KAV Quick Scan not performing as documented

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

KAV Quick Scan not performing as documented

Postby mbmast » Nov 19 04 3:22 am

I've run KAV quick scan with two settings: "clean file / folder" and "delete / folder".

Here is what the documentation says:

Action- Select what action you want to perform to the selected file(s). Your options are-

· Clean the file / folder – if unsuccessful, you will be presented with the option of deleting.

· Delete the file / folder – sends the infected files/folders to your Recycle Bin.

· Leave the file – this option neither cleans nor deletes, it simply leaves the file/folder where it was. This is not recommended, as it is potentially dangerous if you forget that the file/folder is infected with a virus.


My results differ:

Clean the file / folder - Does NOT present the option of deleting. It just says "no action taken" and moves on to the next file. Right clicking on files presented by KAV does nothing.

Delete the file / folder - Deletes the file - for good! Does not send it to they recycle bin. I confirmed the properties for the recycle bin: it is NOT configured to automoatically delete files, therefore files deleted by KAV Quick Scan should have gone to the recycle bin - but they did not.

I consider this a serious problem. I know from running with the "clean file /folder" option that I have a virus in my outlook.pst file. KAV did not clean that file, so my plan was to run in "delete the file / folder" mode, let KAV move output.pst to the recycle bin and then after KAV ran, I'd fetch it out of the recycle bin and put it back where it belongs. I admit that a better plan would have been to make a copy of it on a drive that was not being scanned AND to put it in the KAV exlude list. I had to stop KAV from running because smaller, infected files that KAV reported as deleted did not appear in the recycle bin, so I stopped it before it got to outlook.pst.

Short of backing up my entire drive (20GB) before scanning, how do I ensure that files deleted by KAV will be retrievable? Without this, I can't run KAV quick scan.

Thanks,

Mike.
mbmast
 
Posts: 21
Joined: Nov 12 04 5:11 pm

Postby Pascal » Nov 19 04 9:22 am

Are you running the latest version of KAV? With the latest updates downloaded?

I ran a quick scan yesterday on files I knew to be infected (EICAR plus a few others we'd kept in a quarantine for testing purposes) and were presented with the option to delete the files when I right-clicked.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby mbmast » Nov 19 04 10:49 am

I will try right clicking again. You've not addressed the issue of files being deleted (for real) without being moved to the recycle bin.

Mike.
mbmast
 
Posts: 21
Joined: Nov 12 04 5:11 pm

KAV Quick Scan not performing as documented - CONFIRMED!!

Postby mbmast » Nov 20 04 5:46 am

I have confirmed the following:

1. If the file is "infected" then you can right click and choose delete.

2. No matter how you delete an infected file (by either choosing option "clean" and then right clicking and deleting, or choosing option "delete" and letting KAV Quick Scan do the delete without user intervention), the deleted file DOES NOT appear in the recycle bin.

This is contrary to the documentation. This really means that in practice, you cannot choose the "delete file / folder" option in KAV Quick Scan. Doing so let's KAV **permanently** delete a file that, given the opportunity, you may have chosen to keep.

The only work-around to this problem that I am aware of:

Installing the very cool Systems Internals Fundelete program. According to the gurus at Systems Internals, the Recycle Bin is supplied deleted files only when the file is deleted by Explorer. If a running application deletes a file (like KAV Quick Scan) or a file is deleted from inside a command window (DOS box), then the file does not appear in the Recycle Bin. Fundelete (oddly named to avoid legal problems with another company that somehow owns the rights to the word "undelete"), replaces the Recycle Bin, hooks file operations at the Kernel level and adds all files that are deleted (no matter how they are deleted) to the replacement recycle bin. I loaded a test infected file on my system (EICAR test virus), let KAV Quick Scan delete the file and sure enough, it was in the Fundelete Recycle bin.

Mike.
mbmast
 
Posts: 21
Joined: Nov 12 04 5:11 pm


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 20 guests