Author Topic: How do I ignore certain processes in Memory  (Read 5376 times)

0 Members and 1 Guest are viewing this topic.

Offline porktree

  • Newbie
  • *
  • Posts: 6
How do I ignore certain processes in Memory
« on: June 30, 2008, 09:25:54 PM »
I just started using Avast and noticed that when installed it, during it's memory scan it identified protectx as a trojan.  It's not, it's a port monitoring program that I've been using for several years.  I told Avast to ignore it, but the next time I started my computer protectx didn't run.  I couldn't even start it manually without stopping the resident service.  Is there a way I can tell Avast to ignore protectx.exe as a memory process?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: How do I ignore certain processes in Memory
« Reply #1 on: June 30, 2008, 09:32:47 PM »
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders' to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.
The best things in life are free.

Offline porktree

  • Newbie
  • *
  • Posts: 6
Re: How do I ignore certain processes in Memory
« Reply #2 on: June 30, 2008, 10:25:43 PM »
Thanks, I just sent a compressed and pw protected copy of protectx.exe to the address you gave.  Testing the program with VT yielded about a 40% hit rate, Clam, NOD32, and Trend all passed it among others (which explains why it was never detect before I installed Avast). 

I'm having a hard time following the instructions, I can left click the 'a', but don't see any other thing I can do but work the slider left (disabled) to right (high) for the resident scanner, no provider icon, or customize.  And I don't see anything in settings except the exclusion list (which says it has nothing to do with the resident scanner). Thanks again.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85384
  • No support PMs thanks
Re: How do I ignore certain processes in Memory
« Reply #3 on: June 30, 2008, 10:38:02 PM »
Click the Details ... >> button that will expand the view so you can see the individual Shields, then you can access the settings Tech mentions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline porktree

  • Newbie
  • *
  • Posts: 6
Re: How do I ignore certain processes in Memory
« Reply #4 on: June 30, 2008, 11:13:14 PM »
I have no Idea how to get to that screen from here...




Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: How do I ignore certain processes in Memory
« Reply #5 on: June 30, 2008, 11:55:36 PM »
I have no Idea how to get to that screen from here...
Left click the 'a' blue icon...
The best things in life are free.

Offline porktree

  • Newbie
  • *
  • Posts: 6
Re: How do I ignore certain processes in Memory
« Reply #6 on: July 01, 2008, 05:32:58 AM »
I assume you mean this 'a'...



When I do that I get a small window that lets me move a slider to set the sensitivity of the resident scanner, when I move my mouse it goes away.  There's nothing else?

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: How do I ignore certain processes in Memory
« Reply #7 on: July 01, 2008, 05:44:15 AM »
Sorry, that's the wrong "A". The "A" that Techs talking about is the one in the system tray (by the clock) then click on "On access protection control".
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline porktree

  • Newbie
  • *
  • Posts: 6
Re: How do I ignore certain processes in Memory
« Reply #8 on: July 01, 2008, 05:38:06 PM »
Oh, that 'a' - there isn't one in my system tray; (and I don't hide inactive's, and I do have the settings box checked to show the icon in the system tray).  I'm going to add a check to the  'delay loading' for now.  How do I get the blue 'a' to show up in the systray?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: How do I ignore certain processes in Memory
« Reply #9 on: July 01, 2008, 05:48:38 PM »
How do I get the blue 'a' to show up in the systray?
1. Check the option in the Appearance tab of settings.
or
2. Repair your avast installation through Control Panel.
or
3. Make a link to ashdisp.exe in your startup folder
or
4. Add the path to ashDisp.exe into a value named avast! in the Windows Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
See picture here: http://forum.avast.com/index.php?topic=26155.msg213891#msg213891

If that does not help, please, uninstall, boot, install again, boot.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85384
  • No support PMs thanks
Re: How do I ignore certain processes in Memory
« Reply #10 on: July 01, 2008, 05:52:43 PM »
What other security based software do you have that might block new startup entries, e.g. Spybot S&D (TeaTimer), AdAware (AdWatch), SpySweeper, Spyware Doctor (StartUpGuard or OnGuard), PrevX, WinPatrol, ProcessGuard, etc. ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline porktree

  • Newbie
  • *
  • Posts: 6
Re: How do I ignore certain processes in Memory
« Reply #11 on: July 01, 2008, 06:38:20 PM »
I uninstalled and re-installed, during the first install I'd not allowed Avast to add itself to the registry as a startup program.  I have a feeling this is why I didn't have the blue 'a'. I have that now  :)

So, this all makes a lot more sense now.  I added the string 'protectx.exe' to the exclusions, under advanced, then tried to start it, it still got detected and killed, but I've found that by pausing the service I can manually start it and it's all good.  However now that I see what's going on, it looks like Avast provides similar functionality, in that it monitors incoming network connections.  Will it alert on attempted connections (attempts to telnet, ssh, or ftp into my computer)?

The other thing that protectx has provided me is that it absolutely blocks anything being written to the registry (pop-up asking if I want to allow the key string to be written), is this in the Home version of Avast?  If so I can retire protectx.

Thanks for all you help and patience.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85384
  • No support PMs thanks
Re: How do I ignore certain processes in Memory
« Reply #12 on: July 01, 2008, 07:14:29 PM »
No problem, glad we could help.

That isn't a feeling, but precisely why it didn't appear on the system tray as the ashDisp.exe is a user startup entry.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: How do I ignore certain processes in Memory
« Reply #13 on: July 01, 2008, 08:59:32 PM »
Will it alert on attempted connections (attempts to telnet, ssh, or ftp into my computer)?
Hmmm... avast is not a firewall. Only infections will be detected, not attempts to connect).

The other thing that protectx has provided me is that it absolutely blocks anything being written to the registry (pop-up asking if I want to allow the key string to be written), is this in the Home version of Avast?  If so I can retire protectx.
No, avast does not offer this behavior blocker. It could detected malware behavior (when writing to the registry) but will not warn at all (clean) actions.
The best things in life are free.