Author Topic: Disabling Firefox's browser.download.manager.scanWhenDone  (Read 8512 times)

0 Members and 1 Guest are viewing this topic.

Gav

  • Guest
Disabling Firefox's browser.download.manager.scanWhenDone
« on: June 07, 2011, 01:09:37 AM »
Hello,

Following an upgrade to Firefox 4.x I ran into cases of Firefox downloads being canceled.  Based on some research and experimentation, I think what happened is Firefox used to support two settings which I had configured:

browser.download.manager.skipWinSecurityPolicyChecks = false
browser.download.manager.scanWhenDone = true

but the Firefox developers removed support for that first setting in the newer release.  So after I upgraded my downloads started getting canceled because Windows Security Policy checks were now performed.  It appears my downloads are canceled because I have Windows Internet Properties -> Security Settings -> Internet -> Launching applications and unsafe files set to Disable.  I purposely cranked up the Internet zone settings so as to minimize the chances that IE will directly (or indirectly, via a program that uses the browser control) burn me (my IE isn't protected against threats the way my Firefox with security extensions is.  I only use IE for a few sites which are added to my Trusted Sites list.  This worked well for awhile.

One way to fix this is lower that Internet zone security setting to Prompt.  I'm considering that.  Another way, mentioned in various places, is to set scanWhenDone to false.  However, it appears that may affect antivirus scanning.  To what degree I'm not sure, as I've seen some comments which suggest that it only blocks a deprecated interface for antivirus scanners.

What are the implications (affects on Avast scanning) of disabling Firefox's browser.download.manager.scanWhenDone?

FWIW.. Avast 6.0.1125 on fully patched XP Pro system (soon to be replaced with Windows 7 Pro system)

Thanks in advance for any info you can share!


 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #1 on: June 07, 2011, 03:28:26 AM »
The short answer is that you have nothing to worry about because firefox doesn't appear to have a clue as to how to get this to work in avast (thank god). So even with what was the default setting to scan when done it didn't work with avast and many other AVs.

I disabled this when it first came out before I found out it didn't work and I have had zero adverse effects. I haven't touched my Windows Security Policy, but even so I don't see how this would be effecting you as you aren't "Launching applications and unsafe files set to Disable." You are just downloading them to your system and not running or installing them directly.

Also if the browser.download.manager.skipWinSecurityPolicyChecks = false is no longer supported then does that entry still exist in about:config, it doesn't in mine and if it isn't there to check it shouldn't be taking any notice of the IE settings. Mine are set to Prompt anyway, but this really has nothing to do with downloads as far as I can tell.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Gav

  • Guest
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #2 on: June 07, 2011, 04:38:37 AM »
I think where there used to be two settings to give one finer control over things there is now only one.  IOW, I think scanWhenDone didn't affect windows security policy checks in the past but now it does.  For reference:

Unable to save or download files page @ Mozillazine (may be having some probs atm)...
http://kb.mozillazine.org/Unable_to_save_or_download_files

Google cache of the above...
http://webcache.googleusercontent.com/search?q=cache:JExXaHkix1wJ:kb.mozillazine.org/Unable_to_save_or_download_files+&cd=1&hl=en&ct=clnk&gl=us&source=encrypted.google.com

I've verified that Launching applications and unsafe files, when set to disabled, causes my downloads to be canceled.  If I temporarily flip it to prompt they work.  Shrug.

FWIW, after I posted I thought to try downloading one of the easier eicar test files (eicar.com for example) via HTTPS.  Regardless of how I adjusted the settings I previously mentioned, Avast detected the threat.  Although at times there was a tiny lag as if Avast discovered the new file via a periodic filesystem change report rather than the scan being immediately triggered once the download was complete.  I don't know enough about how Avast works, quite frankly, to confidently test things.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #3 on: June 07, 2011, 02:49:49 PM »
These settings don't effect how avast works.

If downloading over an http connection then the web shield would be scanning that traffic (and may alert even before a file is completely finished downloading). If downloading over https it won't be monitoring the traffic, but the fie system shield will be there as another line of defence for newly created files (which downloads would be).

So in the case of the https eicar test, depending on the file type (eicar.com file) that would be scanned, files that represent an immediate risk if infected would be scanned (executable files, etc.), .zip (archive) and inert files (.txt, etc.) wouldn't be scanned on creation.

