Author Topic: Temptation...  (Read 57005 times)

0 Members and 1 Guest are viewing this topic.

..::ReVaN::..

  • Guest
Re: Temptation...
« Reply #75 on: December 13, 2005, 08:36:20 PM »
Quote
I think Sasha deserves an answer here
He most certainly does but, he's not asking only for himself.
All the people that are affected by this problem deserve an answer and a resolution. IMHO  :)

Yes they we do Bob! and  i am very interested in the answer as this problem was one of the reasons i dumped avast and switched to a different AV.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Temptation...
« Reply #76 on: December 13, 2005, 08:45:27 PM »
Guys, there's no rocket science here. Standard Shield basically scans all files that a process is opening.

I recommend to use e.g. Filemon to find out which process is opening the files. Please see e.g. my post here: http://forum.avast.com/index.php?topic=3743.msg28211#msg28211
If at first you don't succeed, then skydiving's not for you.

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47136
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Temptation...
« Reply #77 on: December 13, 2005, 09:19:51 PM »
Vlk
Knowing which files are being opened, doesn't cure the problem.
A change should be made in what and how these files are scanned to speed up the
process. And some serious thinking should be placed into the fact that most of these files
shouldn't have to be rechecked day in and day out.
If they haven't changed, why recheck them???
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Temptation...
« Reply #78 on: December 13, 2005, 09:30:19 PM »
I recommend to use e.g. Filemon to find out which process is opening the files. Please see e.g. my post here: http://forum.avast.com/index.php?topic=3743.msg28211#msg28211
Vlk, besides what Bob said, we can't monitor with FileMon the startup itens while they are being opened (at least, I don't know how).
My startup scanning report are showing html pages, tons of exe files that are just into Program files subfolders, etc.
Maybe just 'extracting' the icon but... what can I do? How to really has an exclusion list for this unharm items?
The best things in life are free.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Temptation...
« Reply #79 on: December 13, 2005, 11:09:46 PM »
Guys, there's no rocket science here. Standard Shield basically scans all files that a process is opening.

I recommend to use e.g. Filemon to find out which process is opening the files. Please see e.g. my post here: http://forum.avast.com/index.php?topic=3743.msg28211#msg28211

I just have no clue what am I looking for when starting FileMon... all those things are being accessed now, and I have no problems with avast! scanning anything now because nothing is being scanned so intensive that I can not work... everything is perfect, but what kills me is the boot-time, IE. right after logging into Windows... I have no clue how can I use this tool to see what's going on while logging into Windows. Most likely there is no way to do that, but still who knows...

ashServ.exe, Explorer.exe, scrss.exe, svchost.exe are the main entries I see under Process column. Now what ?
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86650
  • No support PMs thanks
Re: Temptation...
« Reply #80 on: December 14, 2005, 12:47:28 AM »
I tried the FileMon route in that long running thread I had and adding it to the startups works, but it doesn't get in there quick enough to monitor everything. It is however able to pick up the later stuff as the avast icon does it dance.

a 2-3 minute run of the monitor generated 13000+ line entries, a nightmare to check and still no nearer finding why certain files are scanned.

I did ask about the possibility of it scanning files because of explorer trying to find icons for the the Start menu or desktop icons, etc. If I remember that suggestion was po-pooed at the time, I could be wrong about that, it was a very large thread and some time ago. Now it is being trotted out as a possible source of the activity.

The only thing that helped me was to lower the Standard Shield to Normal sensitivity, but I would prefer to have it set to High, but that really does kill boot times. I know that avast is only reacting to requests to open/read files.

I feel someone has got to give some serious thought to what is scanned on boot and even give the user some input in the selection of what should be scanned. Things have been suggested to have a flag set to confirm a file has been scanned, I'm not so keen on that as it is just too easy to set a flag so the file isn't scanned when it should be.

My personal feeling is that only files that are actually loaded or executed should be scanned on boot. I have numerous uninstall???.exe files that are scanned also averylabelwizard.exe, as examples of files that haven't been used at all (uninstall files won't be there is the program has been uninstalled?) or for months in the case of the avery label wizard and others that wizz by at such a rate as I can't recall.

I sent the zipped filemon log (not sure if it was sent to your or Igor) but nothing was found out of the ordinary to say why so many files were being scanned. So the FileMon exercise in my case was futile.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Temptation...
« Reply #81 on: December 14, 2005, 01:09:04 AM »
But it doesn't get in there quick enough to monitor everything

But what kills me is the boot-time.

This is what I was talking about... I don't know how FileMon will be useful at boot time.

a 2-3 minute run of the monitor generated 13000+ line entries, a nightmare to check and still no nearer finding why certain files are scanned.
The Professional version (maybe the report of Home too) has the possibility of report 'OK files' with the Resident Task.
This is what surprised me... the ones slowing down the boot time.

