Avast ON ACCESS + Folder Guard fails to detect virusses.

[Analyzer]

Fyi,

Any virus stored inside a folder "protected" (= can have status hidden & read-only) by Folder Guard is not detected by the ON ACCESS scanner.

I.o.w. if I VIEW a virus infected file from a folder guard handled folder the ON ACCESS scanner isn't triggered.
Copying this same infected file to a location not handled by folder guard does trigger the ON ACCESS scanner, although only at the TARGET location!!

The ON DEMAND scanner b.t.w. does detect the virus infected file inside the folder guard handled folder.

Whether this problem only occures with Folder Guard or with other, equal, products is unknown to me.

Best Regards,
Analyzer.

[Lisandro]

Analiser, that is an advantage and, on the other side, the disavantage of Folder Guard... You cannot access the protected folder (that is the reason to use Folder Guard) so neiter the antivirus can. But will a virus infect the files in the protected folder? If so, avast will be able to detect it in the same way you can run, change, etc. the files in that folder...  

[Analyzer]

Technical,

The problem is, that at the moment when I'm viewing this virus infected file (from the Folder Guard handled folder), I (and so the ON ACCESS scanner) have FULL RIGHTS to this folder. I fact, the folder is then visible / unprotected just as any other folder.

I do know (and understand) that when the folder is in protected state that the ON ACCESS scanner can't find anything (logical because I can't get in or even see the folder).

What I try to say is that even if my system is in unprotected mode (so just like Folder Guard isn't installed) the ON ACCESS scanner won't detect a virus in ANY folder HANDLED by Folder Guard.
I assume that the Folder Guard driver is interfering with the ON ACCESS scanner some how.

[igor]

Interesting... what operating system do you use? And what Folder Guard, when we're at that?

[Analyzer]

Igor,

The OS = WinXP English with SP1 and all Security Updates. For the version of Folder Guard you have to wait untill I arrive at home . Will post this information somewhere this evening / night.

If time permits (but can't promise this), I will try if this problem also occures with an other, similair product.

[Analyzer]

Igor,

First of all the version of Folder Guard is V6 Pro.

But, i did some more testing with Folder Guard in combination with ON ACCESS scanner. So here is some extra info regarding the problem, because I think I found the exact cause of the problem.

Some background info: Folder Guard has, beside the DEFAULT "user", the possibility to define extra USERS. Each user can have a different protection scheme. Of course, the DEFAULT "user" is applied to everybody who is not seperatly configured in Folder Guard.

So what I did is a adjusted the DEFAULT "user" to hide / protect specific folders and/or files (including the folder containing the gathered virusses). Then I created a extra user for myself (e.g. user "Analyzer") where I removed all the protections. In other words, as soon as I log in, it is like I login into the system as if Folder Guard wasn't installed at all.
Even with the protection ENABLED the system (for me) behaves like Folder Guard wasn't installed at all.

Now to the trick: In normal cases a DEFAULT "user" has to execute a small "Toggle Protection" program to get access to the hidden / protected folders and/or files. IMPORTANT: This "Toggle Protection" (to Protection = On) is also automaticly executed as soon as the Screenblanker becomes active.

The above part is the clue of the whole problem (as far as I can tell) because if I toggle the protection to ON (e.g. because my screenblanker got activated) it turns out that the ON ACCESS scanner of Avast won't detect a virus infected file (inside this virus folder, which is handled by Folder Guard) anymore. Only the infected files Avast detected before the protection was activated are still somehow disabled (File not found when you try e.g. to view such a file).

Ok, hope this clarifies a lot of the problem.

Best Regards,
Analyzer