1 of 1 people found this helpful
I would imagine they are files that are in the database as cleared already but did you check att the "Scan Targets" in the interface? If you missed one then it will report that as not scanned.
By the way in Windows Vista, 7 and 8/8.1 it is best to right-click the downloaded Stinger and run as Administrator.
I've moved this to Malware Discussions and hopefully someone from the labs may see it and post.
Hi thanks for the reply,
Ah I see. So would that list of files that are cleared already be one that stinger builds for the local machine on successive runs?
I double checked the scan targets and they all look okay. Incidentally, for testing I did a scan of just one folder on the C:\ with no additional targets selected and I get a similar % of files not scanned.
Summary Report on C:\Software
Not Scanned:........... 257
Possibly Infected:..... 0
With the 'report all' swtiched on I can confirm that the there are 584 files listed in the log.
The end game I am trying to achieve is submitting an md5 hash to stinger in the custom threat list for a file that it will scan. I want to see how it reports this hit so that I can create an automated report using the logs as input. Rest assured though I'm not asking for help with the report script.
I came across this issue because in that folder C:\Software I have put two text files. Both of the md5 hash values I have added to the threat list however it seems they are not being scanned.
I can replicate the same issue with two seperate files in a folder on their own. the result is a statement of "2 files not scanned". This confuses me so I need to find out what the deal is with the not scanned files.
Any help much appreciated
I really have no idea. I'll send a message to a contact of mine at the labs and hope he's on duty. I'll ask him to post here.
The large not scanned file count on Win7 is a side effect a new rootkit scanning method we've implemented in Stinger. If you uncheck rootkit scanning (advanced --> settings --> scan targets --> rootkits), the not scanned file count will be minimal. If you were to uncheck process, registry and boot sectors options as well - then Stinger will only scan the folder(s) specified to scan.
The custom blacklist feature is limited to PE files. (exe, dll, sys). Please enter the hash of a program executable file for a detection to trigger. (text files won't get a hit).
Here is an example output - the detection name will have the Stinger!<first 12 characters of MD5 hash of file>.
Copyright© 2014, McAfee, Inc. All Rights Reserved.
AV Engine version v5610.1040 for Windows
Virus data file v1000.0 created on Dec 17, 2013
Ready to scan for 6326 viruses, trojans and variants.
Custom scan initiated on Wednesday, December 18, 2013 15:50:44
C:\Users\Vinoo\Desktop\Test\PDFEdit.exe [MD5:7ed66eeb6b1f27ad072fed197cc5d54d] is infected with Stinger!7ed66eeb6b1f
C:\Users\Vinoo\Desktop\Test\PDFEdit.exe has been Deleted
For more details, read the section "How can I add custom detections to Stinger?"" under http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx
Thank you for such prompt and helpful info. This has answered my question and help with the overall task I've been given.
all the best,