Avast WEBforum

Other => General Topics => Topic started by: Lisandro on December 09, 2005, 01:28:36 AM

Title: Temptation...
Post by: Lisandro on December 09, 2005, 01:28:36 AM
This is the first firewall in Portuguese (Brazil): Outpost firewall.
Another antivirus in Portuguese (Brazil): NOD32
Both in a full Portuguese (Brazil) webpage: http://www.protagon.com.br/home/index.php?option=com_content&task=view&id=12&Itemid=26

NOD32 is becoming more and more popular... the detection is becoming better,
response times too... we can follow at http://www.av-test.org/

How I wish we have this...
I'm being tentated to test  ;D

Where is my Portuguese webpage for avast?
Title: Re: Tentation...
Post by: szc on December 09, 2005, 03:17:08 AM
Not to mention that you don't even know when NOD32 is installed on your system until you take a look at your system tray and see that icon. It's unbelievable effective and in the same time quite light on system resources. Best of all, there is no such a thing as prolonged boot time (after logging in to Windows)... boom, type your password, hit the enter, and in just few seconds (almost literally) your up and running...
Title: Re: Tentation...
Post by: bob3160 on December 09, 2005, 03:41:51 AM
Ill be testing it on my system tomorrow. :o
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 08:38:08 AM
Hey guys!

I would just like to add that one of the main reasons i went with Nod32 over avast(i had the pro version of avast) was the scanning speed, that's right scanning speed is soooo fast with Nod32 for example avast always took around 3 hours to scan my HDD(with archive scanning and highest settings) while Nod32 does the same job(in-depth analysys that's the thoroughest scanning in Nod32) in just 35-45 minutes!

Not to mention that you don't even know when NOD32 is installed on your system until you take a look at your system tray and see that icon. It's unbelievable effective and in the same time quite light on system resources. Best of all, there is no such a thing as prolonged boot time (after logging in to Windows)... boom, type your password, hit the enter, and in just few seconds (almost literally) your up and running...

That is also true!My pc boots up way faster than it did with avast!Now don't get me wrong guys i'm not saying Nod32 is the best and avast sucks or anything like that but all i am saying is in my opinion avast pro version needs some work to become attractive enough to buy it(at least for me) .But the home version of avast is definately the best FREE AV and i recommend it to all my friends and family, i think alwil has to offer something more in the pro version if they want to get more customers(or keep the ones they have).



cheers


ReVaN
Title: Re: Tentation...
Post by: TAP on December 09, 2005, 09:32:07 AM

NOD32 is becoming more and more popular... the detection is becoming better,
response times too... we can follow at http://www.av-test.org/



I totally agree. NOD32 is almost the best antivirus I've ever seen, it's very effective (especially the detection rates) while it's extremely fast and very light on resources and NOD32's heuristics is real and so strong. I don't know how ESET can do this excellent jobs.

I can buy NOD32 about $7 in my country but unfortunately, I personally don't like NOD32, I don't like its interface and the way its configurations work so finally, it's all comes down to your preferences.
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 10:07:40 AM
I can buy NOD32 about $7 in my country but unfortunately, I personally don't like NOD32, I don't like its interface and the way its configurations work so finally, it's all comes down to your preferences.

I kindda got used to the GUI(it's actually very logical) but i hated it at first also.IMHO Bitdefender has the best GUI ever.So clean and logical.But i don't care about the GUI(ofcourse it's nice to have a good lookin' AV) the most important thing for me is the program itself and how good it does the job it was suppose to.BTW i think AVG has the ugliest GUI of all times(darn win 3.11 look) but if it were a good AV i wouldn't hesitate to use it despite the ugly GUI.


Cheers

ReVaN
Title: Re: Tentation...
Post by: igor on December 09, 2005, 10:11:40 AM
I would just like to add that one of the main reasons i went with Nod32 over avast(i had the pro version of avast) was the scanning speed, that's right scanning speed is soooo fast with Nod32 for example avast always took around 3 hours to scan my HDD(with archive scanning and highest settings) while Nod32 does the same job(in-depth analysys that's the thoroughest scanning in Nod32) in just 35-45 minutes!

I'm not saying NOD isn't fast, but you cannot simply compare the settings if you don't know what exactly they mean. The "Thorough" scan in avast! scans all files, and the whole files - every single byte of them. It is easily possible that NOD doesn't do that even on the highest settings, because it's probably an overkill (to scan everything). Besides, it would be necessary to compare the number of unpacked files from the archives... they may vary as well. So, even though you use the "highest possible setting" in each program, they may not really correspond to each other (i.e. it's not a good idea to compare the time).

I'd suggest to use the Standard Scan (with archives on) for a deep scan in avast! - it should be enough, IMHO.
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 10:16:35 AM
I'm not saying NOD isn't fast, but you cannot simply compare the settings if you don't know what exactly they mean. The "Thorough" scan in avast! scans all files, and the whole files - every single byte of them. It is easily possible that NOD doesn't do that even on the highest settings, because it's probably an overkill (to scan everything). Besides, it would be necessary to compare the number of unpacked files from the archives... they may vary as well. So, even though you use the "highest possible setting" in each program, they may not really correspond to each other (i.e. it's not a good idea to compare the time).

I'd suggest to use the Standard Scan (with archives on) for a deep scan in avast! - it should be enough, IMHO.



Igor even a fast scan with archive scanning disabled(with avast) is slower on my comp than the highest scanning setting in Nod.What do you say about that?Not to mention it detects more than avastBTW.
Title: Re: Tentation...
Post by: igor on December 09, 2005, 10:20:28 AM
As I said, I'm not saying that NOD isn't fast - just that you may be comparing uncomparable settings (thus getting a bigger difference in time than it really is).
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 10:33:05 AM
As I said, I'm not saying that NOD isn't fast - just that you may be comparing uncomparable settings (thus getting a bigger difference in time than it really is).


I get it Igor, i just wanted to make a point and that is that you guys need to work on the scanning speed.I as a user don't care which methods my AV uses to scan i just want the scan over as fast as possible.But isn't it funny how Nod detects more than avast and scans faster at the same time?
 
Title: Re: Tentation...
Post by: polonus on December 09, 2005, 11:09:19 AM
Hi ReVaN,

Nod32 is the product of choice for power users, + fast, low resource usage, - high maintenance cost (yearly).
I know once that NOD32 used a reduced database concentrating on "in the wild" viruses instead of a fully historical one. They depend on a heuristic engine for way-back and bleeding-edge issues. So the WebScanner of Avast will be surely missed.
And here it is like comparing apples and pears. AV product has the VB 100. Had difficulty finding crippled "Zoo" viruses. So it is true that NOD32 is more than hype only, and "it did not fail to catch the worm" as any "good ÄV-bird" should. Some governments see Nod32 as their product of choice (e.g. Uruguay).

greets,

polonus
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 11:12:08 AM
Damian!

