Author Topic: Standard Shield (on-access module) question!  (Read 14875 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Standard Shield (on-access module) question!
« Reply #15 on: March 07, 2004, 10:02:33 PM »
Faffy:

I suppose the behavior is like this: you cannot prevent avast! from downloading an infected zip file because it cannot know if it is infected or not before you 'have' the file.
After that, if you are using a download manager you can set: c:\ path \ashquick.exe (without parameters) to scan the file. If you are not using it, avast! will only detect the infection when you extract the files from it.

You can set the Standard Shild to Custom and choose the option to scan every open file in your system. You can add especial extensions to the standard list.

Believe us, you will be safe if the resident protection is turned on.
You can run the on-demand scanner frequently too.
Hope this help.
The best things in life are free.

Culpeper

  • Guest
Re:Standard Shield (on-access module) question!
« Reply #16 on: March 07, 2004, 10:12:19 PM »
Technical

I was able to recreate what Faffy is talking about.  I was able to extract the infected files without detection.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Standard Shield (on-access module) question!
« Reply #17 on: March 07, 2004, 10:15:53 PM »
What are your settings right now when the problem occurs?
The best things in life are free.

Culpeper

  • Guest
Re:Standard Shield (on-access module) question!
« Reply #18 on: March 07, 2004, 10:16:40 PM »
My Standard Shield is set on "Normal" setting.

Go to Faffy's link he posted and try downloading the eicar.zip files and see what results you get.
« Last Edit: March 07, 2004, 10:17:44 PM by Culpeper »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Standard Shield (on-access module) question!
« Reply #19 on: March 07, 2004, 11:06:05 PM »
My Standard Shield is set on "Normal" setting.

Go to Faffy's link he posted and try downloading the eicar.zip files and see what results you get.

The normal sensitivity could react like you are seeing.

Please, use the HIGH. Alwil team will change the normal to high and the high to 'higher' in the new versions by default.

You can add to your Standard Shield settings:
On open: WS?,VBS,VBE,JS,JSE,HTA,WSF,WSH,SHS,SHB,HTM*
Created and modified files: ACE,ARC,ARJ,BZIP2,CAB,COM,GZIP,PST,RAR,TAR,ZIP,ZOO,ECE
The best things in life are free.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Standard Shield (on-access module) question!
« Reply #20 on: March 07, 2004, 11:08:59 PM »
This line...

Quote
Created and modified files: ACE,ARC,ARJ,BZIP2,CAB,COM,GZIP,PST,RAR,TAR,ZIP,ZOO,ECE

...is useless in Home Edition unless you changed archive scanning parameters in avast! system file.
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Standard Shield (on-access module) question!
« Reply #21 on: March 07, 2004, 11:14:23 PM »
oops, you're right.
Can you post that changes, please?
The best things in life are free.

Culpeper

  • Guest
Re:Standard Shield (on-access module) question!
« Reply #22 on: March 08, 2004, 12:05:56 AM »
Okay, setting the shield to "high" now detects infected files within a zip file when trying to extract the files.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Standard Shield (on-access module) question!
« Reply #23 on: March 08, 2004, 12:15:29 AM »
Okay, setting the shield to "high" now detects infected files within a zip file when trying to extract the files.

Good! Thanks God!

But, do you use a Download Manager? If so, you can configure it to start ashquick.exe (without parameters) just after the download is finished...

Still waiting for Rejzor's post  ;D
The best things in life are free.

Culpeper

  • Guest
Re:Standard Shield (on-access module) question!
« Reply #24 on: March 08, 2004, 12:22:10 AM »
I just use the browser's download manager.  

faffy

  • Guest
Problem solved!
« Reply #25 on: March 08, 2004, 11:58:39 AM »
Now, finally when I download a compressed "bug" it gets detected right away. Here are the steps I took.

1. Change Standard Shield to "High Sensitivity".
2. Add the ZIP extension in the "Additional Extensions:" in the Standard Shield.
3. Open up the TASKS in Enhanced mode. Edit the Resident Protection! Click on the "Advanced Configuration" at the bottom left. Search for the Standard Shield -> Packers. Check the ZIP packers.

And now avast should scream when you try to download either the eicar.zip or eicarcom2.zip files.

Faffy  

PS: As I remember, I did the same thing on my home computer yesterday, and it did not work. I have to check that after work.
« Last Edit: March 08, 2004, 12:56:38 PM by faffy »