; action; ade; adp; air; app; as; asd; asp; awk; bas; bat; bin; cgi; chm; cla; class; cmd; cnv; com; cpl; csc; csh; dat; dek; dld; dll; doc; docm; docx; dot; dotm; dotx; drv; ds; ebm; esh; exe; ezs; fky; frs; fxp; gadget; grv; hlp; hms; hta; htm; html; iaf; icd; ini; inx; ipf; isu; jar; js; jse; jsx; kix; laccdb; lnk; maf; mam; maq; mar; mat; mcr; mda; mdb; mde; mdt; mdw; mem; mhtml; mpp; mpt; mpx; ms; msg; msi; msp; mst; msu; oab; obi; obs; ocx; oft; ole; one; onepkg; ost; ovl; pa; paf; pex; pfd; php; pif; pip; pot; potm; potx; ppa; ppam; pps; ppsm; ppsx; ppt; pptm; pptx; prc; prf; prg; pst; pub; puz; pvd; pwc; py; pyc; pyo; qpx; rbx; rgs; rox; rpj; rtf; scar; scr; script; sct; shb; shs; sldm; sldx; smm; snp; spr; svd; sys; thmx; tlb; tms; u3p; udf; url; vb; vbe; vbs; vbscript; vxd; wbk; wcm; wdm; wiz; wll; wpk; ws; wsf; xar; xl; xla; xlam; xlb; xlc; xll; xlm; xls; xlsb; xlsm; xlsx; xlt; xltm; xltx; xlw; xml; xqt; xsf; xsn; xtp

  • Scan options for archives

    Archives containing infected files are not an immediate threat to the security of your system. The malware can affect your system only if the infected file is extracted from the archive, and executed without having real-time protection enabled. However, it is recommended to use this option in order to detect and remove any potential threat, even if it is not an immediate threat.

  • Scan email archives

    Select this option if you want to enable scanning of email message files and email databases, including file formats such as .eml, .msg, .pst, .dbx, .mbx, .tbb.

What to scan?

In the Scan tab, select the corresponding check boxes to enable the desired scan options.

  • Scan boot sectors

    You can set Bitdefender Endpoint Security Tools to scan the boot sectors of your hard disk. This sector of the hard disk contains the necessary computer code to start the boot process. When a virus infects the boot sector, the drive may become inaccessible, and you may not be able to start your system and access your data.

  • Scan for rootkits

    Select this option to scan for rootkits and hidden objects using such software.

  • Scan memory

    Select this option to scan programs running in the memory of your system.

  • Scan registry

    Select this option to scan registry keys. Windows Registry is a database that stores configuration settings and options for the Windows operating system components, as well as for installed applications.

  • Scan for keyloggers

    Select this option to scan for keylogger software.

  • Scan for Potentially Unwanted Applications (PUA)

    A Potentially Unwanted Application (PUA) is a program that may be unwanted on the endpoint and sometimes comes bundled with freeware. Such programs can either be installed without the user's consent (in which case it is called adware) or included by default in the express installation kit (in which case it is an ad-supported application). Potential effects of these programs include the display of pop-up windows, installing unwanted toolbars in the default browser, or running several processes in the background and slowing down the PC performance.

  • Scan only new and changed files

    By scanning only new and changed files, you may greatly improve the overall system responsiveness with a minimum trade-off in security.

  • Scan cookies

    Select this option to scan the cookies stored locally by browsers.

What to do?

  • Infected files

    Files detected as infected match a malware signature in the Bitdefender Malware Signature Database.

  • Suspect files

    Files are detected as suspicious by the heuristic analysis. Suspicious files cannot be disinfected, because no disinfection routine is available.

  • Rootkits

    Rootkits represent specialized software used to hide files from the operating system. Though not malicious in nature, rootkits are often used to hide malware, or to conceal the presence of an intruder on the endpoint.

Take proper actions

Depending on the type of detected files, one or several of the following options are available:

  • Delete

    Removes detected files from the disk.

    If infected files are stored in an archive together with clean files, Bitdefender Endpoint Security Tools attempts to delete the infected files and reconstruct the archive with the clean files. If archive reconstruction is not possible, to avoid losing clean files, you are informed that no action can be taken.

  • Ignore

    No action is taken on the detected files. After the scan is completed, you can open the scan log to view information about these files.