Nod32 had http scanning waaaaay before avast ;)
Title: Re: Tentation...
Post by: Lisandro on December 09, 2005, 11:57:09 AM
Damian! Nod32 had http scanning waaaaay before avast ;)
ReVaN, as far I know, or you don't know how WebShield works or you overestimate Nod32 capability of scanning http traffic.
You should know exactly how WebShield works before traffic is cached in the HDD. Nod32 does not do that.
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 12:09:27 PM
Damian! Nod32 had http scanning waaaaay before avast ;)
ReVaN, as far I know, or you don't know how WebShield works or you overestimate Nod32 capability of scanning http traffic.
You should know exactly how WebShield works before traffic is cached in the HDD. Nod32 does not do that.

Hmmm i said that Nod32 has http scanning and it had it before avast.And that's all dude.I never mentioned anything about caching or anything like that.
Title: Re: Tentation...
Post by: szc on December 09, 2005, 12:33:35 PM


Hmmm i said that Nod32 has http scanning and it had it before avast.And that's all dude.I never mentioned anything about caching or anything like that.

Exactly...

And Igor... isn't there any way to make avast! starts faster at boot time and not hammering a HD the way it does... there are numerous threads I posted in explaining what's happening (and attaching all those screenshots to show my startup processes and how different applications, like those from Sysinternals, sees my processes). See here:

http://forum.avast.com/index.php?topic=17701.msg152166#msg152166

And it's not just on my end, but on other people's ends... there must be something you guys can do about it, not just saying: "...well, that's about it, we can't do much more..."

How is it even possible ? There must be something, I mean other AVs solved those problems...

Thanks in advance

P.S. I don't wanna be a pain in the rear end, but all I want is to see my belowed AV working the way we all want. That's all.
Title: Re: Tentation...
Post by: Lisandro on December 09, 2005, 02:16:36 PM
Hmmm i said that Nod32 has http scanning
Not like WebShield. Just this.

Quote
I don't wanna be a pain in the rear end, but all I want is to see my belowed AV working the way we all want. That's all.
You've stolen my thoughts  8)
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 03:10:06 PM
Hmmm i said that Nod32 has http scanning
Not like WebShield. Just this.

What don't you get?Did i say that webshield and IMON are the same thing?Or did i say Nod32 had http scanning before avast, nothing else nothing more.
Title: Re: Tentation...
Post by: Lisandro on December 09, 2005, 03:53:51 PM
Sorry, it was not my intention.
What I was trying to say is that NOD32 is a tentation for me because it seems very good.
avast scanning speed should be improved. And HTML traffic scanning of NOD32 is not like WebShield.
NOD32 has heuristics and avast not  :P

Let's forget and be friends  8)
Title: Re: Tentation...
Post by: szc on December 09, 2005, 03:59:44 PM
Hey people calm down, we all are friends and it should stay that way. Tech, you started this thread with whole idea of NO32 being tempting... and it IS the truth, NOD32 is very, very tempting. Best of al, it works unbelievable silently and efficiently.

I also saw nothing else, but normal remark comming from ReVaN, that NOD32 had similar feature even before avast! had it. He wasn't trying to speak bad things about avast!, just said some facts. All those things can help us help avast! developers build a better product. We need faster boot-time, and we need lighter antivirus. We don't need those extra bells and whistles. If I need some anti-spam (and I don't because gmail does it perfectly for me), I will find something nice, and I surelly (like many others in here) don't want to be forced to use a bunch of extra things inside the antivirus. AV should be light and does its job... after all it's antivirus, not Norton  ;D  ;D  ;D
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 09, 2005, 04:12:05 PM
Sorry, it was not my intention.
What I was trying to say is that NOD32 is a tentation for me because it seems very good.
avast scanning speed should be improved. And HTML traffic scanning of NOD32 is not like WebShield.
NOD32 has heuristics and avast not  :P

Let's forget and be friends  8)


No problem ;)


P.S:To anyone reading this we handled everything trough PM's like it should be handled ;)
Title: Re: Tentation...
Post by: szc on December 09, 2005, 04:14:56 PM
Best possible way... let's continue asking Alwil about what can be done regarding these things because we all want our AV to be without competition out there... let's try to find out some more. If other companies can make things go faster, then Alwil can do the same if not even better. Am I right or someone will start calling me names again ?!!
Title: Re: Tentation...
Post by: polonus on December 09, 2005, 04:37:55 PM
Hi folks (and I mean Tech and S.Z.Craftec),

There must ne a difference in scanning techniques. One of the postings here, by Igor is explaining much. The question remains: what of a file is actually scanned? Rather wait a bit while a thorough and decent scan takes place, then prefer a blitz scan where part of the procedure is heuristic scanning or taking some things for granted, which is right 99% of all cases, but..not always.

Also heuristic scanning can come up with a lot of strange results, especially in the range of VSB scripts found. I know that Dr. WebCureIt is doing this when the heuristics are set to tightly, for instance toolbarcop is taken as a malicious VSB script file, while a scan with toolbarcop.exe on Jotti demonstrates that only Dr. Web comes up with this FP result. I have read that script viruses is also a weak point of the heuristic part of the Nod32 scan (as are cripples Zoo viruses), it just comes with this technique. So there are more angles to a thing as it may seem to be at first sight.
But Avast wants us to be critical and feed them back with results to build their decisions on, I will always co-operate to make Avast better.

polonus
Title: Re: Tentation...
Post by: szc on December 09, 2005, 06:48:24 PM
Exactly my friend Polonus, I totally understand what's your point. It's natural... if you want something to be scanned as it should be scanned (detailed and perfectly) your antivirus needs some time, that's natural. I am sure Alwil guys would make it much faster if it's just possible, but it looks like there is not much that can be done in that area. However, my main concern was never the speed of the scanning process. I don't have problems with scanning doing its job even if it takes 2-3 hours... why ? Because I don't perform system scans every 5 minutes, doh. I don't need it to be fast, I just want it to be accurate, nothing else.

What is my main concern is the fact that many people already reported those boot-time slowdowns... what is being scanned all the time when I don't have anything in my startup items, nothing of some significance anyway. Also, don't want to go too deep into this, I am aware that I shouldn't just look what's in my startup items, I am very well aware of that, but still... I posted that link to one of my earlier replies, where I attached all those screenshots from various service-monitoring applications. Ok, in case someone missed that link, here it is one more time:

http://forum.avast.com/index.php?topic=17701.msg152166#msg152166

I still have no clue what's happening after entering the logging name and my password and entering Windows. It takes forever to see my HD LED stop flashing and finally turned off.
Simple question - why ?
Title: Re: Tentation...
Post by: Lisandro on December 09, 2005, 07:12:33 PM
I still have no clue what's happening after entering the logging name and my password and entering Windows. It takes forever to see my HD LED stop flashing and finally turned off.
Simple question - why ?
Simple answer: interaction between firewall and antivirus. The different combinations will give the final answer.
For me, Outpost startup is very quick. Kerio give me an error (cannot connect to service). ZA is slow.
I did not test other resident antivirus.
Title: Re: Tentation...
Post by: szc on December 09, 2005, 07:35:48 PM
Well I have to say, when I was testing this I uninstalled Kerio completely. I didn't even need it at that point because I could rely on my hardware router/firewall temporary. Same picture, same slowdown. As soon as I uninstalled avast! and installed NOD32, installed Comodo (later uninstalled and tested with Kerio as well), everything went back to normal.

