Issue

• In the Padvish malware detection log (Threats), you have encountered cases where you view Ignore Or Access Denied, and you want to determine the reason for this

Short Description

In short, not removing the malware could be for one of the following reasons:

1. According to the system administrator’s settings, suspicious malware files are not automatically deleted and are in manual decision mode. (Diagnosis of the type PUA And Heur fall into this category) In these cases, the Padvish prevents the suspicious file from running but does not delete/clean it without user intervention.

2. Malware that is done on read-only storage media such as CDs or DVDs can be removed/cleansed because the media is read-only and merely prevented.

3. Malware in certain conditions that are zipped (such as solid files) is not possible to delete and restore the zip file or it will be very time-consuming. In these cases, the user will notify of the diagnosis, and if he decides, it is possible to delete the entire zip file.

4. Virus-infected files (File Infector) need disinfection of the malicious code from the file, but the file structure is broken and can not be repaired. These files are usually not executable at all due to corruption and only contain malware signatures. In these cases, Padvish announces malware detection and leaves the file to the user’s decision to prevent unwanted deletion of user information.

You can read more about each of the above and how to deal with it through the Padvish antivirus below.

If, after review, you find that your subject is different from the following and is of a different type, please contact Padvish support to check the issue and your system.

Diagnosis of the type PUA (Potentially Unwanted Application) 

PUA Or Potentially Unwanted Application which is «The program that is probably unwanted» is also known as a group of programs that are on the borderline between healthy and malicious software. These programs are not malware in nature and have healthy and reasonable everyday use, but due to their features and capabilities, their presence in the system may be unwanted and harmful.

for example:

1. The Network Traffic Sniffers or keyloggers. These types of programs may be used by the network administrator for troubleshooting or may be installed by the parents as a control portal, but on the other hand, they may be used by someone else in the system for intrusion. Therefore, in such cases, the antivirus notifies the user of the existence of the software and leaves the decision to the user. 

2. Remote software that runs without a message or user interface. Such software is safe if the user is aware of its existence and uses it, but if it is installed on the system by an intruder, it is necessary to inform the user of the existence of the program.

3. Healthy software contains ads that are used by some users, but others may be unaware of their presence and dissatisfied with the ads.

4. , etc.

How to find a diagnosis of this type

In Padvish, all diagnoses with the word PUA start from this category.

Method of collision

In this case, there are several ways you can delete unwanted programs:

1. Responding to the antivirus alerts (Real-time protection or scanner) and selecting the delete/cleanup option on the relevant system

2. Changing the scanner settings in the Padvish Management Console (Change Client Settings> Padvish AV> Scanner) to an automatic state and performing a scan on the corresponding client

3. Right-clicking on the detection log in the podium management console and select the option Run Disinfection for the selected item Select. (Padvish Management Consoles 1.14 series and higher)

Suspicious malware files Heur

In addition to signature and pseudo-execution diagnostic methods, Padvish has a machine learning-based artificial intelligence engine which will detect new and unknown types of malware that have not been detected by any antivirus. Diagnostics are based on Padvish intelligent engine named Heur and is of the type of suspicious (uncertain) detection.

The user can change the degree of sensitivity of the smart engine, its accuracy, and its rigor in detecting new malware. Selecting higher sensitivities allows more malware to be detected, but it also increases the likelihood of detecting healthy software that uses reverse-engineered escape these methods or has structures and behaviors close to malware.

In addition to these diagnoses – similar to unwanted programs PUA – it is considered as a type of malware detected, and dealing with them is a function of the settings made in this section.

How to find a diagnosis of this type

In the Padvish all diagnoses with the word PUA start from this category.

Method of collision

The method of dealing with this type of malware is similar to the method of dealing with PUA.

Read-only media

If the malware is detected in a read-only media such as CD/If DVD, read-only flash drive, or shared folder, naturally not possible to modify or delete the malware file. Therefore, in this type of diagnostics, the scan only prevents malware from running and infecting the system (Denial of access ), and the log records it.

How to find a diagnosis of this type

Diagnoses that are read-only in the media are of this type. To clear these items from other malware detection logs, go to the DeviceID Note column that indicates the hardware ID of the relevant media.

Method of collision

In this case, since the media does not have the possibility of rewriting, there is no way to solve the problem except by copying the relevant media.

Remove the malware from the zip file

Padvish can detect malware inside compressed files, and during the scan, it scans the contents of these files and notifies the user if there will be any malware. Note that the malware inside the zip file is inanimate and archived malware and can not be run, but must be removed from the zip file before execution, in this case, they will be immediately detected and cleaned by the real-time protection of the Padvish. Therefore, the purpose of scanning zip files is to detect malware that has been archived in backups and the like and does not require an immediate response.

If malware is detected in the zip file, Padvish also offers the possibility of automatic malware removal from the zip file for the user’s convenience. This is possible for common types such as zip And 7z. It is embedded, and one of its limitations is that it is not a compressed Solid file. Because how to compress Solid files is to delete a file, all the files must first be extracted and then re-compressed, which may be very time-consuming for various reasons and require free disk space.

If for any reason it is not possible to delete the file from the zip file automatically, Padvish announces the existence of malware and asks the user how to deal with it.

How to find a diagnosis of this type

To clear these types of diagnoses, pay attention to the file name in the log. Detections occurred inside the zip file with the file name, a colon (:), and then the path inside the zip file is specified. (for example c: \ path \ file.zip: somefile.exe)

Method of collision

There are two ways to delete the entire zip file:

1. On the relevant system, at the end of the scan, click on the «Some things need your attention» link and select the option to delete the zip file from the displayed list. A message appears to ensure that the entire zip file is deleted, which will be deleted upon reply.

2. Right-click on the detection log in the Padvish Management Console and select the Run Disinfection For Selected Item option. (Padvish Management Consoles 1.14 Series and higher)

Virus-infected files

A virus (besides worms and trojans) is a specific type of malware that hides its malicious code inside a safe executable file. To clean the virus, deleting the file is not a solution and leads to deleting the executable file and system failure, so the malicious virus code must be extracted from the executable file, and a healthy file must be reproduced in a complex operation. Padvish Anti-Virus can clean malicious code and reproduce a healthy file from a virus file and performs this operation automatically on viruses.

In some cases, due to errors in the virus code, or software/hardware incidents, the executable file structure may be corrupted and therefore not erasable. In many cases, these file types are not executable, and their contents are so cluttered that they can no longer be used. In addition, some anti-viruses do not remove all the signs of the virus when it is disinfected and even after removing, the signature of the virus in these files is detected by other anti-viruses. Padvish detects these file types during the virus file cleanup process and stops the cleanup operation without changing the file to protect the user’s information. In these cases, the file deletion operation is not performed by Padvish, because the file contains malicious and healthy codes, so only file execution and system infection is prevented (Denial of access), and the decision to delete these files is left to the user.

How to find a diagnosis of this type

All virus types detection will begin with the “virus” word. If it is not detected from previous types (It should not be read-only on the media) it is clear that the reason for not clearing is related to the corruption of the executable file structure (In these cases, there is a good chance that the file will not run at all).

Method of collision

There are two ways to delete an infected file:

1. On the relevant system, at the end of the scan, click on the «Some things need your attention» link and select the option to delete the zip file from the displayed list.

2. Right-click on the detection log in the Padvish Management Console and select the Run Disinfection For Selected Item option (Padvish management consoles 1.14 Series and higher ).