The only thing that helped me was to lower the Standard Shield to Normal sensitivity, but I would prefer to have it set to High, but that really does kill boot times. I know that avast is only reacting to requests to open/read files.
Strange... I have it on normal an thousand of thousands files are being scanned  ::)

I feel someone has got to give some serious thought to what is scanned on boot and even give the user some input in the selection of what should be scanned. Things have been suggested to have a flag set to confirm a file has been scanned, I'm not so keen on that as it is just too easy to set a flag so the file isn't scanned when it should be.
Excelent idea.

My personal feeling is that only files that are actually loaded or executed should be scanned on boot. I have numerous uninstall???.exe files that are scanned also averylabelwizard.exe, as examples of files that haven't been used at all (uninstall files won't be there is the program has been uninstalled?) or for months in the case of the avery label wizard and others that wizz by at such a rate as I can't recall.
Maybe just the .exe file IF were executed.
Maybe what Bob wants: not repetitive scannings of the same clean files...
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Temptation...
« Reply #82 on: December 14, 2005, 01:51:12 AM »
It's unbelivable... who has patience... take a look into the programs scanned at startup (boot and login) with avast!  ::)
Some entries are really strange, some are old programs, already uninstalled, MOST of them aren't at startup, of course  :-\

Sorry, 0 bytes file... trying again...
« Last Edit: December 14, 2005, 05:19:16 PM by Tech »
The best things in life are free.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Temptation...
« Reply #83 on: December 14, 2005, 02:02:37 PM »
You attached an empty file Tech... 0 kb, even 0 bytes... ???
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Temptation...
« Reply #84 on: December 14, 2005, 05:34:10 PM »
Something is weird here...
Trying again... Something strange. The file has only 66kB but seems to be refused  :-[
To open this particulary thread is very very slow...
Sasha, can I send the file to you by email and you try from your part?
The best things in life are free.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Temptation...
« Reply #85 on: December 14, 2005, 05:41:58 PM »
Yes, no problems... I just received something.

Unbelievable ! I can not even post in this thread any more... what's happening with this forum ? I tried to attach that file (3 times) and no success whatsoever. I also tried to edit my post just to see is it going to accept some text changes, again nothing...

EDIT: I tried to attach the file, no chance ! I also tried to copy contents of the file and post them inside the code tags as well as inside the QUOTE tags, and always the same... it won't post no matter how long you wait. There is simply no chance to attach that file. Maybe some words gets filtered by forum censoring engine (if there is any) I have no clue...
« Last Edit: December 14, 2005, 05:56:17 PM by S.Z.Craftec »
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Temptation...
« Reply #86 on: December 14, 2005, 06:24:04 PM »
While not send the file(s) to my email address. Filemon logs welcome. :-p
If at first you don't succeed, then skydiving's not for you.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Temptation...
« Reply #87 on: December 14, 2005, 06:30:47 PM »
Sent 10 seconds ago...  ;)  ;D
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Temptation...
« Reply #88 on: December 14, 2005, 07:37:42 PM »
Yes, no problems... I just received something.

Unbelievable ! I can not even post in this thread any more... what's happening with this forum ? I tried to attach that file (3 times) and no success whatsoever. I also tried to edit my post just to see is it going to accept some text changes, again nothing...

EDIT: I tried to attach the file, no chance ! I also tried to copy contents of the file and post them inside the code tags as well as inside the QUOTE tags, and always the same... it won't post no matter how long you wait. There is simply no chance to attach that file. Maybe some words gets filtered by forum censoring engine (if there is any) I have no clue...
Thanks for the efforts Sasha. I'm glad to know I'm not the only one.

While not send the file(s) to my email address. Filemon logs welcome. :-p
I did not monitor with Filemon because, as I've posted before, it can't monitor startup items. Only the Resident Protection log could have done that.
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Temptation...
« Reply #89 on: December 14, 2005, 09:31:48 PM »
Technical, just add shortcut to Filemon.exe to the Startup group (or the Start key in registry).
Then reboot, and make sure to log in as fast as possible.

Without the filemon log, it's really hard to guess what's causing so much disk activity.


And, to answer this

Quote
Vlk
Knowing which files are being opened, doesn't cure the problem.
A change should be made in what and how these files are scanned to speed up the
process. And some serious thinking should be placed into the fact that most of these files
shouldn't have to be rechecked day in and day out.
If they haven't changed, why recheck them???


Well, this is easy to say - but hard to do. I mean, to (reliably) check if a file has changed requires reading its contents - and, believe it or not, this is roughly as expensive as actually scanning it...

Of course, there are ways to relax this, but it's always a trade-off -- less security, more performance.
If at first you don't succeed, then skydiving's not for you.