Author Topic: exclusions  (Read 10268 times)

0 Members and 1 Guest are viewing this topic.

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 699
  • U.S.A
exclusions
« on: October 24, 2003, 06:19:34 AM »
when i click on avast icon in system tray-highlight standard shield-click customize-click advanced tab-at bottom there is an exclusion box(locations that will not be scanned)i have
CONFIG.SYS
MSDOS.SYS
PAGEFILE.SYS
WIN386.SWP
SYSTEM.DA
USER.DA
is it best to leave these in here so they wont be scanned,not to sure what some of them are?

w0mbat

  • Guest
Re:exclusions
« Reply #1 on: October 24, 2003, 09:03:41 AM »
Hi bri,

The files you have listed are all system files, and to my understanding will not be able to be scanned with a normal boot of windows as windows uses them and locks them 'out of bounds' to other applications.

You can take them out or leave them.
If you are concerened about scanning them, choose to do a boot time scan (in settings) which will include them.

I am sure if this is wrong I will be corrected!   ;D

Cheers

w0mbat

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 699
  • U.S.A
Re:exclusions
« Reply #2 on: October 24, 2003, 05:07:04 PM »
thanks for the info.w0mbat

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:exclusions
« Reply #3 on: October 24, 2003, 09:43:38 PM »
when i click on avast icon in system tray-highlight standard shield-click customize-click advanced tab-at bottom there is an exclusion box(locations that will not be scanned)i have
CONFIG.SYS
MSDOS.SYS
PAGEFILE.SYS
WIN386.SWP
SYSTEM.DA
USER.DA
is it best to leave these in here so they wont be scanned,not to sure what some of them are?

W0mbat information is right! If you want to scan these files is better to do under DOS (F-Prot for DOS could do it, you'll have a link here.

Although, these files are quite secure and virus usually does not infect them.

Edit: see techie explanation bellow  ;D
« Last Edit: October 25, 2003, 03:01:18 AM by Technical »
The best things in life are free.

techie101

  • Guest
Re:exclusions
« Reply #4 on: October 24, 2003, 10:09:00 PM »
when i click on avast icon in system tray-highlight standard shield-click customize-click advanced tab-at bottom there is an exclusion box(locations that will not be scanned).
 is it best to leave these in here so they wont be scanned,not to sure what some of them are?
Leaving the files where they are does not compromise your system security.
Remember, the Standard Shield is for resident protection.  If you perform a full Thorough scan regularly, then all files will be scanned for all virii.
The files mentioned are normally "inprocess" and constantly changing.  Avast would more than likely register "false positives".  I would imagine that is one of the reasons that they are not included in the Standard Shield dependency.

techie101

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 699
  • U.S.A
Re:exclusions
« Reply #5 on: October 26, 2003, 03:06:10 AM »
thanks for the replies guys,ill just leave them alone and im not getting f prot,i feel safe enough with avast by itself

Culpeper

  • Guest
Re:exclusions
« Reply #6 on: October 26, 2003, 04:27:16 AM »
when i click on avast icon in system tray-highlight standard shield-click customize-click advanced tab-at bottom there is an exclusion box(locations that will not be scanned)i have
CONFIG.SYS
MSDOS.SYS
PAGEFILE.SYS
WIN386.SWP
SYSTEM.DA
USER.DA
is it best to leave these in here so they wont be scanned,not to sure what some of them are?

W0mbat information is right! If you want to scan these files is better to do under DOS (F-Prot for DOS could do it, you'll have a link here.

Although, these files are quite secure and virus usually does not infect them.

Edit: see techie explanation bellow  ;D


Very good!  Yes, I use F-prot DOS for boot time scan on my W98 machine.  I have information on auto updating the Fprot for DOS definition files for anyone that is interested.

Note:  This is just for W98 because I think the new Windows operating systems have a boot time scan already incorporated with Avast.  Please correct me if I'm mistaken.
« Last Edit: October 26, 2003, 04:29:34 AM by Culpeper »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:exclusions
« Reply #7 on: October 26, 2003, 10:18:47 AM »
OK, so what are these files:

config.sys and msdos.sys are DOS configuration files. I don't know why these files are in the exceptions (I don't see much reason for it) - but in any case, these files can't be infected - they are just plain text files.

win386.swp and pagefile.sys are Windows swap files. These files cannot be accessed anyway (when Windows are running), so I think their appearance in the exclusions has mostly performance reasons (but I may be wrong - the "Created/modified" files scanner may be able to access them, or even cause some problems if it tries... don't know). Also, the swap file cannot be "infected" - it's just a container that Windows use to store the stuff that can't fit into physical memory. (So, even if a virus code appears there, it's either a false alarm, or the virus has been started from some other file; the content of these files is not reused after Windows restart.)

system.dat and user.dat are Win9x registry files. They can be accessed and probably often are. However, as the previous files, they can't be infected - they are not executable files. So, excluding them has mostly performance reasons (but it's probably also more secure - in case of a false alarm, the system may be easily crashed if avast blocked access to the registry files).