So it doesn't look that simple to me...  ;)
Title: Re: Tentation...
Post by: Lisandro on December 09, 2005, 07:37:36 PM
So it doesn't look that simple to me...  ;)
avast is guilty  :P
Isn't it simple?  ;D
Title: Re: Tentation...
Post by: igor on December 09, 2005, 08:07:33 PM
Well, something must be causing heavy disk access during your startup... and avast! is scanning the accessed files (at least that's the only explanation coming to my mind right now).
If you really don't know what it might be, you can try to let the "OK files" be included in the report file of the Resident Protection task (you can modify the task in the Enhanced User Interface). Of course, that will cause much more disk access, so it will probably make your startup much slower again... but maybe you'll find out what is being scanned...
Title: Re: Tentation...
Post by: DavidR on December 09, 2005, 09:29:26 PM
Igor, I had a thread that went on for ages (what does avast scan on boot http://forum.avast.com/index.php?topic=14062.0) and really didn't get anywhere other than my finding Outpost being very talkative on boot and Standard Shield set on High, over 800 files were scanned on boot. Totally disabling Outpost on boot brought that down to around 250. With Outpost enabled again and Standard Shield on Normal, some 250 - 300 files are scanned.

I have virtually no programs start automatically and many windows services that are not required on my system disabled, so my system is well locked down. Yet I constantly see exe files in my Program Folders (I have two) being scanned on boot that I haven't used in months.

So I don't know why avast would scan them on boot?
Title: Re: Tentation...
Post by: polonus on December 10, 2005, 12:57:16 AM
Well Sasza,

I too have some thoughts on your questions. In this respect I think it has not much to do with the interaction between AV and FW, but it has more to do with MS "by design".

This is information with one point of view in mind  andalso a bit biased, but it leads you in this respect into a good direction. By design Microsoft Windows XP is fragmented, where MRU's are concerned, the registry is hierarchal but the information is all over the place, an extensive amount of MRU's have been altered to an ":unreadable" format for 99% of the users. So remind hierarchal, but fragmented/ Swap file keeps ghost images generated . Raw sockets access also bypasses every home firewall from the old Sygate to ZoneAlarm. The reason is that these application rely on the Windows message/event handling and MS designed the raw sockets not to report to this layer. Install for instance a TCP/IP packet crafter on WinXP SP2 to see this function in action.
Index.dat contents also include deleted files, temporary internet files. Without extreme reconfiguration of Windows end users will not see the real files, instead a generated representation drawn from this file called index.dat Registry security is mainly the end users responsibility. An ini file would be a better solution, simpler and better security wise. Furthermore a growing registry slows the system considerably.
Know the (hidden) workings of your windows OS and the design of it, and you can answer some questions better.

greets,

polonus
Title: Re: Tentation...
Post by: szc on December 10, 2005, 01:45:02 AM
I am assuring you taht no one in here maintenance their systems as I do... it's in my blood already. I do that on every other systems all around Ontario (serving our customers). Registry cleaning (wise clean, not cleaning everything you get reported as a trash  ;) ), hard drive/partition/file defragmenting, and much more, are just few of many every-day tasks we perform...

Another thing... all those OS related problems/issues... well, how come all that falls into water when I have NOD32 and Kerio installed ? All those rules should be the same, no matter which antivirus you use, but apparently that's not the case here...  ???
Title: Re: Tentation...
Post by: Lisandro on December 10, 2005, 01:49:46 AM
Sasha, did you test what Igor posted?
Title: Re: Tentation...
Post by: polonus on December 10, 2005, 01:54:56 AM
Howdy Sasza,

What do you think then that is at the root of this? What did the previous discussion in a long thread result to? If you do a scan with ClamWin, well a full one, it is a real murder, you know. Like dragging a dead horse across the desert. I know the good old A-squared scanner could not be dragged along,and this is better now. A full scan with DrWebCureIt of a whole 80 GB Windows XP machine, it is a mere 15 minutes plus 3 minutes mem scan before that. I am curious in what direction you think, my friend. Use  A really small App to see where is the hog on the cyscles.

pozdrawiam,

polonus
Title: Re: Tentation...
Post by: szc on December 10, 2005, 02:00:40 AM
I'm still not talking about the amount of the time avast! uses while I use on-demand scann. I said that in few replies. My concern is speed of the boot time after we enter Logging name and password and form the moment Windows kicks in...

See here, just few replies in the past...

Quote
...I don't have problems with scanning doing its job even if it takes 2-3 hours... why ? Because I don't perform system scans every 5 minutes, doh. I don't need it to be fast, I just want it to be accurate, nothing else.

What is my main concern is the fact that many people already reported those boot-time slowdowns... what is being scanned all the time when I don't have anything in my startup items, nothing of some significance anyway...
Title: Re: Tentation...
Post by: szc on December 10, 2005, 02:04:10 AM
Sasha, did you test what Igor posted?

Not yet, have to do that... I just checked OK files inside Resident Protection task Report file settings...

Doing reboot right now... ugh... gone already...  ;D
Title: Re: Tentation...
Post by: szc on December 10, 2005, 02:16:55 AM
Now this is even more weird than it was... Just like Igor said, boot time prolonged up to whole 3-4 minutes... and this is what I get inside the Resident Protection.txt file (report file):

Code: [Select]
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on December 9, 2005 8:11:04 PM
* VPS: 0549-4, 09/12/2005
*

And that's all... nothing else, not a single thing inside... am I looking at wrong file by any chance ?  ???

This is how report file settings are set on my end:

(http://img466.imageshack.us/img466/4544/untitled94fk.jpg)
Title: Re: Tentation...
Post by: Lisandro on December 10, 2005, 02:24:54 AM
Now this is even more weird than it was...
I love misteries  ;D
Title: Re: Tentation...
Post by: szc on December 10, 2005, 02:26:38 AM
Ok first time I had OVERWRITE EXISTING option checked (even though you can't see that on my screenshot, I took it after I unchecked that option), so I have no clue was that somehow causing my empty report file... I tried the same thing for the second time, but this time I unchecked that option.

Right now my boot time (I actually measured it with my stop-watch) was 1 minute 58 seconds. Report file size is 69,331 bytes (around 70 kb). It's full of stuff inside so I guess I have to go through everything slowly...
Title: Re: Tentation...
Post by: szc on December 10, 2005, 02:37:14 AM
Update... among million of other things I immediatelly ran on this:

Code: [Select]
[color=Red]C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\SN.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCR71.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\LIBPNG.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\ZLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PYTHON.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\GIFLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCP71.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MFC71U.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\ENGLISH\RESOURCES\FIREWORKS RESOURCES.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MMXPTRESOURCES.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSEXTENSIONS\MMNOTES.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\EMLAUNCH.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\MIX32.X32 [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\FREEHAND READER.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\GSDLL32.DLL [+] is OK[/color]

What's that all about... none of my programs run at startup, especially not that heavey programs from Macromedia I use for my web design business...  ???

