I found a virus file not detected by LDAV, and I want to scan for that same file on all my other systems. Viruses are notorious for changing the filenames, but the file itself is identical. So I created a custom definition based solely on the file size and checksum, and then tried to search recursively using only %windir% in the path. Even after manually puting the file in a test folder, I'm not getting any results on a manual vulscan of the system (custom defs enabled in agent and in S&R settings). Are there limitations to the use of the checksum/size? Can I use just checksum and leave out the file size? Do I need to use an actual filename or can it be left without a file name and used as a wildcard? Am I missing something key here. I'm using LD8.8SP4 if it matters. Thanks in advance.
↧