Unfortunately I can't replicate your problem as I said my downloads complete without problem and I don't have the browser.download.manager.skipWinSecurityPolicyChecks entry present and my browser.download.manager.scanWhenDone set to False. I also have what is in effect the default setting for Windows Internet Properties, Security Settings, Internet, Launching applications and unsafe files set to Prompt (images in my last post).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Gav

  • Guest
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #4 on: June 08, 2011, 12:03:26 AM »
Hi again DavidR,

Given how your system is currently configured, it makes sense that you aren't running into the "canceled Firefox downloads due to windows security policy settings" issue.  In order to see it with Firefox 4, scanWhenDone must be set to its default of true and the site you are downloading the exe from must be one for which the Windows Internet Option "Launching applications and unsafe files" is disabled.  IOW, you would have to attempt to replicate it to replicate it.  Which isn't worth the time unless one wanted to test Avast in some way.

Once upon a time I thought having the browser be AV-aware made some sense, as I believed at the time there might be scenarios where something downloaded could be acted upon by the browser before the AV program would normally catch it.  One potential example being the downloading of active content (such as javascript, java, ...) via HTTPS where said content is parsed/executed by the browser as it is downloaded rather than after it has been [fully] written to the filesystem and fully scanned by the AV program's filesystem hooks.  Theoretically at least, a browser (or extension/plugin, etc) doesn't HAVE to write some content to the filesystem at all... it could simply retrieve it into memory (via an encrypted connection which can't be scanned by ordinary proxies).  In which case, it would seem advantageous for the browser to be able to explicitly invoke an AV scan of that content via special AV interface.

I don't know whether the potential attack vector described applies to modern browsers and AV programs... or directly relates to the scanWhenDone setting... but figured I'd mention it and see what you and others think.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #5 on: June 08, 2011, 01:17:51 AM »
Sorry, but I only go so far as changing the windows security setting of the default (prompt) to prove a point isn't something I'm prepared to do.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #6 on: June 08, 2011, 01:46:55 AM »
OK, against my better judgement I have run some tests, but I don't think it is testing avast in any way.

1. changed the windows "Launching applications and unsafe files" to disabled and left scanWhenDone at false. Downloaded the free avast version 54MB done in seconds.

2. windows "Launching applications and unsafe files" on disabled and changed scanWhenDone to true. Attempted to downloaded the free avast version 54MB twice. It was cancelled both times.

3. changed the windows "Launching applications and unsafe files" to prompt again and left scanWhenDone at true. Downloaded the free avast version 54MB download appeared to start (unlike 2 above where nothing happened) but was extremely slow, I stopped and deleted the attempt.

4. Everything back to what I had on 1 above. Windows "Launching applications and unsafe files" to prompt and scanWhenDone at false. Downloaded the free avast version 54MB again done in done in seconds.

All I'm seeing is an issue with firefox and windows security settings (overly strict custom settings perhaps) and firefox not being able to initiate an avast scan when done, which I knew about prior to this. The file scanned by the file system shield (newly created file) when the download completed and not initiated by firefox, which would/should have used ashquick.exe as a command line scanner.
« Last Edit: June 08, 2011, 01:48:26 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Gav

  • Guest
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #7 on: June 08, 2011, 04:41:56 AM »
FWIW, I only said what I said in my last message to make absolutely sure we were on the same page.  Many say "I can't replicate/duplicate..." to indicate that they tried changing settings, etc to create the scenario in question but they simply didn't see the behavior that someone reported (tried being implied).  I really wasn't expecting, or requesting, that you try.  That Firefox/Windows issue is a known issue.  However, you did go on to try... even though reluctant... my compliments to you.

Do you have any thoughts on the second part of my recent post?  Your choosing to disable scanWhenDone suggests that you think it of no benefit and thus you may believe that scenarios like the one I described won't/can't happen.  However, if I may, I'd like to try to be sure of that because for all I know you might agree that such scenarios exist but you cover that base in a different way (do you sandbox your browser, for example?).



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #8 on: June 08, 2011, 02:43:36 PM »
I think the scanWhenDone is more gimmick than use, certainly in the case of avast! as any download using http will be scanned by the web shield and newly created files (those downloaded) depending on file type would be scanned by the file system shield.

That is why I set the scanWhenDone to false when it first cam out on firefox, this before I found out it didn't work.

Many people already use download managers or firefox add-on (the extend the basic firefox download function) which you can actually set them to do that if you wish (adding the full path to ashquick.exe). But what probably hacked me of was the impudence of Mozilla to set this scanWhenDone to true by default, when there is no GUI option to disable it. The user has to be know about the setting on how to reverse it using about:config.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

miscreant

  • Guest
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #9 on: June 08, 2011, 09:54:53 PM »
I always thought firefox used windows defender ,to scan downloads when done as there is a setting in windows defender real-time (scan downloaded files and attachments) for that also.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Disabling Firefox's browser.download.manager.scanWhenDone
« Reply #10 on: June 08, 2011, 10:18:40 PM »
No as not every system will have windows defender, it is trying to use whatever AV it is that you have installed and failing miserably with many AVs. That is why setting it up as the default action without any GUI option to change that is so crazy.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security