Literally hundreds of QuickTime entries scanned (I don't even use it...)

Code: [Select]
[color=Red]http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://web.icq.com/whitepages/online?icq=341214661&img=5 [+] is OK
http://status.icq.com/online.gif?icq=341214661&img=5 [+] is OK
http://img466.imageshack.us/img466/4544/untitled94fk.jpg [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
C:\Documents and Settings\Alienator\Local Settings\Temporary Internet Files\Content.IE5\G5QJ85AF\spellcheck[1].js [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK[/color]

Why those avast! forum pages are being checked ? Am I really stupid and I don't understand this matter, or I'm just simply terribly missing something ?

Then I found this somewhere around the middle of the file:

Code: [Select]
[color=Red]*
* Task stopped: December 9, 2005 8:18:50 PM
* Run-time was 4 minute(s), 9 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on December 9, 2005 8:20:05 PM
* VPS: 0549-4, 09/12/2005
*[/color]

... and then literally hundreds of different programs and program parts being scanned, and many of those programs I haven't used in months...

Igor, just wanted to thank you for your respond and interest you showed... thanks a lot my friend ! But I will still need your assistance since I have no clue why all these entries are being scanned all over again...
Title: Re: Tentation...
Post by: polonus on December 10, 2005, 02:09:50 PM
Hey Sasza,

Aren't these temp files, know this stuff can grow exponentially, like flash files.
What are they?

greets,

polonus
Title: Re: Tentation...
Post by: igor on December 10, 2005, 02:23:13 PM
Update... among million of other things I immediatelly ran on this:

Code: [Select]
[color=Red]C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\SN.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCR71.DLL [+] is OK
...

What's that all about... none of my programs run at startup, especially not that heavey programs from Macromedia I use for my web design business...  ???

Either it has to be started from somewhere, or something (some other program) is "scanning" the files. If it were just the EXE file, I'd say that Explorer is touching it to extract the icon for the Start Menu - but if it's even the accompanying DLLs, it must be something else.

Code: [Select]
[color=Red]http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
...

Why those avast! forum pages are being checked ? Am I really stupid and I don't understand this matter, or I'm just simply terribly missing something ?

The whole resident protection uses the report file, including the Web Shield. Maybe you were browsing the forum?

Title: Re: Tentation...
Post by: szc on December 10, 2005, 02:43:49 PM
Hey Sasza,

Aren't these temp files, know this stuff can grow exponentially, like flash files.
What are they?

greets,

polonus

No I don't believe those are temp files... although I am not sure about those avast! forum entries, and why they are in there in the first place. Believe me or not, I have a nasty habbit to clean IE's cashe (All offline files as well) every single time I close my IE. It takes me just few seconds and I like to clean those information, especially after I visit my online banking page. How come those avast! forum entries are there ? Or are those maybe cookies or something, because I know I allowed just avast! forum cookies to be created and not erased since my sessions tend to expire a lot in this forum... and it still happens no matter what I do...

As far as Macromedia Fireworks entries goes, those are DLL (system) files...

Regarding Flash cache Polonus... all those files are being erased the second I open my SWF cache viewer. I always clean them all, because I don't need those files to be cached and stored on my computer. All SWF or FLA (flash source files) I need are my own Flash files (my flash projects and web sites) stored on 2 of my backup hard drives, nothing else.

(http://img202.imageshack.us/img202/7141/untitled98hf.jpg)
Title: Re: Tentation...
Post by: szc on December 10, 2005, 02:49:02 PM
Update... among million of other things I immediatelly ran on this:

Code: [Select]
[color=Red]C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\SN.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCR71.DLL [+] is OK
...

What's that all about... none of my programs run at startup, especially not that heavey programs from Macromedia I use for my web design business...  ???

Either it has to be started from somewhere, or something (some other program) is "scanning" the files. If it were just the EXE file, I'd say that Explorer is touching it to extract the icon for the Start Menu - but if it's even the accompanying DLLs, it must be something else.

Code: [Select]
[color=Red]http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
...

Why those avast! forum pages are being checked ? Am I really stupid and I don't understand this matter, or I'm just simply terribly missing something ?

The whole resident protection uses the report file, including the Web Shield. Maybe you were browsing the forum?

Thanks Igor, thanks again... I don't know but I don't see any possiblity that something could even request any kind of information from Fireworks. It's just a drawing utility like Photoshop is. I also have Photoshop CS2 installed, and I never saw any of those entries in report file... what's your suggestion ? How can we narrow it down to find out what's trying to dig through those applications ?

Yes I always browse these forums but as I said to Polonus in my previous reply, I always clean IE cashe manually, including all off-line files... always. Why those entries are beiung scanned all over again each time I enter Windows if I erased them previously, and how is it even possible if they are not there ?

Regards
Title: Re: Tentation...
Post by: szc on December 10, 2005, 03:53:01 PM
Also maybe this has nothing to do with anything related in this thread, but still while we are at cache... I've noticed this forum engine behavior few times...

(http://img202.imageshack.us/img202/6841/untitled94ic.jpg)

I had to cut the part of the Window just to be able to show you both, the top of the page and the bottom of the page... Spot that I am logged-out of the forum... not signed in... and still my nick-name is listed down there among other online members  ???
Title: Re: Tentation...
Post by: igor on December 10, 2005, 04:10:37 PM
Yes I always browse these forums but as I said to Polonus in my previous reply, I always clean IE cashe manually, including all off-line files... always. Why those entries are being scanned all over again each time I enter Windows if I erased them previously, and how is it even possible if they are not there?

Well, the files certainly aren't scanned if they aren't there. Maybe it was the report from your previous Windows session, before you deleted them?

Quote
Also maybe this has nothing to do with anything related in this thread, but still while we are at cache... I've noticed this forum engine behavior few times...

I also found it strange for some time - but then I read the label properly ;)
It says: "Users active in past 15 minutes"... meaning that your name may appear there even if you're logged of for 15 minutes already.
Title: Re: Tentation...
Post by: szc on December 10, 2005, 04:28:39 PM
Yes Igor and that's just I forgot to put that in my latest reply... I saw that 15 minutes note, but always (almost always) it loggs me off as soon as I log-off. My name disappears immediatelly... that's why I asked about that...