  • Move to quarantine

    Quarantined files cannot be executed or opened; therefore, there is no risk of getting infected.

  • Disinfect

    Removes the malware code from the infected file and reconstructs the original file.

Checking scan logs

Each time you perform a scan, a scan log is created. It contains detailed information about the logged scanning process, such as scanning options, the scanning target, the threats found, and the actions taken on these threats.

After the scan is done, you can open the scan log directly from the main window by clicking View Log.

To check scan logs at a later time, follow these steps:

  1. Open the main window of Bitdefender Endpoint Security Tools.

  2. Click the best_filter_icon.png Filters button to open the Filters menu.

  3. Click the Antimalware button. This section contains all malware scan events, including threats detected by on-access scanning, recent scans, user-initiated scans, and status changes for automatic scans.

  4. Click an event to view further details.

  5. To open the scan log, click View Log.

In addition, each type of scan has its own specific folder which can be found in: [install_path]\Bitdefender\Logs\system.

In this section:
boot sectors

A rootkit is a set of software tools that offer administrator-level access to a system. The term was first used for the UNIX operating systems and it referred to recompiled tools that provided intruders administrative rights, allowing them to conceal their presence so as not to be seen by the system administrators.

The main role of rootkits is to hide processes, files, logins, and logs. They may also intercept data from terminals, network connections, or peripherals if they incorporate the appropriate software.

Rootkits are not malicious in nature. For example, systems and even some applications hide critical files using rootkits. However, they are mostly used to hide malware or to conceal the presence of an intruder in the system. When combined with malware, rootkits pose a great threat to the integrity and the security of a system. They can monitor traffic, create backdoors into the system, alter files and logs and avoid detection.

Adware is often combined with a host application that is provided at no charge as long as the user agrees to accept the adware. Because adware applications are usually installed after the user has agreed to a licensing agreement that states the purpose of the application, no offense is committed.

However, pop-up advertisements can become an annoyance, and in some cases degrade system performance. Also, the information that some of these applications collect may cause privacy concerns for users who were not fully aware of the terms in the license agreement.

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers.

Spyware's similarity to a Trojan horse is the fact that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

A sector at the beginning of each disk that identifies the disk's architecture (sector size, cluster size, and so on). For startup disks, the boot sector also contains a program that loads the operating system.

A rootkit is a set of software tools that offer administrator-level access to a system. The term was first used for the UNIX operating systems and it referred to recompiled tools that provided intruders administrative rights, allowing them to conceal their presence so as not to be seen by the system administrators.

The main role of rootkits is to hide processes, files, logins, and logs. They may also intercept data from terminals, network connections, or peripherals if they incorporate the appropriate software.

Rootkits are not malicious in nature. For example, systems and even some applications hide critical files using rootkits. However, they are mostly used to hide malware or to conceal the presence of an intruder in the system. When combined with malware, rootkits pose a great threat to the integrity and the security of a system. They can monitor traffic, create backdoors into the system, alter files and logs and avoid detection.

Adware is often combined with a host application that is provided at no charge as long as the user agrees to accept the adware. Because adware applications are usually installed after the user has agreed to a licensing agreement that states the purpose of the application, no offense is committed.

However, pop-up advertisements can become an annoyance, and in some cases degrade system performance. Also, the information that some of these applications collect may cause privacy concerns for users who were not fully aware of the terms in the license agreement.

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers.

Spyware's similarity to a Trojan horse is the fact that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

A rootkit is a set of software tools that offer administrator-level access to a system. The term was first used for the UNIX operating systems and it referred to recompiled tools that provided intruders administrative rights, allowing them to conceal their presence so as not to be seen by the system administrators.

The main role of rootkits is to hide processes, files, logins, and logs. They may also intercept data from terminals, network connections, or peripherals if they incorporate the appropriate software.

Rootkits are not malicious in nature. For example, systems and even some applications hide critical files using rootkits. However, they are mostly used to hide malware or to conceal the presence of an intruder in the system. When combined with malware, rootkits pose a great threat to the integrity and the security of a system. They can monitor traffic, create backdoors into the system, alter files and logs and avoid detection.

A keylogger is an application that logs anything you type.

Keyloggers are not malicious in nature. They can be used for legitimate purposes, such as monitoring employees or children activity. However, they are increasingly being used by cyber-criminals for malicious purposes (for example, to collect private data, such as login credentials and social security numbers).