Sam73 Posted October 9, 2019 Report Share Posted October 9, 2019 Hi everyone, Premise: I am using Resilio to share an encrypted folder on multiple computers. One of these computer is a server running 24/7. On this server, the folder is a secret folder with its ERO key. On the other computers files are in plain text, so to say as they are mostly videos. All computers run Bitdefender as antivirus. Nature of the problem: On the server, my antivirus (Bitdefender) found a virus in this ERO folder (Trojan.Ciusky.Gen.13). It may be a false positive as the antivirus didn't detect it on the other computers. But the fact it wasn't detected on the other computer when I ran the scan may simply be because through the synchronisation, the Trojan had already been deleted on them as I ran the scan only after having been alerted by the warning on the server hosting the ERO version of the folder. Questions/Problems: 1-If it's a false positive, then some files have been mistakenly destroyed in this folder. And since it's on the ERO folder on the server, I can't even find out which file(s) have been deleted to go get them back in the .sync hidden folder. 2-If it's not a false positive, how can Bitdefender scan encrypted files? Next: I'm going to get files I know will trigger the antivirus, like the files "Vault 7" by WikiLeaks or the NSA tools released by Shadow Brokers. I'll do a similar experiment with an ERO folder and let you know how it goes. But this time, if the antivirus is able to read the ERO files, it's going to raise some serious questions. If some of you guys want to participate in the experiment, I'll share the ERO key with the Vault 7 and Shadow Broker files here. Thanks, Quote Link to comment Share on other sites More sharing options...
tiberek Posted October 25, 2019 Report Share Posted October 25, 2019 It seems like it is a false positive. I'd suggest excluding whole encrypted folder from antivirus scanning - I had similar problem and excluding all encrypted files is rather the only option. Quote Link to comment Share on other sites More sharing options...
AlexC Posted November 6, 2019 Report Share Posted November 6, 2019 It is false positive alert. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.