I just have no clue whay Macromedia Fireworks entries are being scanned over and over again... how to find out those things. I can't uninstall that program, it's my life  ;D
Title: Re: Tentation...
Post by: bob3160 on December 10, 2005, 04:46:41 PM
I'm still waiting for an answer as to why uninstall apps. are being scanned for programs
which have been on the system for a long time???
Title: Re: Tentation...
Post by: DavidR on December 10, 2005, 05:28:49 PM
I think you are in for a long wait ;D as you will have seen from the topic I created some time ago (what does avast scan on boot http://forum.avast.com/index.php?topic=14062.0).
Title: Re: Tentation...
Post by: szc on December 10, 2005, 05:53:01 PM
Bob read your PM, I know exactly what's causing your problem... and it has nothing to do with avast! this time. Windowblinds screwed up few system files on your machine. I have had similar problem almost 2 years ago, and the only thing that helped was format and complete reinstall of Windows and all programs. That's why I don't want to play with those buggy customizing programs any more. I wish I used to make system backups back then, it would save me a lot of time and spare me of a unbelievable hassle, but we learn from the past...

DavidR, yes you're right... it looks like we will wait quite some time for these answers. I know Alwil guys are unbelievable busy, but still, we are such a long time in here and I really trully believe our voices should be heard... we try to help many people in here, but we also need help ourselves sometimes... best of all, we are not trying to sound speaking bad about avast! It's just we want all those things to be solved, so avast! can stay on the top of our list of most useful programs ever...

We're just trying to help ourselves and Alwil to correct those issues ASAP. Are we asking much ?
Title: Re: Tentation...
Post by: RejZoR on December 10, 2005, 10:00:11 PM
I went to NOD32 because i got 1 year license for free. An offer you cannot refuse.
Considering NOD32 one of the best AVs ever designed.
After that who knows, i know i haven't left avast!. Have no intention to leave it, the same goes for AEC. I've even submitted brand new Mytob worm to Alwil first and then to others few minutes later. But i like NOD32 too so...
Title: Re: Tentation...
Post by: Lisandro on December 10, 2005, 10:13:08 PM
I went to NOD32 because i got 1 year license for free. An offer you cannot refuse.
Only if you get avast! Pro license too  ;D

After that who knows, i know i haven't left avast!. Have no intention to leave it, the same goes for AEC.
Glad to know...  8)

I've even submitted brand new Mytob worm to Alwil first and then to others few minutes later. But i like NOD32 too so...
Do you have suggestions for making the detection and submition process better?
Title: Re: Tentation...
Post by: szc on December 10, 2005, 11:25:12 PM
...
...
Only if you get avast! Pro license too  ;D
...
...

The idea of getting an avast! Pro license for free for forum regulars would be really nice... It's not like I'm crying for it or anything like that (btw I already have it), but sure it would be very nice from Alwil's side. I mean if forum regulars (members who are quite long time in here) have that much time to unselfishly help others for so long time, it would be really nice gesture from Alwil's side as well. I don't think this would be something that I'm the only one who think it would be great, it looks I am the only one who brought it here in the public. If that what I'm asking is too much, then my true apologies...

Cheers !
Title: Re: Tentation...
Post by: DavidR on December 11, 2005, 12:10:58 AM
My personal feelings on giving the Pro version to forum regulars for their help is, basically I give help because Alwil gave me the free product and I like to see people get the best out of it, not for a reward.

If all the regulars had the Pro version how long would it be before they lose touch with the Simple User Interface if you are using all the extra functionality of the Enhanced User Interface of the Pro version. I know that after a year or so of using win XP Pro I had virtually forgotten all the tips and tricks for win98.
Title: Re: Tentation...
Post by: bob3160 on December 11, 2005, 12:18:02 AM
I'm glad I bought my own liscense.
That way I don't feel any pressure or obligation when I have to complain (bitch, moan, groan) about something. ;D ;D ;D
Title: Re: Tentation...
Post by: szc on December 11, 2005, 12:20:10 AM
Well that's your personal opinion David. I didn't say REWARD, not even once... take a look at my reply again.

I simply said, nice gesture for the nice gesture. Remember one thing - literally thousands of people are users of freeware avast! version, and not all of them (not even, 1 tenth) are helping in here nor even got an idea to come here and try to help other people, so do not mix those things please.

Now after those words you said, I'm looking bad because I said something I said... I'm sorry but I see it that way. Best of all I haven't asked anything for myself since I have Pro version already. And that I also mentioned up there... here in this reply of mine is perfect explanation what I really meant.

Thank you
Title: Re: Tentation...
Post by: DavidR on December 11, 2005, 12:40:41 AM
My mention of the word reward is more along the lines of, if it became generally known that those regulars who help would be given a pro license, some might see it as a reward/target, they may even thing you got yours free ;D So ignore my mention of the words 'not for reward' and that may change the overall tone.

You needn't feel bad for mentioning it you aren't asking for yourself.
Title: Re: Tentation...
Post by: darth.mikey on December 11, 2005, 12:48:11 AM
The idea of getting an avast! Pro license for free for forum regulars would be really nice...

I'm betting if alwil did that we would have ALOT more evangelists all of a sudden haha  ;D  ;D  ;D
Title: Re: Tentation...
Post by: Lisandro on December 11, 2005, 12:49:32 AM
My personal feelings on giving the Pro version to forum regulars for their help is, basically I give help because Alwil gave me the free product and I like to see people get the best out of it, not for a reward.
David, you know our time worth more that the license price. Even Alwil team is surprised about what we do here in forums. Isn't it Vlk?
So, I won't call reward or anything related. In fact, I'm here because I've got friends, I love to help, I respect avast! free version as the best antivirus round... After all, they (Alwil and other 'old' users) deserve it. The ones who can't understand it, well, this forum isn't their place  ;D
Title: Re: Tentation...
Post by: szc on December 11, 2005, 12:50:10 AM
Well basically I've got mine for free from Alwil guys and wonderful Eda Kucera. They think it's not for free just because I made all those numberless skins and often helping in this forum. But sure I never asked for it. It just shows their respect towards me and everyone else who did something for them and this community. That's why I asked maybe it would be real nice gesture. For sure they wouldn't go broke just because of few licenses and that news would ring all over the internet. Another good publicity, and there is nothing like they are bribing someone or something like that... it's just they respect their helpers and contributors in this wonderful forum...
Title: Re: Tentation...
Post by: Lisandro on December 11, 2005, 12:58:21 AM
It's just they respect their helpers and contributors in this wonderful forum...
I'm absolutely sure they respect us. Eduard, thanks  8)
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 11, 2005, 01:03:59 AM
Forget the license i want the off-topic back....
Title: Re: Tentation...
Post by: Lisandro on December 11, 2005, 01:07:01 AM
Forget the license i want the off-topic back....
Well, now you're starting a fight will our beloved Pavel  ;D
Where is he by the way?  ::)
Title: Re: Tentation...
Post by: szc on December 11, 2005, 01:18:40 AM
Forget the license i want the off-topic back....


Hahahahahaha !!!!

I always wanted to say this:

TITO, Will you just SHUT UP !!!!!!!!

