Author Topic: Avast 4.8 incompatible with partition access in Drivecrypt 3.03b  (Read 2243 times)

0 Members and 1 Guest are viewing this topic.

Offline focus32

  • Newbie
  • *
  • Posts: 2
Avast version: 4.8 Home
Full version info not avail but package downloaded 27/07/09 and program update has ocurred so should be latest version.

Drivecrypt version: 3.03b

On trying to mount an encrypted drivecrypt partition, drivecrypt reports:

<quote>
Title: dev drv.

Not raw device - Share violation

FileSystem partition DEV:
\FileSystem\FltMgr

The correct name should be listed as:
\Filesystem\RAW
</quote>

and will not mount the partition.

The problem appears to be that Avast has installed a set of mini filter drivers[1] in the NTFS driver stack identified as \Filesystem\FltMgr which interferes with the dedicated drivecrypt driver which expects to see the partition type as RAW (\Filesystem\RAW).

It's understandable that an encryption program may require to make direct access to the disk so it may be that these two programs at this version are incompatible, which is a shame.

Any opinions?

This topic has been touched upon here:
http://forum.avast.com/index.php?topic=35395.0
on 11th May 2008 but I think the file system angle was missed.

Later versions of Drivecrypt may address this issue but upgrade is a high cost and uncertain option and later versions have intrusive DRM overheads.


[1] The insertion of the mini filter is suggested here:
http://blog.threatfire.com/2007/09/how-do-storm-and-other-current-threats.html

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast 4.8 incompatible with partition access in Drivecrypt 3.03b
« Reply #1 on: July 29, 2009, 12:06:23 AM »
Hi,

I'm afraid this is basically an issue in this older version of DriveCrypt, which doesn't seem to be willing to accept the fact that other drivers/devices may be layered on top of it. I don't quite see anything we could do about it.

BTW fltmgr.sys is the Microsoft minifilter framework - and using it is the one and only legal way for an AV to attach to the file system stack, really. All the other known methods are more or less hacks which have many other issues....

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline focus32

  • Newbie
  • *
  • Posts: 2
Re: Avast 4.8 incompatible with partition access in Drivecrypt 3.03b
« Reply #2 on: July 29, 2009, 07:50:56 PM »
Thanks for your response, very informative on the mini-filter structure.

Not what I had hoped to hear of course but it lets me know where the problem lies and what I need to do.

Thanks Again.