So, there is really no need to scan these files - neither from Windows nor from DOS.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:exclusions
« Reply #8 on: October 26, 2003, 12:55:35 PM »
OK, so what are these files:
config.sys and msdos.sys are DOS configuration files. I don't know why these files are in the exceptions (I don't see much reason for it) - but in any case, these files can't be infected - they are just plain text files.

Why not take out these files from the exclusion list?
Maybe in a new build...  ;)
The best things in life are free.

techie101

  • Guest
Re:exclusions
« Reply #9 on: October 26, 2003, 04:07:47 PM »
Bri,

As igor so elegantly explained, these files are not included to prevent possible false positives and conflict with the Avast scanner result.

I refer to these files as "inprocess" which means that since they are constantly changing, Avast could see them as virii and block vital system access.

In the long run, I have learned after years of testing and evaluating software......TO LEAVE WELL ENOUGH ALONE!.   ;)

Technical:  If you have time, try deleting them and see how the sytem reacts.

Good luck,
Nice meeting you Bri
Techie
« Last Edit: October 26, 2003, 04:08:32 PM by techie101 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:exclusions
« Reply #10 on: October 27, 2003, 01:07:33 AM »
Technical:  If you have time, try deleting them and see how the sytem reacts.
Good luck,
Techie

So you let me the dirty work?  ;D

Ok, I´ll delete them and what happens (remember I use XP Pro and I think these files are not accessed by my system, maybe in Windows 98/ME).

Thanks techie
« Last Edit: October 27, 2003, 01:51:31 PM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:exclusions
« Reply #11 on: October 27, 2003, 01:53:56 PM »
Technical:  If you have time, try deleting them and see how the sytem reacts.
Good luck,
Techie

So you let me the dirty work?  ;D

Ok, I´ll delete them and what happens (remember I use XP Pro and I think these files are not accessed by my system, maybe in Windows 98/ME).

Thanks techie

[glow=color,glow width, #characters wide]Nooo![/glow]

Do not exclude that files!!!
Avast! freezes, system crashed... Oh, God! Thanks to GoBack, I rolled back my system and save my day...

Strange, I'm not sure about this behavior, but I suggest do not delete (exclude) these files...  ;)
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:exclusions
« Reply #12 on: October 27, 2003, 09:00:31 PM »
What files did you remove from the exlusion? If you're in WinXP, the only relevant file should be pagefile.sys. Don't tell me your system freezes when you remove config.sys from the exclusions... :)

Anyway, I warned about possible problems for the registry and swap files... maybe Vlk would have some more info?

techie101

  • Guest
Re:exclusions
« Reply #13 on: October 27, 2003, 10:08:30 PM »
Technical,

This is strange behavior indeed!  Glad you could restore to operation.

Sorry to make you the sacrifical lamb....but I told you to leave well enough alone.  ;D

Did Avast give any visual warning before crash?
Any virus alert?

I think maybe VLK should address this matter in more detail.  In simplicity, it is a conflict between the Avast scanner and either the swp or page files.  The only explanation I can offer is if Avast delays the use of the swap or page files, it could inhibit the virtual memory operation and therefore could wreck havoc with system operation.  The other files in the exclusion list are only text files and the scanner should not affect them.

Techie
« Last Edit: October 27, 2003, 10:14:27 PM by techie101 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:exclusions
« Reply #14 on: October 28, 2003, 11:45:36 AM »
What files did you remove from the exlusion? If you're in WinXP, the only relevant file should be pagefile.sys. Don't tell me your system freezes when you remove config.sys from the exclusions... :)

Anyway, I warned about possible problems for the registry and swap files... maybe Vlk would have some more info?

I don't know the causes of the crash... Could be a lot of things: recently Windows updates, etc. I think config.sys is not the cause, but I remove it and  msdos.sys (from the exclusion list). I know they don't make much sense in XP  :-\

Of course I did not remove pagefile.sys and the other files listed...
I just want to say: don't do anything if your system is working  8)

Vlk is the salvation  ;D
The best things in life are free.