 ;D  ;D  ;D  ;D  ;D  ;D  ;D  ;D
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 11, 2005, 01:32:50 AM
Forget the license i want the off-topic back....
Well, now you're starting a fight will our beloved Pavel  ;D
Where is he by the way?  ::)

C'mon Tech you miss the off-topic as much as i do...  ;D
I also don't have a clue where Pavel is i haven't seen him post for a while(but then i've been away for some time so i don't now what's been happening here lately)  ???

Hahahahahaha !!!!

I always wanted to say this:

TITO, Will you just SHUT UP !!!!!!!!

 ;D  ;D  ;D  ;D  ;D  ;D  ;D  ;D

Don't you miss the ranting Sasha? hahahaha  ;D  ;D  ;D

EDIT:I forgot to add SORRY for turning another thread into off-topic....  ;D  ;D  ;D
Title: Re: Tentation...
Post by: szc on December 11, 2005, 01:35:43 AM
I miss Tito... I'm sure you do too...
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 11, 2005, 01:36:40 AM
I miss Tito... I'm sure you do too...

Yes even though he died before i was born hahaha  ;D OK now i'll shut up....  :-X
Title: Re: Tentation...
Post by: TAP on December 11, 2005, 05:10:01 AM
I went to NOD32 because i got 1 year license for free. An offer you cannot refuse.
Considering NOD32 one of the best AVs ever designed.
After that who knows, i know i haven't left avast!. Have no intention to leave it, the same goes for AEC. I've even submitted brand new Mytob worm to Alwil first and then to others few minutes later. But i like NOD32 too so...

I for one that can't leave avast!.

I believe avast! can be better and better but I don't want extra bells and whistles or super-unique features all I want from an antivirus (avast!) is  "faster and lighter scanner with excellent detection rates and fast or fastest response time for every malware not only ITW"
Title: Re: Tentation...
Post by: szc on December 11, 2005, 03:17:19 PM
Back to Boot time issues... I just found this reply akallevi made in WISHLIST thread... I personally believe it's wonderful and all he says makes so much sense. Of course, I may be wrong, but I want to draw Alwil's people attention to it. Here it isL

http://forum.avast.com/index.php?topic=12640.msg151939#msg151939

...
...
...snip
As for the "'ashserv.exe' taking up to 90% of CPU time" issue which is in the above wishlist, I also get that which I see has been an unresolved issue in the forum since March, '05. I do believe it stated around the 4.6 update. When I look for the items being scanned at the time of massive CPU usage by the Standard Shield, one time it was a simple LOG text file which it was scanning over and over again (have since excluded it), but usually the files being scanned are EXE's of which I have never used for a while. And no, I don't have a scheduled scan. Maybe the deal is that Avast is scanning files that XP (which I have) compressed due to lack of use (6 months).  And that the system has to "open" the file and then scan it.  But why is ashserv.exe scanning these files in the first place when I haven't told it to??  Now therein lies the issue........
snip...
...
...

I think he is onto something here... can you Alwil guys comment this ? And also what I am interested in mostly is, how to excluse certain files from Boot-time scanning avast! is performing if it's even possible ? There must be a solution for this problem. I mean I know it may be not that huge issue for most users, but certainly it's annoying... unbelievable annoying. I take my 17" wide screen laptop everywhere with me when doing my Web/Flash/Multimedia in general presentations to my potential clients and customers. When I open it it really takes just few seconds to start the system and enter Windows logging screen. But the problem arrives after the logging in... It scans more than 1 and a half minutes, sometimes even 2 minutes. I mean, I am not trying to be a pain in the rear end, but it's quite annoying because we all know how fastpaced this business World is, especially here in this boiling Toronto. They simply do not have that much time to spend... and when they ask me why is it taking that long to boot, and see our avast! blue ball spinning like crazy, I have to tell them that my antivirus is doing some regular boot-up scan   :-X

I repeat, I tried uninstalling avast! completely and removing all traces I could find... installed NOD32 just for testing purposes. Unbelievable difference. It literally takes 15 - 20 (tops) seconds to start my notebook. Boom, and I'm right in there... ready to open my presentations and go. Problem solved... well, partially... the only problem left is... I simply DO NOT want to use NOD32 or any other AV if my beloved AV can fix its problems... simple as that.

It's not the biggest problem just because avast! icon spins all the time, but because sometimes it's really impossible to even open START panel... it takes few (3-5) seconds to open it... so you can imagine how long it would take to start some 1,5 Mb or even 15 Mb presentation...

That's the only reason I'm bringing this up and truly hope someone from Alwil will be so nice to dedicate some of their precious time to check this and at least give it a good bashing and try to solve this issue once for ever...

Thank you Alwil in advance, you are great, but as we all are, you too are just human beings made of flash and bones. We completely understand your position and I'm not telling you are not trying hard nor giving your best to bear with us... but in this case, I really think I am not speaking about some stupid graphic issue, but I'm talking about something very, very important...I know how annoying bringing of graphic issues could be for some of you as well as for some of forum members, because many think that graphic is not important... but the truth is, you simply can NOT sell the product if it doesn't come in good package. I'm into designing business more than 17 years by now and I really know what I'm talking about.. ok, not professionally, but as a freelance... but still...

So, please take some time to see what's going on and what's being scanned so long...

Thanks in advance!
Regards,
Sasha
Title: Re: Tentation...
Post by: Lisandro on December 12, 2005, 01:09:02 AM
And also what I am interested in mostly is, how to excluse certain files from Boot-time scanning avast! is performing if it's even possible ?
Me too. If it's possible to have an inmunize or innoculate option... mark the files and do not scan them in boot time, it will be very good.
Maybe a checksum but it could take longer than scanning.

But certainly it's annoying... unbelievable annoying.
Yeah, boot time delays are really annoying. Maybe we can think in a solution for this.
Startup Delayer is not one of them... Even using very 'delayed' startup, avast takes a lot of time to load and, with it, all other applications that a user could have into startup items.

But the problem arrives after the logging in... It scans more than 1 and a half minutes, sometimes even 2 minutes.
Mine either.

I have to tell them that my antivirus is doing some regular boot-up scan   :-X
Me too... but I always blame against the firewall first  ;D

I simply DO NOT want to use NOD32 or any other AV if my beloved AV can fix its problems... simple as that.
8)

That's the only reason I'm bringing this up and truly hope someone from Alwil will be so nice to dedicate some of their precious time to check this and at least give it a good bashing and try to solve this issue once for ever...
It would be nice.
Title: Re: Tentation...
Post by: bob3160 on December 12, 2005, 05:29:43 AM
Quote from: S.Z.Craftec on Today at 07:17:19 AM
That's the only reason I'm bringing this up and truly hope someone from Alwil will be so nice to dedicate some of their precious time to check this and at least give it a good bashing and try to solve this issue once for ever...
Quote
It would be nice.
It wouldn't only be nice, it's something Alwil needs to do if it intends to stay as a viable contender in this business. IMHO


P.S.
Shouldn't the title of this thread be Temptation ???
Title: Re: Tentation...
Post by: ..::ReVaN::.. on December 12, 2005, 08:26:38 AM
Shouldn't the title of this thread be Temptation ???

