Author Topic: running eicar from network/shared drive  (Read 14611 times)

0 Members and 1 Guest are viewing this topic.

jockel

  • Guest
Re:running eicar from network/shared drive
« Reply #15 on: October 24, 2004, 11:53:39 PM »
Hi Technical,
I am new to AVAST an run a home edition still in demo time.
If you are downloading to your local drive the eicar is detected without any
problem. But rightclick on the www eicar link, select a network drive to store to,
save, then execute from the network drive and it is not detected.
You can not see the problem I am talking about if you do not have a network drive
available to store the eicar file to.

Best regards
Jockel

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:running eicar from network/shared drive
« Reply #16 on: October 24, 2004, 11:59:14 PM »
I am new to AVAST an run a home edition still in demo time.

Are you sure?
The trial version is, the most time, the Professional one.
Home version is for free, just register, and does not need to be used only like a trial.

Professional version has on-access detectiong very higher than Home. The on-demand could be the same but not on-access. You should properly configure avast.
The best things in life are free.

jockel

  • Guest
Re:running eicar from network/shared drive
« Reply #17 on: October 25, 2004, 12:12:09 AM »
Hi technical,

- the "about avast" window says "home edition 4.1"
- the residential protection is set to "high"
and, most important:
- if I understand vlk right, the behaviour I explain exists

You need a network(shared) drive to see it.
But I will install the pro now, just to make certain.

Best regards
Jockel

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:running eicar from network/shared drive
« Reply #18 on: October 25, 2004, 12:38:27 AM »
The "about avast" window says "home edition 4.1"

If you're not using the trial version for more than 60 days, you can go to Control Panel > Add/Remove programs > avast! antivirus > Remove
Then choose Change function in the popup window and add the Professional version items. You do not need to uninstall your actual version.

if I understand vlk right, the behaviour I explain exists

I will never discuss with him  ;D
He's the boss.
The best things in life are free.

jockel

  • Guest
Re:running eicar from network/shared drive
« Reply #19 on: October 25, 2004, 12:51:59 AM »
to late :-)

I uninstalled, installed the pro, it states "pro" clearly in the about window now.
Up to date, protection level is set to "high".
Went to www.eicar.org, downloaded the "eicar.com" with "right mouseclick",
"save to" onto a network/shared drive without any intervention.
Then "doubleclick/executed" the "eicar.com" directly from the network/shared drive,
no intervention from on access scanner.

Best regards
Jockel

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:running eicar from network/shared drive
« Reply #20 on: October 25, 2004, 09:58:30 AM »
And after changing the Log On account for the "avast antivirus" service?
If at first you don't succeed, then skydiving's not for you.

jockel

  • Guest
Re:running eicar from network/shared drive
« Reply #21 on: October 25, 2004, 11:00:43 AM »
Hello vlk,
this is not that easy, as I have no single account that has access rights locally and for
the network.  If I want to have access to the Network, I have to login manually and I think
it does not make sense, if I try to set the rights of AVAST service to this network only account ?

But I will make the changes required, then set the new properties.

Best regards
Jockel

whocares

  • Guest
Re:running eicar from network/shared drive
« Reply #22 on: October 25, 2004, 11:11:21 AM »
change the account under which the avast service runs, to an account that HAS access to the network resources (e.g. a domain admin account in case of domain setup).

Hi Vlk,

I don't have a network available right now, but if I changed the avast-logon-account to (some) Admin, are there any problems with local protection, e.g.:
- when using an Admin-User, but not the REAL"Administrator" on Win2000 (Prof/WS) or
- when using the Main/Admin-User with XP-HOME ?
iirc in XP-HOME you can only log-in to real "Administrator" in SafeMode (although the resp. differences in user-rights are much less than with W2k)


DukeNukem

  • Guest
Re:running eicar from network/shared drive
« Reply #23 on: October 25, 2004, 11:40:12 AM »
to late :-)

I uninstalled, installed the pro, it states "pro" clearly in the about window now.
Up to date, protection level is set to "high".
Went to www.eicar.org, downloaded the "eicar.com" with "right mouseclick",
"save to" onto a network/shared drive without any intervention.

I do agree with you that if the eicar.com is on a network share then you can simply execute it and avast wont do a thing.

Tried it myself.

(A different issue)

You can manually configure avast so that you cannot download the eicar.com from your pc to a network drive or to your own drive. If you do this then avast will pop up saying virus detected before you can choose where to save the file.

Are you aware of this?

From your earlier post it seems unlikely.


DukeNukem,
this is not what I proposed! Download !to! a network-drive!
Then execute the virus from this network drive. You will see,
that you can download and execute the file !

Jockel  




jockel

  • Guest
Re:running eicar from network/shared drive
« Reply #24 on: October 25, 2004, 11:57:41 AM »
And after changing the Log On account for the "avast antivirus" service?
Hello vlk,
I changed the AVAST service logon account to an administrator account which exists
localy and on the shared networked PC too. I additionally logged on the local PC with this
account:
- now I can no longer save the file from www to the shared network drive, I get an AVAST alert!
- but I can still execute an existing eicar.com located on the shared network drive.

Best regards
Jockel

jockel

  • Guest
Re:running eicar from network/shared drive
« Reply #25 on: October 25, 2004, 12:03:03 PM »
I do agree with you that if the eicar.com is on a network share then you can simply execute it and avast wont do a thing.
Hi DukeNukem,
now we come extremely close to talking about the same basic subject :)
Quote
You can manually configure avast so that you cannot download the eicar.com from your pc to a network drive or to your own drive. If you do this then avast will pop up saying virus detected before you can choose where to save the file.
Are you aware of this?
If this is not the same thing as covered by the proposal of vlk (see my previous answer)
then please give me a hint where to read about it and I will check!

Jockel


DukeNukem

  • Guest
Re:running eicar from network/shared drive
« Reply #26 on: October 25, 2004, 12:27:46 PM »
Goto the standard shield provider
click 'customize'
click on 'scanner (advanced)'
tick 'scan created/modified files'
make sure 'All files is selected'

If you do this then you wont be able to download the eicar.com.


whocares

  • Guest
Re:running eicar from network/shared drive
« Reply #27 on: October 25, 2004, 12:34:15 PM »
Imho this not really adresses the issue;
you can still execute it from the network-PC, e.g. if it's downloaded there/externally

 ;)

DukeNukem

  • Guest
Re:running eicar from network/shared drive
« Reply #28 on: October 25, 2004, 01:01:07 PM »
Whocares,

try reading my other posts.

You will see that I didnt intend to provided a solution to the problem about executing files from a network share.

I was only trying to provide some advice on how to configure avast to prevent the downloading of the eicar.com.

« Last Edit: October 25, 2004, 01:01:48 PM by DukeNukem »

jockel

  • Guest
Re:running eicar from network/shared drive
« Reply #29 on: October 25, 2004, 01:26:06 PM »
Goto the standard shield provider
click 'customize'
click on 'scanner (advanced)'
tick 'scan created/modified files'
make sure 'All files is selected'
If you do this then you wont be able to download the eicar.com.
Hi DukeNukem,
no this does not help. I also see no reason why it should, as the extension
*.com is already included with the files to be scanned if you use the
standard settings. I still can download to a network drive and execute from there.

Regards
Jockel