Author Topic: 6.0 Behavior Shield Problem  (Read 6969 times)

0 Members and 1 Guest are viewing this topic.

colorado_bob

  • Guest
6.0 Behavior Shield Problem
« on: February 27, 2011, 10:37:56 PM »
I am running Windows XP SP3 Home Edition.  When I updated to Avast! Free antivirus 6.0.1000, an old program stopped working.  (The program is MKS Toolkit 5.2, which I have had running on XP for over 9 years).

When I start the program, it crashes, and offers to report the problem to Microsoft (Exception code 0xc0000005, flags 0x00000000).  I have found that if I disable Avast's Behavior Shield, the program starts up fine.  I only need to disable "Monitor the system for unauthorized modifications".  Nothing I have tried configuring, other than disabling the shield, helps.  I have tried:
- adding the program (as well as every program it might invoke) as a trusted process for Behavior Shields
- changing the action to take for the Behavior Shield to "Allow" or "Ask"

Note that as many times as the Behavior Shield crashes this program, nothing is logged in the statistics for Behavior Shield (neither suspicious events, nor events analyze).

My conclusions:
  - The Behavior shield is somehow affecting this program, even when the program is marked as trusted
  - Avast! does not even consider this action to be analyzing a Behavior Shield event

Any help would be appreciated.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: 6.0 Behavior Shield Problem
« Reply #1 on: March 01, 2011, 03:18:40 AM »
Could you please compress MTK Toolkit and upload it on out FTP? (instructions are here: https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=18&nav=0,61). It's hard to download MTK Toolkit from web, so this way would be much faster, thx.

colorado_bob

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #2 on: March 08, 2011, 02:09:10 AM »
I have uploaded the file MKS-MIN.ZIP   I have previously sent this file by email.  I would appreciate acknowledgement that you have received this file and have been able to reproduce the problem.

SafeSurf

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #3 on: March 08, 2011, 10:23:52 AM »
@ colorado_bob,

I have sent a message to pk to respond to you in this thread.

If you are still having difficulty with your current version of Avast, there is now a Pre-Release v. 6.0.1021 available Free:    http://files.avast.com/files/beta/6.0.1021/setup_av_free.exe that you can either upgrade or do a clean install.  Given the problems you had, I would suggest a clean install (uninstall using the Avast Uninstaller tool: http://files.avast.com/files/eng/aswclear6.exe.  Thank you.




giselle

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #4 on: June 03, 2011, 01:29:56 AM »
I'm having the same problem, with MKS Toolkit 5.1a, which was working until I
switched to Avast 6.0.1125 earlier today.  MKS Toolkit now only works if I turn
Avast OFF.  The failure occurs whenever I am using any MKS command (e.g., vi, ls, pwd,
which, cp, rm, mv, rmdir, make), with the message:

MKS Toolkit for Win32 has encountered a problem and needs to close.  We are sorry for the inconvenience.
It then sends information to Microsoft, listing modules such as:
vi.exe (the MKS command I was trying to execute)
ntdll.dll
kernel32.dll
snxhk.dll (this appears to be an AVAST module)
ADVAPI32.dll
RPCRT4.dll
etc., etc.

So, apparently, the problem has not been fixed yet.

SafeSurf

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #5 on: June 03, 2011, 09:55:01 AM »
@ giselle,

Could you please compress MTK Toolkit and upload it on onto the Avast FTP?  Here is additional information on how to invoke a memory dump file:  http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71.  It is a read-only file.

Please, zip and upload the C:\Windows\Memory.dmp file to this anonymous ftp server and name it uniquely giving us the name of the file in this thread: ftp.avast.com/incoming.  Avast will analyze it and respond back to you in this thread.

Edit: To please all those concerned w/my post.
« Last Edit: June 05, 2011, 11:02:07 AM by SafeSurf »

giselle

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #6 on: June 03, 2011, 11:31:59 AM »
I won't be at that machine again until Monday, but will try to do that then.  What do you mean by sending you the MKS Toolkit, though?  Do you want the installation disk?  Or what's installed?  It's many files in several directories, and requires a number of registry settings (including PATH settings) to work.

SafeSurf

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #7 on: June 03, 2011, 11:37:50 AM »
You posted in the same thread as the other OP with the same problem and if you look at the previous post, that was the reply from the Avast Team member.

Why don't you submit a mini-dump file when you get the BSOD problem, and this way Avast can actually see what is causing the issue.  You will still do the mini-dump the way I provided the directions in my last post.  Waiting until Monday is not a problem.

ady4um

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #8 on: June 04, 2011, 12:42:24 AM »
Or
-   Upload it using the Run command-line in Windows: Windows Key + R (to get the run box), copy and paste this:

     and drag the file into the window, from another explorer window.

