Sam73

Antivirus can see files in Secret folder. How?

Recommended Posts

Hi everyone,

Premise:

I am using Resilio to share an encrypted folder on multiple computers. One of these computer is a server running 24/7. On this server, the folder is a secret folder with its ERO key. On the other computers files are in plain text, so to say as they are mostly videos. All computers run Bitdefender as antivirus.

Nature of the problem:

On the server, my antivirus (Bitdefender) found a virus in this ERO folder (Trojan.Ciusky.Gen.13). It may be a false positive as the antivirus didn't detect it on the other computers. But the fact it wasn't detected on the other computer when I ran the scan may simply be because through the synchronisation, the Trojan had already been deleted on them as I ran the scan only after having been alerted by the warning on the server hosting the ERO version of the folder.

Questions/Problems:

1-If it's a false positive, then some files have been mistakenly destroyed in this folder. And since it's on the ERO folder on the server, I can't even find out which file(s) have been deleted to go get them back in the .sync hidden folder.

2-If it's not a false positive, how can Bitdefender scan encrypted files?

Next:

I'm going to get files I know will trigger the antivirus, like the files "Vault 7" by WikiLeaks or the NSA tools released by Shadow Brokers. I'll do a similar experiment with an ERO folder and let you know how it goes. But this time, if the antivirus is able to read the ERO files, it's going to raise some serious questions. If some of you guys want to participate in the experiment, I'll share the ERO key with the Vault 7 and Shadow Broker files here.

Thanks,

 

Share this post


Link to post
Share on other sites

It seems like it is a false positive. I'd suggest excluding whole encrypted folder from antivirus scanning - I had similar problem and excluding all encrypted files is rather the only option.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.