avast! didn't detect several trojans on-access

[Neron]

Yesterday i ran a scan.Several Trojans were detected.I deleted them.The question is why avast on-access scanner didn't detect  them.
this is the log:
2/17/2005 1:42:50 PM   SYSTEM   1388   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\WINXP-~1\LOCALS~1\Temp\webrebates.exe" file. 
2/17/2005 1:51:26 PM   WinXP-VIA   3160   Sign of "VBS:Malware [Gen]" has been found in "C:\Documents and Settings\WinXP-VIA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2c841155-3499e3be.class" file. 
2/17/2005 1:55:22 PM   WinXP-VIA   3160   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Program Files\Mechanical Clock 3D Screensaver\mechanical clock.exe" file. 
2/17/2005 1:57:30 PM   WinXP-VIA   3160   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\System Volume Information\_restore{AB816D34-6DA6-47C1-886B-9B10B2DC4D64}\RP46\A0010857.exe" file. 
2/17/2005 1:57:43 PM   WinXP-VIA   3160   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{AB816D34-6DA6-47C1-886B-9B10B2DC4D64}\RP48\A0011019.exe" file. 
2/17/2005 2:04:45 PM   SYSTEM   1388   Sign of "EICAR Test-NOT virus!!" has been found in "C:\DOCUME~1\WINXP-~1\LOCALS~1\TEMP\t0ax2jwt.com" file. 
2/17/2005 2:14:06 PM   SYSTEM   1388   Sign of "VBS:Malware [Gen]" has been found in "C:\DOCUME~1\WINXP-~1\LOCALS~1\Temp\AAWTMP\C15191414\1243FA\javainstaller\InstallerApplet.class" file. 
2/17/2005 5:07:19 PM   SYSTEM   1352   Sign of "EICAR Test-NOT virus!!" has been found in "C:\DOCUME~1\WINXP-~1\LOCALS~1\TEMP\5fkl3bzz.com" file. 

You can see that eicar test is detected.So the on-access scanner is running.
Could this be because of my settings.Standart shield is set to high.
The operations are allowed if the screen saver is running.(blocker options)
I'm sure avast can detect Trojan-gen(other) because it detected it a week ago.
Should i set avast to block operations if they must be blocked while screen-saver is running?

[DavidR]

Why would you want to allow something that you want to be blocked, just because the screen saver is running? You either want to block it or not and it shouldn't really matter if you are at the computer or the screen saver is running.

Allow the operation, allows the file to its dirty deed. However, I'm not entirely sure of the benefit of this when there are no Blocked Operations ticked.

Extract from the avast help file:

Allow the operation. If an attempt to perform the blocked operation is detected, you will be asked to permit or deny the operation. If avast! is unable to ask the question, the operation will be allowed.

[Neron]

Well allow operations while screen-saver is running is default set.I only set the standart shield to high.I wasn't sure if this is right but if you say so maybe i should set it to block operations while the screen saver is runnung.

[DavidR]

I can't remember what the default was but mine is on Don't allow and I don't believe that I changed it?

My other point was, what operations would it block as you have none ticked?

[Neron]

I'm not sure if i can understand you.Are you talking about these(see the picture) options.Should they be checked too.Because these are default settings too.I'm not sure if they have to be marked,but i want to improve the security level

[RejZoR]

I'd say signatures weren't avaiable when these files came through your On-Access part. avast! was then updated and you scanned the drive On-Demand.
This is the most probable reason.

[Neron]

No.I'm sure because 4 days before this the on-access scanner detected Trojan-gen [other]
I deleted it and i was sure that the PC was clear.
Can you tell me if its better to mark these options in the blocker

[DavidR]

I'm not sure if i can understand you.Are you talking about these(see the picture) options.Should they be checked too.Because these are default settings too.I'm not sure if they have to be marked,but i want to improve the security level

The default setting I was talking about was Allow or Don't Allow. That is however, only part of the equation, if you have set to block (don't allow), what should it block?

If no operation is tick, then even if you have ticked block, then it wont block anything, a pointless exercise. You could say don't allow format or delete for instance, then it would have a purpose.

If you want to allow certain operations whilst the screen saver is on, things that would do little harm. You wouldn't want to allow an unattended format so you wouldn't tick that box, but you may want to allow 'Opening a file for writing or renaming a file. That too gives some purpose to the Allow the operation.

I hope that is clearer.

[Neron]

Yes.Now i understand you.But this can help me only in case there is virus in my computer and its trying to delete rename or write .
Thanks again for the explanation