I think that command - line code is not correct. I think the code should be
Code: [Select]
explorer ftp://ftp.avast.com/incomingbut please correct me if I'm wrong.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: 6.0 Behavior Shield Problem
« Reply #9 on: June 04, 2011, 01:47:19 AM »
It is the forum software, if you don't wrap ftp paths in the ftp tag it adds the http element.

e.g.
Code: [Select]
[ftp]wrap the ftp path in these tags[/ftp]
like this:
Code: [Select]
[ftp]ftp://ftp.avast.com/incoming[/ftp]
Turns out like this in the post:
ftp://ftp.avast.com/incoming
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ady4um

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #10 on: June 04, 2011, 02:41:30 AM »
It is the forum software, if you don't wrap ftp paths in the ftp tag it adds the http element.

e.g.
Code: [Select]
[ftp]wrap the ftp path in these tags[/ftp]
like this:
Code: [Select]
[ftp]ftp://ftp.avast.com/incoming[/ftp]
Turns out like this in the post:
ftp://ftp.avast.com/incoming

Yes, I know that, but the bottom line is that a user copying that code might not see the mistake (according to their experience/knowledge), if it is indeed a mistake.

Since SafeSurf is not new to this forum (so he knows the tags), I wanted to confirm if that code he posted was correct, for the OP and/or other users following those instructions.

Specifically, to be technically correct, SafeSurf suggested using the command-line in Windows ("explorer..."), so posting the code as a link (using tags; whether the "http" tag as he used or the "ftp" tag as DavidR posted) gives the user a wrong result anyway.

Experienced users might have caught the mistake, but the point of the command-line code was to help less experienced users.

So, again, if I'm not mistaken, that code should be:

Code: [Select]
explorer ftp://ftp.avast.com/incoming
which the user could copy + paste in the Windows command-line (or in <Win>+<R>).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: 6.0 Behavior Shield Problem
« Reply #11 on: June 04, 2011, 03:18:09 AM »
Copying and pasting what is in the 'Turns out like this in the post:' example won't fail as it doesn't have the http tacked on to the front of it, because I have wrapped that in the ftp tags.

What you showed in your post is what I have in my general information on uploading minidumps to the avast.com incoming folder, so I' perfectly aware of it. The purpose of my explanation and examples is so that those posting ftp links do it correctly, then the user doesn't have to figure out anything.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ady4um

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #12 on: June 04, 2011, 05:58:24 AM »
@DavidR, I wasn't talking about "copy + paste" your code. I was talking about the code SafeSurf posted:
Quote
explorer http://ftp://ftp.avast.com/incoming

which, if I am not mistaken, will fail either when clicking on it or when "copy + paste" -ing it.

@SafeSurf, whichever the correct code is, please correct it (for users following the instructions).
You might want to use the "strikethrough" tag over the previous (wrong) code and write (add) the correct one using the "code" tag for the command-line code (not a link).

TIA.

SafeSurf

  • Guest
Re: 6.0 Behavior Shield Problem
« Reply #13 on: June 04, 2011, 12:08:36 PM »
@ ady4um,

I attempted to edit my link, but it is the way the forum is responding to posting the link that is adding the http.  Since you have made your statement about the issue, I'm sure by now the OP is well aware of things and David has clarified it.  I did not make a mistake in posting it...this is how the forum changed the link at the time of my posting and I am unable to change it now.  Let's leave the discussion at that and not get long winded about it so the OP can get back on-topic.  Thank you.  :)

See edited changes above.
« Last Edit: June 05, 2011, 11:03:15 AM by SafeSurf »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: 6.0 Behavior Shield Problem
« Reply #14 on: June 04, 2011, 01:32:03 PM »
You at some point have done a copy and paste of my little script, unless you use the Quote button and then copy the relevant section, you lose any important formatting tags that prevents the forum software making any modifications.

So you need the stuff (ftp URL, etc.) that you don't want modified or any formatting applied by the forum software wrapped in code tags.
e.g. [code]ftp://ftp.avast.com/incoming[code]

You can only see them in this post because I have used another tag nobbc (No Bulletin Board Code) to wrap them, this also prevents some forums modifying what is inside.

There is an FTP icon, 2nd row 4th from the left in the reply window that will insert these FTP tags which makes the code tag redundant. But you can use Code icon, 2nd row third from the right in the reply window that will insert these code tags and you just paste the FTP url in between them. The Code tag is handy for other things which you don't want any formatting applied to, etc..
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security