onbox

Custom Scan with version 2018.9.2.8988

Recommended Posts

the new version of emsisoft now scans fewer objects with the same configuration of Custom Scan?

version 2018.9.2.8988 / objects analyzed  246316  versus  version 2018.9.2.8968 /   objects analyzed  404806

version 2018.9.2.8988

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    18/10/2018 07:04:07 p.m.

Analizados    246316
Encontrados    0

Fin del análisis:    18/10/2018 08:47:33 p.m.
Duración del análisis:    1:43:26

version 2018.9.2.8968

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    09/10/2018 11:24:40 a.m.

Analizados    404806
Encontrados    0

Fin del análisis:    09/10/2018 01:38:18 p.m.
Duración del análisis:    2:13:38

Share this post


Link to post
Share on other sites

The amount of objects scanned is somewhat dependent on the database, and what it tells the scanner to check. Especially if the PUP option is enabled.

Share this post


Link to post
Share on other sites

But surely every (file) object (or maybe every executable file object) needs to be scanned if one's looking for PUPs? 

The two examples above - 9 days apart - seem to show the same scan options, and the file-extension filter is off.  So why thus wouldn't every file be examined?   (Always assuming that the number of files on the computer concerned hasn't changed much in that period.)   404k files vv 246k files is a huge difference.   I'd want to know why 158 thousand files weren't examined.

Share this post


Link to post
Share on other sites
26 minutes ago, JeremyNicoll said:

But surely every (file) object (or maybe every executable file object) needs to be scanned if one's looking for PUPs? 

The two examples above - 9 days apart - seem to show the same scan options, and the file-extension filter is off.  So why thus wouldn't every file be examined?   (Always assuming that the number of files on the computer concerned hasn't changed much in that period.)   404k files vv 246k files is a huge difference.   I'd want to know why 158 thousand files weren't examined.

The number of files has not changed, the scan settings are the same and that's why I also wonder why the amount of files decreased so drastically.

 

1 hour ago, GT500 said:

The amount of objects scanned is somewhat dependent on the database, and what it tells the scanner to check. Especially if the PUP option is enabled.

The scan settings are the same for both...

Did the same thing happen to someone?

Share this post


Link to post
Share on other sites

Note that I didn't say every file wasn't scanned, just that the amount of objects scanned can vary. "Objects" aren't just files, and can include other things (such as registry entries). The rules dictating what "objects" to scan will change as the database is updated.

 

On 10/19/2018 at 3:20 PM, JeremyNicoll said:

But surely every (file) object (or maybe every executable file object) needs to be scanned if one's looking for PUPs?

The PUP scan is more selective than that. PUPs aren't malicious, they don't use the same tactics as malware, and they follow certain patterns. After all, they're generally trying to look legitimate so that they won't be removed. This actually makes them easier to check for, and scanning everything on the drive isn't necessary to find them.

Share this post


Link to post
Share on other sites

Just out of curiosity, are you still seeing vastly different amounts of scanned objects with each scan?

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

Just out of curiosity, are you still seeing vastly different amounts of scanned objects with each scan?

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    22/10/2018 05:51:20 p.m.

Analizados    259037
Encontrados    0

Fin del análisis:    22/10/2018 07:06:18 p.m.
Duración del análisis:    1:14:58

Share this post


Link to post
Share on other sites

Had you done just Windows Updates (you know cumulatives etc) when you did the scan on the 9th October ?

Share this post


Link to post
Share on other sites
33 minutes ago, stapp said:

Had you done just Windows Updates (you know cumulatives etc) when you did the scan on the 9th October ?

Will he have to see the updates?

Capturar_2018_10_22_23_34_39_120.png.23ae532f4c79724fea18aecc97512d97.png
Download Image

Share this post


Link to post
Share on other sites

> Note that I didn't say every file wasn't scanned, just that the amount of objects scanned can vary. "Objects" aren't just files, and can include other things (such as registry entries). The rules
> dictating what "objects" to scan will change as the database is updated.

OK; in the context though of a custom scan that has asked for all files to be scanned, with no file-extension filter specified, will all of them be scanned?

 

> The PUP scan is more selective than that. PUPs aren't malicious, they don't use the same tactics as malware, and they follow certain patterns. After all, they're generally trying to look
> legitimate so that they won't be removed. This actually makes them easier to check for, and scanning everything on the drive isn't necessary to find them.

I suppose that makes sense if the scan was only for PUPs, but in a scan that has asked for everything including PUPs (which I would expect to mean that every file will be inspected for any kind of malware but the scanner will aditionally consider if any are PUPs) I would expect every file to be examined.

 

Share this post


Link to post
Share on other sites
8 hours ago, JeremyNicoll said:

OK; in the context though of a custom scan that has asked for all files to be scanned, with no file-extension filter specified, will all of them be scanned?

They're supposed to be.

 

14 hours ago, onbox said:

Will he have to see the updates?

I doubt I'll need to see them.

Out of curiosity, how many files are on the drive you were scanning? If it's less than the number of scanned objects, then that means it is more than likely scanning all of the files on the drive.

Share this post


Link to post
Share on other sites
On 10/18/2018 at 10:23 PM, onbox said:

the new version of emsisoft now scans fewer objects with the same configuration of Custom Scan?

version 2018.9.2.8988 / objects analyzed  246316  versus  version 2018.9.2.8968 /   objects analyzed  404806

version 2018.9.2.8988

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    18/10/2018 07:04:07 p.m.

Analizados    246316
Encontrados    0

Fin del análisis:    18/10/2018 08:47:33 p.m.
Duración del análisis:    1:43:26

version 2018.9.2.8968

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    09/10/2018 11:24:40 a.m.

Analizados    404806
Encontrados    0

Fin del análisis:    09/10/2018 01:38:18 p.m.
Duración del análisis:    2:13:38

the new version now scans fewer files than before:

Configuraciones del análisis:

Tipo de análisis: 
Objetos: Rootkits, Memoria, Trazas, C:\

Detectar PUP: Activado
Análisis de archivos: Activado
Análisis de archivos de correo: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Acceso directo al disco: Desactivado

Inicio del análisis:    5/01/2019 11:00:46 a. m.

Analizados    163063
Encontrados    0

Fin del análisis:    5/01/2019 11:31:38 a. m.
Duración del análisis:    0:30:52

Share this post


Link to post
Share on other sites
On 1/5/2019 at 9:09 PM, onbox said:

the new version now scans fewer files than before:

That can happen with changes to the scanning algorithms.

Note that it isn't reporting the number of "files" scanned, but rather the number of "objects" scanned. This includes registry entries and files associated with them that are scanned before the file scan starts.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.