I was wondering about that too....
Title: Re: Tentation...
Post by: Lisandro on December 12, 2005, 01:24:15 PM
It wouldn't only be nice, it's something Alwil needs to do if it intends to stay as a viable contender in this business. IMHO
I've tested today with the report for OK files turned on.
I'm terrified about what avast scans at startup. I have to prepair a full (long) report about it  :(

Shouldn't the title of this thread be Temptation ???
Yes, my typo.
Title: Re: Temptation...
Post by: bob3160 on December 12, 2005, 02:16:13 PM
Quote
Yes, my typo.
If it was your typo, then why not make it your fixo???  ;D ;D
Title: Re: Temptation...
Post by: szc on December 13, 2005, 02:20:50 PM
Alwil, can I get any feedback on this one please ?

http://forum.avast.com/index.php?topic=17951.msg153010#msg153010

I mean, I tried really hard to explain everything in that reply I made, and I still believe I was pretty much objective... all I need to know is, is there any light at the end of that tunnel ?

Thanks in advance !
Title: Re: Temptation...
Post by: ..::ReVaN::.. on December 13, 2005, 08:10:12 PM
Alwil, can I get any feedback on this one please ?

http://forum.avast.com/index.php?topic=17951.msg153010#msg153010

I mean, I tried really hard to explain everything in that reply I made, and I still believe I was pretty much objective... all I need to know is, is there any light at the end of that tunnel ?

Thanks in advance !

I think Sasha deserves an answer here.... I don't think he's asking for much here.Just a little advice and help from you alwil guys.
He is one of the most important forum members here, he has helped many many users here in the forum and he made so many wonderful skins for your program yet he never asked anything in return...Now is it too much to ask for 5 minutes of your time?


P.S: I also think alwil could say a simple THANK YOU to all those wonderful avast forum evangelists that have helped THOUSANDS of users here... I don't think that is too much to ask do you?

Thanks

Mikey

Title: Re: Temptation...
Post by: bob3160 on December 13, 2005, 08:29:02 PM
Quote
I think Sasha deserves an answer here
He most certainly does but, he's not asking only for himself.
All the people that are affected by this problem deserve an answer and a resolution. IMHO  :)
Title: Re: Temptation...
Post by: ..::ReVaN::.. on December 13, 2005, 08:36:20 PM
Quote
I think Sasha deserves an answer here
He most certainly does but, he's not asking only for himself.
All the people that are affected by this problem deserve an answer and a resolution. IMHO  :)

Yes they we do Bob! and  i am very interested in the answer as this problem was one of the reasons i dumped avast and switched to a different AV.
Title: Re: Temptation...
Post by: Vlk on December 13, 2005, 08:45:27 PM
Guys, there's no rocket science here. Standard Shield basically scans all files that a process is opening.

I recommend to use e.g. Filemon to find out which process is opening the files. Please see e.g. my post here: http://forum.avast.com/index.php?topic=3743.msg28211#msg28211
Title: Re: Temptation...
Post by: bob3160 on December 13, 2005, 09:19:51 PM
Vlk
Knowing which files are being opened, doesn't cure the problem.
A change should be made in what and how these files are scanned to speed up the
process. And some serious thinking should be placed into the fact that most of these files
shouldn't have to be rechecked day in and day out.
If they haven't changed, why recheck them???
Title: Re: Temptation...
Post by: Lisandro on December 13, 2005, 09:30:19 PM
I recommend to use e.g. Filemon to find out which process is opening the files. Please see e.g. my post here: http://forum.avast.com/index.php?topic=3743.msg28211#msg28211
Vlk, besides what Bob said, we can't monitor with FileMon the startup itens while they are being opened (at least, I don't know how).
My startup scanning report are showing html pages, tons of exe files that are just into Program files subfolders, etc.
Maybe just 'extracting' the icon but... what can I do? How to really has an exclusion list for this unharm items?
Title: Re: Temptation...
Post by: szc on December 13, 2005, 11:09:46 PM
Guys, there's no rocket science here. Standard Shield basically scans all files that a process is opening.

I recommend to use e.g. Filemon to find out which process is opening the files. Please see e.g. my post here: http://forum.avast.com/index.php?topic=3743.msg28211#msg28211

I just have no clue what am I looking for when starting FileMon... all those things are being accessed now, and I have no problems with avast! scanning anything now because nothing is being scanned so intensive that I can not work... everything is perfect, but what kills me is the boot-time, IE. right after logging into Windows... I have no clue how can I use this tool to see what's going on while logging into Windows. Most likely there is no way to do that, but still who knows...

ashServ.exe, Explorer.exe, scrss.exe, svchost.exe are the main entries I see under Process column. Now what ?
Title: Re: Temptation...
Post by: DavidR on December 14, 2005, 12:47:28 AM
I tried the FileMon route in that long running thread I had and adding it to the startups works, but it doesn't get in there quick enough to monitor everything. It is however able to pick up the later stuff as the avast icon does it dance.

a 2-3 minute run of the monitor generated 13000+ line entries, a nightmare to check and still no nearer finding why certain files are scanned.

I did ask about the possibility of it scanning files because of explorer trying to find icons for the the Start menu or desktop icons, etc. If I remember that suggestion was po-pooed at the time, I could be wrong about that, it was a very large thread and some time ago. Now it is being trotted out as a possible source of the activity.

The only thing that helped me was to lower the Standard Shield to Normal sensitivity, but I would prefer to have it set to High, but that really does kill boot times. I know that avast is only reacting to requests to open/read files.

I feel someone has got to give some serious thought to what is scanned on boot and even give the user some input in the selection of what should be scanned. Things have been suggested to have a flag set to confirm a file has been scanned, I'm not so keen on that as it is just too easy to set a flag so the file isn't scanned when it should be.

My personal feeling is that only files that are actually loaded or executed should be scanned on boot. I have numerous uninstall???.exe files that are scanned also averylabelwizard.exe, as examples of files that haven't been used at all (uninstall files won't be there is the program has been uninstalled?) or for months in the case of the avery label wizard and others that wizz by at such a rate as I can't recall.

I sent the zipped filemon log (not sure if it was sent to your or Igor) but nothing was found out of the ordinary to say why so many files were being scanned. So the FileMon exercise in my case was futile.
Title: Re: Temptation...
Post by: Lisandro on December 14, 2005, 01:09:04 AM
But it doesn't get in there quick enough to monitor everything

But what kills me is the boot-time.

This is what I was talking about... I don't know how FileMon will be useful at boot time.

a 2-3 minute run of the monitor generated 13000+ line entries, a nightmare to check and still no nearer finding why certain files are scanned.
The Professional version (maybe the report of Home too) has the possibility of report 'OK files' with the Resident Task.
This is what surprised me... the ones slowing down the boot time.

