6 Replies Latest reply on Jan 28, 2014 6:20 AM by bleepingcomputer

    McAfee Stinger 'Files not scanned' means?

    bleepingcomputer

      Hi,

       

      When I run a full scan of my C:\ I get the following results in the log:

       

      Summary Report on C:\

      File(s)

      TotalFiles:............ 1219404

      Clean:................. 157203

      Not Scanned:........... 1062201

      Possibly Infected:..... 0

       

       

      There are a large number of files listed as not scanned. Does anyone know what this means and how to overcome it? I run the scan on a Windows 7 device under an admin account. I accept the UAC warning dialogue that pops up.

       

      Many thanks,

      bleepingcomputer

        • 1. Re: McAfee Stinger 'Files not scanned' means?
          Peter M

          I would imagine they are files that are in the database as cleared already but did you check att the "Scan Targets" in the interface?   If you missed one then it will report that as not scanned.

           

          By the way in Windows Vista, 7 and 8/8.1 it is best to right-click the downloaded Stinger and run as Administrator.

           

          I've moved this to Malware Discussions and hopefully someone from the labs may see it and post.

          1 of 1 people found this helpful
          • 2. Re: McAfee Stinger 'Files not scanned' means?
            bleepingcomputer

            Hi thanks for the reply,

             

            Ah I see. So would that list of files that are cleared already be one that stinger builds for the local machine on successive runs?

             

            I double checked the scan targets and they all look okay. Incidentally, for testing I did a scan of just one folder on the C:\ with no additional targets selected and I get a similar % of files not scanned.

             

            Summary Report on C:\Software

            File(s)

            TotalFiles:............ 584

            Clean:................. 327

            Not Scanned:........... 257

            Possibly Infected:..... 0

             

            With the 'report all' swtiched on I can confirm that the there are 584 files listed in the log.

             

            The end game I am trying to achieve is submitting an md5 hash to stinger in the custom threat list for a file that it will scan. I want to see how it reports this hit so that I can create an automated report using the logs as input. Rest assured though I'm not asking for help with the report script.

             

            I came across this issue because in that folder C:\Software I have put two text files. Both of the md5 hash values I have added to the threat list however it seems they are not being scanned.

            I can replicate the same issue with two seperate files in a folder on their own. the result is a statement of "2 files not scanned". This confuses me so I need to find out what the deal is with the not scanned files.

             

            Any help much appreciated

            • 3. Re: McAfee Stinger 'Files not scanned' means?
              Peter M

              I really have no idea.  I'll send a message to a contact of mine at the labs and hope he's on duty.  I'll ask him to post here.

              • 4. Re: McAfee Stinger 'Files not scanned' means?
                vinoo

                The large not scanned file count on Win7 is a side effect a new rootkit scanning method we've implemented in Stinger. If you uncheck rootkit scanning (advanced --> settings --> scan targets --> rootkits), the not scanned file count will be minimal. If you were to uncheck process, registry and boot sectors options as well - then Stinger will only scan the folder(s) specified to scan.

                 

                The custom blacklist feature is limited to PE files. (exe, dll, sys). Please enter the hash of a program executable file for a detection to trigger. (text files won't get a hit).

                Here is an example output - the detection name will have the Stinger!<first 12 characters of MD5 hash of file>.

                Copyright© 2014, McAfee, Inc. All Rights Reserved.

                AV Engine version v5610.1040 for Windows
                Virus data file v1000.0 created on Dec 17, 2013
                Ready to scan for 6326 viruses, trojans and variants.

                Custom scan initiated on Wednesday, December 18, 2013 15:50:44

                C:\Users\Vinoo\Desktop\Test\PDFEdit.exe
                C:\Users\Vinoo\Desktop\Test\PDFEdit.exe [MD5:7ed66eeb6b1f27ad072fed197cc5d54d] is infected with Stinger!7ed66eeb6b1f
                C:\Users\Vinoo\Desktop\Test\PDFEdit.exe has been Deleted

                 

                For more details, read the section "How can I add custom detections to Stinger?"" under http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

                • 5. Re: McAfee Stinger 'Files not scanned' means?
                  Peter M

                  Thanks Vinoo.

                  • 6. Re: McAfee Stinger 'Files not scanned' means?
                    bleepingcomputer

                    Thank you for such prompt and helpful info. This has answered my question and help with the overall task I've been given.

                    all the best,