Antivirus can see files in Secret folder. How?

[Sam73]

Hi everyone,

Premise:

I am using Resilio to share an encrypted folder on multiple computers. One of these computer is a server running 24/7. On this server, the folder is a secret folder with its ERO key. On the other computers files are in plain text, so to say as they are mostly videos. All computers run Bitdefender as antivirus.

Nature of the problem:

On the server, my antivirus (Bitdefender) found a virus in this ERO folder (Trojan.Ciusky.Gen.13). It may be a false positive as the antivirus didn't detect it on the other computers. But the fact it wasn't detected on the other computer when I ran the scan may simply be because through the synchronisation, the Trojan had already been deleted on them as I ran the scan only after having been alerted by the warning on the server hosting the ERO version of the folder.

Questions/Problems:

1-If it's a false positive, then some files have been mistakenly destroyed in this folder. And since it's on the ERO folder on the server, I can't even find out which file(s) have been deleted to go get them back in the .sync hidden folder.

2-If it's not a false positive, how can Bitdefender scan encrypted files?

Next:

I'm going to get files I know will trigger the antivirus, like the files "Vault 7" by WikiLeaks or the NSA tools released by Shadow Brokers. I'll do a similar experiment with an ERO folder and let you know how it goes. But this time, if the antivirus is able to read the ERO files, it's going to raise some serious questions. If some of you guys want to participate in the experiment, I'll share the ERO key with the Vault 7 and Shadow Broker files here.

Thanks,

 

[tiberek]

It seems like it is a false positive. I'd suggest excluding whole encrypted folder from antivirus scanning - I had similar problem and excluding all encrypted files is rather the only option.

[AlexC]

It is false positive alert.