The only thing that helped me was to lower the Standard Shield to Normal sensitivity, but I would prefer to have it set to High, but that really does kill boot times. I know that avast is only reacting to requests to open/read files.
Strange... I have it on normal an thousand of thousands files are being scanned  ::)

I feel someone has got to give some serious thought to what is scanned on boot and even give the user some input in the selection of what should be scanned. Things have been suggested to have a flag set to confirm a file has been scanned, I'm not so keen on that as it is just too easy to set a flag so the file isn't scanned when it should be.
Excelent idea.

My personal feeling is that only files that are actually loaded or executed should be scanned on boot. I have numerous uninstall???.exe files that are scanned also averylabelwizard.exe, as examples of files that haven't been used at all (uninstall files won't be there is the program has been uninstalled?) or for months in the case of the avery label wizard and others that wizz by at such a rate as I can't recall.
Maybe just the .exe file IF were executed.
Maybe what Bob wants: not repetitive scannings of the same clean files...
Title: Re: Temptation...
Post by: Lisandro on December 14, 2005, 01:51:12 AM
It's unbelivable... who has patience... take a look into the programs scanned at startup (boot and login) with avast!  ::)
Some entries are really strange, some are old programs, already uninstalled, MOST of them aren't at startup, of course  :-\

Sorry, 0 bytes file... trying again...
Title: Re: Temptation...
Post by: szc on December 14, 2005, 02:02:37 PM
You attached an empty file Tech... 0 kb, even 0 bytes... ???
Title: Re: Temptation...
Post by: Lisandro on December 14, 2005, 05:34:10 PM
Something is weird here...
Trying again... Something strange. The file has only 66kB but seems to be refused  :-[
To open this particulary thread is very very slow...
Sasha, can I send the file to you by email and you try from your part?
Title: Re: Temptation...
Post by: szc on December 14, 2005, 05:41:58 PM
Yes, no problems... I just received something.

Unbelievable ! I can not even post in this thread any more... what's happening with this forum ? I tried to attach that file (3 times) and no success whatsoever. I also tried to edit my post just to see is it going to accept some text changes, again nothing...

EDIT: I tried to attach the file, no chance ! I also tried to copy contents of the file and post them inside the code tags as well as inside the QUOTE tags, and always the same... it won't post no matter how long you wait. There is simply no chance to attach that file. Maybe some words gets filtered by forum censoring engine (if there is any) I have no clue...
Title: Re: Temptation...
Post by: Vlk on December 14, 2005, 06:24:04 PM
While not send the file(s) to my email address. Filemon logs welcome. :-p
Title: Re: Temptation...
Post by: szc on December 14, 2005, 06:30:47 PM
Sent 10 seconds ago...  ;)  ;D
Title: Re: Temptation...
Post by: Lisandro on December 14, 2005, 07:37:42 PM
Yes, no problems... I just received something.

Unbelievable ! I can not even post in this thread any more... what's happening with this forum ? I tried to attach that file (3 times) and no success whatsoever. I also tried to edit my post just to see is it going to accept some text changes, again nothing...

EDIT: I tried to attach the file, no chance ! I also tried to copy contents of the file and post them inside the code tags as well as inside the QUOTE tags, and always the same... it won't post no matter how long you wait. There is simply no chance to attach that file. Maybe some words gets filtered by forum censoring engine (if there is any) I have no clue...
Thanks for the efforts Sasha. I'm glad to know I'm not the only one.

While not send the file(s) to my email address. Filemon logs welcome. :-p
I did not monitor with Filemon because, as I've posted before, it can't monitor startup items. Only the Resident Protection log could have done that.
Title: Re: Temptation...
Post by: Vlk on December 14, 2005, 09:31:48 PM
Technical, just add shortcut to Filemon.exe to the Startup group (or the Start key in registry).
Then reboot, and make sure to log in as fast as possible.

Without the filemon log, it's really hard to guess what's causing so much disk activity.


And, to answer this

Quote
Vlk
Knowing which files are being opened, doesn't cure the problem.
A change should be made in what and how these files are scanned to speed up the
process. And some serious thinking should be placed into the fact that most of these files
shouldn't have to be rechecked day in and day out.
If they haven't changed, why recheck them???


Well, this is easy to say - but hard to do. I mean, to (reliably) check if a file has changed requires reading its contents - and, believe it or not, this is roughly as expensive as actually scanning it...

Of course, there are ways to relax this, but it's always a trade-off -- less security, more performance.
Title: Re: Temptation...
Post by: Lisandro on December 14, 2005, 09:44:49 PM
Technical, just add shortcut to Filemon.exe to the Startup group (or the Start key in registry).
Then reboot, and make sure to log in as fast as possible.
Without the filemon log, it's really hard to guess what's causing so much disk activity.
I'll do it right now.
I login the faster way possible: automatically login... I even have to add my name & password.
Title: Re: Temptation...
Post by: bob3160 on December 15, 2005, 05:13:38 AM
Technical, just add shortcut to Filemon.exe to the Startup group (or the Start key in registry).
Then reboot, and make sure to log in as fast as possible.

Without the filemon log, it's really hard to guess what's causing so much disk activity.


And, to answer this

Quote
Vlk
Knowing which files are being opened, doesn't cure the problem.
A change should be made in what and how these files are scanned to speed up the
process. And some serious thinking should be placed into the fact that most of these files
shouldn't have to be rechecked day in and day out.
If they haven't changed, why recheck them???


Well, this is easy to say - but hard to do. I mean, to (reliably) check if a file has changed requires reading its contents - and, believe it or not, this is roughly as expensive as actually scanning it...

Of course, there are ways to relax this, but it's always a trade-off -- less security, more performance.



Vlk
It may not be easy but since this is starting to be a problem for a lot of us, it's something that has to be done.
Title: Re: Temptation...
Post by: szc on December 15, 2005, 01:46:44 PM
...
...
Of course, there are ways to relax this, but it's always a trade-off -- less security, more performance.

Believe me, with this kind of problem I started to believe we really want that trade-off. What's more important for me than thorough scanning on boot-time (logging into Windows time), would be good and if possible (of course) faster on-demand scanning engine. We all pretty much do scan our systems on regular basis, so scanning with such an intensity on boot time IMHO should not be such a extensive operation. Of course we must not let our antivirus miss everything, but sure we do not want our antivirus take over of all system resources. This will become security fortress one day and not my every day tool for doing business or doing my personal tasks. I don't know anyone else who would like to see opposite situation.

We do not use our computers because of antiviruses or firewalls, that should be clear to anyone... we use our computers for more productive tasks, whether those are simple playing games (well those things are some people's job as well, nothing weird in that), or creating graphics, programming, selling stuff using your computer or even controlling satellites...

Unfortunately we are bombed with all those nasties (malicious stuff of all kind) on the internet, so we have to use antiviruses and firewalls. So, to me it looks more like necessity...
Title: Re: Temptation...
Post by: Lisandro on December 15, 2005, 03:07:47 PM
I know this won't solve our problem.
But Vlk reached the conclusion that there is nothing to do with my system startup.
Looking forward for a better solution for us all  :-*