Multiple Concurrent Users - System Events Access Denied (00000005)

[ToyotaNpa]

Forgive me if I didn't spend more than 5 minutes looking for a similar thread, there were some that are similar but I hate bringing posts back from the dead 

Setup:  User A (Admin) and User B (Power User) are concurrently logged into a Windows XP SP3 system.  User A (me) is usually on doing something important, but there are times I don't want to close what I'm doing and log off, even though I should, when User B (my wife) wants to check her email.

Issue:  While performing a standard diagnostic on my system to make sure it's running lean and mean I noticed that there were multiple events showing the standard access denied code (00000005).  Specifically these occurred when User B was logged on.  Looking into these it seems that Avast is attempting to scan User A's profile while User B is the active logged on user.  Since User B is not an admin the scan is failing as it should (i.e. User B has no access to User A's profile directory).  Specifically its failing when scanning User A's Mozilla profile (C:\Documents and Settings\User A\Application Data\Mozilla\....)

All Avast services are set to their default "Local System Account" so I believe that the scanners should be able to access everything on the drive.  Is it because FireFox is running and the profile is in use that the scan is failing?  Why then wouldn't it fail when User A is the actively logged on user (which it does not error)?

This isn't a show stopper by any means, but certainly something I'd like to know a bit more about and perhaps clear up if I can.

Thanks,
-Kirk

[mkis]

Hi Kirk

Welcome to the forum

I'm not sure about this but I think you are just reading logged information. I would imagine that avast is scanning User B as the active logged on user and that's as far as the antivirus action has been permitted, returning a standard access denied code (00000005) upon the restriction that is User A (Admin). I suppose the alternative would be access enabled beyond the restriction in which case you would not get the access denied readings, and it would then also be possible for any action by User B or activity on their account to access Admin account. Perhaps the multiple events relate to the actions by User B on her emails. You could possibly run a few tests to see whether the events correlate.

Probably not the tidiest rendering of logged information but considering the alternative at least the antivirus is doing its work. Also, I'm not sure how Power User (NT I presume) translates across to avast but there may be others that know more about this.

[ToyotaNpa]

Thanks for the insight mkis.  You are correct that when I mention Power User it is indeed the standard Power User group in Windows.  Just enough privileges to not get in a whole lot of trouble.  Here is a little more info on the subject.

The events are found in both the system event viewer and Avast's own log viewer (prob just a filtered view of the system events), 1 is a warning, the other an error.  Numerous times and so far only dealing with files in an in-use mozilla profile.  I probably should have posted one of these as a reference in the first posting, better late than never.

Example Error Log Entry:

Code: [Select]

7/3/2009 8:09:04 AM UserB 580 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\UserA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5GBP3SSA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}\DEFAULTS\PREFERENCES\ADBLOCKPLUS.JS failed, 00000005.
Example Warning Entry:

Code: [Select]

7/3/2009 8:09:04 AM UserB 580 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\UserA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5GBP3SSA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}\DEFAULTS\PREFERENCES\ADBLOCKPLUS.JS (C:\DOCUMENTS AND SETTINGS\UserA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5GBP3SSA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}\DEFAULTS\PREFERENCES\ADBLOCKPLUS.JS) returning error, 00000005.

[mkis]

I hadn't thought Firefox. In a rush, busy,busy. I thought perhaps a Windows profile and that this was standard Windows procedure. The event viewers are primarily avast where antivirus is concerned and Windows with system. So antivirus logs are avast logs. Works in well with Windows at desktop level. 

I use Firefox only for browser and haven't thought much about a Mozilla profile, although I know a few here on the forum do. I only just today updated to Firefox 3.5 so I may look a bit closer about carrying a profile. Like Windows, Mozilla seems to work in with avast. I don't get a lot of time to consider user profiles and group arrangements but I try to keep up to scratch with settings and options and the distribution of resources. In most cases, unless you are actually there, you are really only making guesses.