file system sheild exclustions settings; plse explain r, w, x functions

[jejjamesejohnson]

Hello Guys. Please explain what what functions are performed according to the Avast active protection shields...Avast>settings>Active Protection>File system shield > Customize ...checkbox options "R" read; "W" write and "X" execute.

I just do not know what these functions do with reference to the programs on my computer they correspond to.

Have win7 paint screenshot but do not know how to post it on this forum.

Thanks, James

[DavidR]

Presumably you are talking about the AvastUI > settings > Active Protection > File system shield > Customize - Exclusions ?

These exclusions won't be scanned if you have checked the R, W, X boxes - for the most part these are set not to scan for Read or Write, but the eXecute option remains unchecked, so it will be scanned.

To attach a file/image, when Replying click on the Attachments and other options - this expands to allow for the selection of the images you want to attach.

[jejjamesejohnson]

DavidR. Thanks for info. Have shot attached now.

As to the functions, I just do not know what the (e.g.) "R" read function does. It just "reads" the (e.g.) "TFC.exe" item without more? Makes little sense to me why avast would solely "read" the item. Hope that give U idea of my confusion.

James

[DavidR]

Simply opening a file normally has Read as the permission, so it is a lower level, when opened for Read it won't be scanned. The fact that the eXecute isn't checked means the exclusion won't be applied and avast will scan it.

Most of the items listed in the exclusions are default settings to prevent repetitive scanning on certain files, but avast still wants them scanned if eXecuted.

TFC.exe if memory serves is the Temporary File Cleaner, which presumably you created an exclusion for. Personally for the number of times you would be using the Temporary File Cleaner program I wouldn't create an exclusion for it as tfc.exe isn't going to be mega repetitive. You are making an exclusion (for certain functions) for a program/file, but you aren't excluding its actions, only its opening/running.

[jejjamesejohnson]

Allright. I could start making sense of this after your posts. Then after looking around a bit more I also noticed the "?" at the top right as is shown in my own shot, so I Clicked it and got a more elaborate explanation, saying in part:

Specify file types to be excluded at the moment of opening (read=R), saving (write=W), or running (execute=X).

Ok, so:
R = read = opening
W = write = saving
X = execute = running

These are the functions avast does to files when they are not excluded, right?

The TFC.exe I have excluded in all 3 functions that stops avast from acting on that file every time it was used, now allows its use. I use this .exe routenely to clean temp files along with CCleaner and one other cleanup program

But the " *\firefox\profiles\*sessionstore*.js " is solely stopped from saving because only the W (Write) function is excluded. This is a Fx session manager
addon resulting file.

Mind giving me an idea of what you think Avast is doing with this file, given only saving, W (write) is allowed to occur?

Really do appreciate you taking your time on this guy!! Thks, James

[DavidR]

What avast does isn't what it allows - the exclusions list, gives a list of files that will be excluded from scans and the condition that applies for the exclusion. 

The check mark in the box means it will be excluded based on that condition being met, if none of the boxes for a particular file is checked then avast will scan that file every time.

R.   Check the Read condition box and avast won't scan read access to that file.
W.  Check the Write condition box and avast won't scan Write access (editing) to that file.
X.   Check the eXecute condition box and avast won't scan that file when it is executed (Run).

Obviously you have to execute (excuse the pun) care when eXcluding executable files as that could have serious consequences if it were infected. Meaning you have to be 100% sure that the file is clean before excluding eXecute access.

The sessionstore*.js is a firefox file that is constantly Written (updated/Modified) to, unless excluded it would increase scanning of this file.

[jejjamesejohnson]

OK, slowly but with progressive successes we're getting there, to wit:

R.   Check the Read condition box and avast won't scan read access to that file.
W.  Check the Write condition box and avast won't scan Write access (editing) to that file.
X.   Check the eXecute condition box and avast won't scan that file when it is executed (Run).

That's the kind of info I was looking for. I also found a bit more info online:
https://www.avast.com/faq.php?article=AVKB168

I'll most definitely be saving your provided info in my help file for this subject.

The "X" explanation, I can fully understand.

The "W" explanation's "Write access (editing)" is an unknown to me.

The "R" explanation's "read access" is a maybe, as in avast wont read the file?

Further clarification for this NUBE dummy on this subject will be appreciated, unless you have an online url source U can provide so I can access & study.

Again, your help is truly appreciated. Jim

Edit: Are these $M explanations applicable maybe?: https://msdn.microsoft.com/en-us/library/bb727008.aspx

Was still researching what I did not understand and this url showed up.

Edit 2: Better yet, how about these? :https://en.wikipedia.org/wiki/File_system_permissions

[DavidR]

X. When you try to run an executable file, avast intercepts that call to run it, then avast scans that file, if it is clean it then allows it to run. If you put a check mark in that box then this scan wouldn't take place (and why it is a serious step to exclude executable (.exe) files.

W. Files can be modified, if they are opened with write permission or are modified, before they can be saved then avast would scan them.

Here you are getting confused:
Avast doesn't read a file, it scans a file.

R. Programs that access other files will generally access it with whatever permission (File Access/Attributes) it requires. If it is accessing it to Read, and you have that box checked avast won't scan it.

[jejjamesejohnson]

Ok, after your genuine apparently complete efforts, likely best at this point for me to do further study on what you stated. I respect your time and know that I need to spend time on my own for "my problems". Will be back for completion or corrections/explanations as the situation presents itself.

Take care guy, and believe truly I really really do appreciate your time!

Smiles, Jim

[DavidR]

You're welcome.