Jump to content
Sign in to follow this  
Merlin_

KAV scans inside restore points?

Recommended Posts

Viruses often hide in restore points, is Kaspersky able to scan inside the restore point files to remove the viruses?

 

If a restore point is made while you have a virus, and then you clean the virus, the virus still appears in the restore point. So if you restore the restore point, then you bring the virus back.

 

If Kaspersky is installed, will it scan the restore point to make sure that the virus is eliminated?

Share this post


Link to post

Yes. KIS even lets me know if there is legitimate stuff that can be riskware in restore files. If you find malware in System Restore, post back in "virus related issues" for speedy, competant and friendly support.

Share this post


Link to post

Can anyone else comment on this? I've heard Symentec and McAfee are unable to do this...

 

Just because KAV reports the restore file being scanned, it doesn't mean that it can actually look inside to remove the viruses. For example, KAV can scan a password protected zip file, but it can't scan inside of one. KAV will still report that the file was scanned though.

Share this post


Link to post

KAV can scan the restore point. Just try for yourself when you have a malware on your PC. You'll see.

Share this post


Link to post

Yes. And if I go to Scan-Settings-Customize-Scan Password Protected Archives....... I see that this is unchecked if "Default" was selected before I selected "Customize". If I check "Scan Password Protected Archives", then I think I am correct in thinking that the inside of the file will be scanned, not just the "non-inside". If I don't check this, then I will be notified that the file is password protected.

Share this post


Link to post
no, then kav will ask for the password and if it recieves it, then it will scan the archive. it is impossible to scan password protected files without knowing the password.

399434[/snapback]

 

I have 2 messages from KIS about password protected archives, but i dont know the passwords. (must take a look later what archives exactly). But im sure that i never set

passwords for them.

If there is malware inside i think KIS detect them when executed !?

Share this post


Link to post

If I supply the password, then it will scan the "inside". It wouldn't merely scan a permitted archive without "looking in". Same with a restore point. It looks "inside", not just "not inside". EDIT: Re: Original Poster, post#3.

Edited by richbuff

Share this post


Link to post
Can anyone else comment on this? I've heard Symentec and McAfee are unable to do this...

 

Just because KAV reports the restore file being scanned, it doesn't mean that it can actually look inside to remove the viruses. For example, KAV can scan a password protected zip file, but it can't scan inside of one. KAV will still report that the file was scanned though.

399388[/snapback]

Am I incorrect in thinking that Kaspersky, when scanning a file, "actually looks inside", even if it is a restore file or a password protected file (with password supplied)? Or does Kaspersky just scan the "not-inside" part of the file?

Share this post


Link to post
Viruses often hide in restore points, is Kaspersky able to scan inside the restore point files to remove the viruses?

 

If a restore point is made while you have a virus, and then you clean the virus, the virus still appears in the restore point. So if you restore the restore point, then you bring the virus back.

 

If Kaspersky is installed, will it scan the restore point to make sure that the virus is eliminated?

399375[/snapback]

Scan the restore points and find nasties, yes.

Remove nasties from the restore points, no. Only the OS can delete the restore points (if you shut down System Restore).

 

Paul

Share this post


Link to post

Thank you, Lucian, for making it clear that Kaspersky Can and will remove viruses from restore files and protected files (when password is supplied) by unpacking as needed and doing its thing to the entire file as needed to eliminate the viruses from within the file. (I don't know about the other guys that OP mentioned). I wouldn't want anyone to "hear" that Kaspersky can't, and not be corrected. EDIT: If infected restore points can't be cleaned as p2u and OP says, they can be removed. Protected archives can be cleaned, if password is supplied.

Edited by richbuff

Share this post


Link to post

p2u seems to be in line with what Kaspersky says.

 

According to Kaspersky's Corp Support, Kaspersky will scan the file only.

 

This is a very good question and I have found that Kaspersky will scan the restore point and detect threats within them.

 

With Kaspersky you will not have the ability to clean or disinfect the threat within the restore point. You will just be notified that the restore point is infected.

 

What we recommend is to delete the restore point in question and or create a new restore point with your cleaned machine.

 

 

Thank You Sir.

 

Daniel Spinosa

Corporate Support Engineer

Edited by Merlin_

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.