VirusBarrier--do scans cross user sessions?

Discussion in 'Mac Apps and Mac App Store' started by Tripod33, Apr 30, 2010.

  1. Tripod33 macrumors newbie

    Joined:
    Apr 30, 2010
    #1
    Should be simple/general question:

    Installed Intego VirusBarrier X6 successfully yesterday on my fully updated Snow Leopard Imac...and then Obsessively ran full and quick scans from MY (admin) session...all totally clean (so far, so good, right?)

    Then I signed into my son's logon (of course Same machine)--he definitely hadn't been on in between...and ran a scan...and found two infected files.

    My Question/statement: I assumed that Full Scan would scan the ENTIRE Machine...yet finding the infected files in his logon (after multiple clean (including full) scans from my login/session ) lead me to believe that only common files and the person's session that peforms the scan are checked...is this true?

    If true...does that mean other users are inherently protected from viruses in other peoples login/session files?

    Maybe I just don't get how macs work yet?

    Any help or insight would be appreciated.

    Two disclaimers:

    1) Yes I know about the debate re. whether AV software's even necessary....please spare me the flaming :) that's not what this is about.

    2) I have opened an inquiry with the vendor...but based on experiences with other vendors (e.g. Lavasoft and Acronis...I expect nothing useful back.
     
  2. mstrze macrumors 68000

    Joined:
    Nov 6, 2009
    #2
    How were these files 'infected'? There are no viruses in existence for the Mac OS. Do you run Windows as well?

    I guess I also share your thinking that running something that checks a disk in an Admin account should check the entire hard drive...except maybe the files that are currently being accessed and used by the Admin account. Perhaps the 'infections' were found in one of your Admin accts' files?
     
  3. Tripod33 thread starter macrumors newbie

    Joined:
    Apr 30, 2010
    #3
    Thanks for the reply mstrze - I still have to research the nature of the files...I get what you are saying about the MAC/Windows virus differentiation...read volumes about it before purchase...I will get back on those details...

    But, respectfully, whether they are mac or windows infected (or even if they are truely infected) is irrelevant for now...

    I just need to know why the "infected files" in his domain could not be detected until a scan was run within his domain.
     
  4. mstrze macrumors 68000

    Joined:
    Nov 6, 2009
    #4
    Were they found in HIS domain...i.e. within his USER file structure...or within the home admin folder...which might make more sense, as I said, with a program not being able to scan programs/files that are currently running.

    Does the virus program give you a location where it found the files? if you could post that, that might clear up a few things.
     
  5. Tripod33 thread starter macrumors newbie

    Joined:
    Apr 30, 2010
    #5
    Here you go... In short...they were in HIS directory structure...

    From the Product Logs: (I should have probably done a quarantine instead of a "repair"...but looks like the "repair" deleted them)

    Comment Malware 'W32/Fraud.AntiSpywareExpert.AD' eradicated from file 'install_asm_en.exe …'
    Path /Users/XXXXXX/Downloads/install_asm_en.exe

    Comment Malware 'OSX/RSPlug.N' eradicated from file 'Modest_Mouse-Edit_the_Sad_Parts.dmg …'
    Path /Users/XXXXXX/Downloads/Modest_Mouse-Edit_the_Sad_Parts.dmg


    Of course, the XXXXXX is his loginname (just being safe by removing; )

    It clearly looks like he downloaded something...but Hopefully (and I don't think so) he never entered his password to install... (I had read and told him about the importance of that...

    I actually found some info on the vendor's website about the OSX/RSPug.N one...indicating it was a video codec (which I know are a huge red flag)... If the article was correct...it further implies that it was not installed...because I do not see any of the DNS modification syptoms...or any other virus type behavior.

    Of course, although all of that is interesting ...but mainly want to know why I had to signed in as him for the scan to pick it up...am I going to have to do scans on both signins moving forward etc. etc.

    For the record...I do not have a Windows partion/operating system/ etc. running on my mac...only leopard/snow leopard.
     
  6. mstrze macrumors 68000

    Joined:
    Nov 6, 2009
    #6
    Well, then you won't ever have to worry about .exe files as they won't even run on your Mac. He can download viruses to his heart's content as .exe files and you will have no worries. ;)

    I guess you do have to run the virus scan in each username to get all the files unless there is a setting/preference that allows you to scan the ENTIRE drive. Worth looking for.
     
  7. Tripod33 thread starter macrumors newbie

    Joined:
    Apr 30, 2010
    #7
    First of all mstrze... thanks so much for your interest and help on this...

    re. exe files...roger that..

    I knew I should have included the following in the beginning: I thought (and I'm still a VirusBarrier newbie here) that I chose the whole drive, literally clicking on an image of it...but your point is a good and logical one...maybe somehow I was NOT selecting the whole computer...that would be the desired outcome for me...because at least it would make sense...

    I will regroup and try to check more closely on how/if I'm inadvertently asking for subset scan...
     
  8. 3rd Doctor macrumors member

    Joined:
    Dec 4, 2009
    #8
    To me it looks as though he has only downloaded those files, not actually executed them. As mentioned exe files will do nothing on a mac. The video codec one however will, if he hasnt executed that there is no problem, just delete it.

    Also worth noting that there are no viruses for OS X, only trojans, so as long as your son's account is not root/adminstrator and that he never enters an admin password to allow something to run he will be fine. You gave him the right advice in this regard.
     
  9. Tripod33 thread starter macrumors newbie

    Joined:
    Apr 30, 2010
    #9
    Resolved!

    Big Duh on my part...there is an option on On-demand scanning...the default (whether quick, full, etc.) is NOT to scan files owned by other users ... changed that option (silly, should probably be the other way around...especially if you are admin...)

    I generally do a lot of research before seeking help...but when dealing with potentially infected files...probably jumped the gun.

    However, the sidebar discussion and input I received re. viruses, infected files, malware really helped and put my mind at ease. And now I have this wonderful community to learn from...

    Thank you both!...
     

Share This Page