Results 1 to 6 of 6

Thread: Live-Protection does not scan in generally all files on writing/reading

  1. #1
    Translator Team bbnetwork's Avatar
    Join Date
    Feb 2012
    Location
    Germany- Saxony
    Posts
    595

    Default Live-Protection does not scan in generally all files on writing/reading

    Actually it seems as if the Live-Protection-Scanner does scan only Applications, if they start.
    But the Scanner dont scan all files in generally on writing and/or reading.
    If for example a new bat or txt files is getting created (writing) or opened (reading) on the computer, the Live-Protection wont scan this file automaticly.



    לשונות רעות שנפגעו שלוש פעמים: למי שמדבר, שדברו עליהם ומי שמקשיב.

    שלום

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That's correct, as a text file is not an executable.
    The Live Protection monitors every created/running process and scans each process.
    It blocks malicious processes before they start.

    Best regards
    Sandra
    Team Spybot

  3. #3
    Senior Member
    Join Date
    Sep 2006
    Posts
    456

    Default

    Quote Originally Posted by bbnetwork View Post
    If for example a new bat or txt files is getting created (writing) or opened (reading) on the computer, the Live-Protection wont scan this file automaticly.
    The following test case might make sense: Does the Live Protection do its job when a (malicious) executable is started from within the .bat file?

  4. #4
    Translator Team bbnetwork's Avatar
    Join Date
    Feb 2012
    Location
    Germany- Saxony
    Posts
    595

    Default

    Quote Originally Posted by daemon View Post
    The following test case might make sense: Does the Live Protection do its job when a (malicious) executable is started from within the .bat file?
    I will try this.

    But what if the bat itself is harmful, even without starting a executable? - The Live-Protection would not prevent against a harmful script, i guess.
    Last edited by bbnetwork; 2013-05-17 at 15:01.



    לשונות רעות שנפגעו שלוש פעמים: למי שמדבר, שדברו עליהם ומי שמקשיב.

    שלום

  5. #5
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,573

    Default

    Quote Originally Posted by bbnetwork View Post
    I will try this.

    But what if the bat itself is harmful, even without starting a executable? - The Live-Protection would not prevent against a harmful script, i guess.
    Good point that might be worth investigating... LP monitors all process creations, plus a list of most recently used files before they're even opened. Depending on the script type, it might be e.g. cmd.exe that is executed as a process. In that case, it depends on whether the code analyzing the command line is intelligent enough to detect the batch file as the important parameter.

    As for scanning all files on reading/writing, that's a performance issue. If I compare this with other AV tools, some even restrict files by type or extension even further to give the impression of a fast tool. Maybe we can make this (on-read/write-access) optional in 2.2, and maybe based on file type.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  6. #6
    Translator Team bbnetwork's Avatar
    Join Date
    Feb 2012
    Location
    Germany- Saxony
    Posts
    595

    Default

    Quote Originally Posted by bbnetwork View Post
    Actually i think, its really an issue, which maybe should be tought about for the next version, Spybots Live-Protection, actually really scans only executable files but since Spybot now have an AV-Engine, also non-exectubale files, such as images, bats, cmd, js, vbs should be included into the scan, because also they can incluse harmfull code herself or can be used to cover harmfull code.

    I knew scanning all files on reading/writing is a performance issue and since many users may have another AV in use next to Spybot, it need to be paid attention on the conflict-potential too, but, as PepoMK, sayed, depending the code, maybe its worth to think about it.
    EDIT: i wrote harmless in my previos post instead of, correctly harmfull. (Maybe the admin can remove my previos post.



    לשונות רעות שנפגעו שלוש פעמים: למי שמדבר, שדברו עליהם ומי שמקשיב.

    שלום

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •