Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Encrypted Hard drives


  • Please log in to reply
6 replies to this topic

#1 Nici

Nici

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:04:34 PM

Posted 11 July 2014 - 02:20 PM

Got a new Lenovo windows 8.1 Yoga Thinkpad. I am new to windows 8 and am not quite sure how to use all of the features yet.

For security purposes, I encrypted the had drive with the bitlocker program, and am now unable to run certain malware tools unless I unencrypt the whole c:\drive.

MS saftey Scanner and Norton, both run fine, but, Malwarebytes will not run at all because there is no access; how then, does the malware set in if the drive is not accessible?


Edited by hamluis, 11 July 2014 - 03:52 PM.
Moved from Win 8 to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 TDubbed

TDubbed

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 11 July 2014 - 02:29 PM

Check this out. The guy in the post says that Malware Bytes does not support Bitlocker drives. I'm not sure if this is true or not, but it would explain your problem with only malwarebytes.

 

https://groups.google.com/forum/#!topic/alt.comp.anti-virus/YzGTNk4DtDs

 

I hope this helps.



#3 Nici

Nici
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:04:34 PM

Posted 13 July 2014 - 06:05 PM

Yes, It was helpful.

Thanx TDubbed

 

P.S. Forgot to ask again, " how does malware know where to set if the drive is encrypted?


Edited by Nici, 13 July 2014 - 06:18 PM.


#4 Kilroy

Kilroy

  • BC Advisor
  • 3,282 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:03:34 PM

Posted 13 July 2014 - 09:28 PM

Drive encryption only has to do with physical access.  Once you have software access to the drive it behaves, for the most part, the same way an unencrypted drive behaves.  Malware doesn't have be rewritten to infect an encrypted drive.



#5 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:01:34 PM

Posted 14 July 2014 - 03:02 AM

Malwarebytes Anti-Malware 2.x only supports scanning of drives encrypted with TrueCrypt when using the rootkit scanner. Other encryption methods are not supported at this time.

You can do a regular threat scan with other encryption methods but you need to disable the rootkit scanning option.

Reference: Common Questions, Issues, and their SolutionsProgram Information, #5.

HTH


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#6 Nici

Nici
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:04:34 PM

Posted 16 July 2014 - 09:12 PM

Thanks Guys. Very Helpful. Still learning.



#7 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:09:34 PM

Posted 19 July 2014 - 01:42 AM

Putting things in a different way... Malwarebytes Anti-Malware 2.0 WILL work with bitlockered drives, but you cannot use the rootkit scanning functionality. The rest works.

 

Go to "Settings" / "Detection and Protection" / Under "Detection Settings" deselect "Scan for rootkits". (I have one bitlockered laptop on which I run MBAM 2.0 premium with this setting alongside Kaspersky)

 

"how does the malware set in if the drive is not accessible?"

The drive IS accessible for most things. I suspect that for the rootkit scanning, Malwarebytes needs use some very low level (beneath the OS techniques) and hence gets tripped up by the bitlocker layer

 

x64.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users