Author Topic: 7.0.1407 - File System Shield activity & FSS exclusions  (Read 29215 times)

0 Members and 1 Guest are viewing this topic.

Offline Joseph Collins

  • Newbie
  • *
  • Posts: 9
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #60 on: February 26, 2012, 09:21:14 AM »
Lazy copy-and-paste from my topic:
Greetings.  I have an issue that has been reported already, but largely disregarded as "user error".

Basically, since upgrading to avast! v7, the program locked on to, and repeatedly, redundantly scanned a single file.  This file, "RaUI.EXE", gets scanned twice per second, pointlessly skyrocketing the "File System Shield" counter.  The program itself is the Rosewill Wireless LAN Card user interface program and is perfectly safe.  The program comes standard with a number of Rosewill wireless network cards and USB dongles and runs from startup to shutdown because it constantly monitors the networking hardware. (It's actually an optional program when you get right down to brass tacks, but it has a lot of useful information about one's wireless connection.)

The problem started in avast! v7 and was did not happen prior to this.  avast! reports no problem with the file, as it shouldn't, but keeps scanning it as if it's opening and closing over and over again, which is isn't.  The only work-around for this problem is to track down the file and exclude its directory or the file itself (generally "C:\Program Files\Rosewill\Common\*" or "C:\Program Files\Rosewill\Common\RaUI.exe" respectively) from the scan:

[how to add exclusions to the shields]

Thank you for your time.
What I neglected to mention was that I'm also running Windows XP 32-bit with Service Pack 3.  I've also never had a problem with avast! prior to this.  I sincerely hope this topic gets some notice by the appropriate people.  I really like avast! and have since v4, when it found viruses on my old machine that AVG did not.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11804
    • AVAST Software
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #61 on: February 27, 2012, 01:12:38 AM »
How about now, any improvement?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85608
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #62 on: February 27, 2012, 01:29:02 AM »
I honestly don't know, was something done with the engines, FSS sensitivity/exclusions or Transient cache ?

The reason I say I don't know as I have had to enter over 30 FSS exclusions just to keep it to within reasonable parameters. I even had to give these RWX as RW wasn't enough for the repetitive scans to stop and the files most certainly weren't executed.

But there are currently only 1360 scanned for this session,  about 12 hours on and about 3-4 hours intermittent use mainly on the forum.

EDIT: I have unchecked the X in the exclusions to see if that cranks up the volume again and stopped and restarted FSS.
« Last Edit: February 27, 2012, 01:32:44 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #63 on: February 27, 2012, 01:56:11 AM »
Only tangentially related ... I did my first full system scan today since the update, and that took about 3x as long as usual.  Looks like the persistent cache was deleted, or at least cleared, and needed re-populated from scratch.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85608
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #64 on: February 27, 2012, 01:59:35 AM »
Sorry but that is unrelated as there is no way you can compare on-demand scans with on-access ones.

yes if you did a clean install the Persistent cache would be gone and possibly reset on a program update, so it will take a few scans before it returns to similar durations.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #65 on: February 27, 2012, 05:33:28 AM »
I honestly don't know, was something done with the engines, FSS sensitivity/exclusions or Transient cache ?

The reason I say I don't know as I have had to enter over 30 FSS exclusions just to keep it to within reasonable parameters. I even had to give these RWX as RW wasn't enough for the repetitive scans to stop and the files most certainly weren't executed.

But there are currently only 1360 scanned for this session,  about 12 hours on and about 3-4 hours intermittent use mainly on the forum.

EDIT: I have unchecked the X in the exclusions to see if that cranks up the volume again and stopped and restarted FSS.

@DavidR,

How are getting on now?

Been fortunate in that none of the above problems have occurred on my system.  And this was with a simple upgrade, not a clean uninstall/install.

See attached.

Maybe if I were to publish the .ini file, you might see something there?

Let me know.
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline Tetsuo

  • Poster
  • *
  • Posts: 594
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #66 on: February 27, 2012, 12:56:49 PM »
@mchain, the problem until now seems only related to some XP PRO SP3 systems. I assume you are running XP Home Edition SP3.

At least, I don't remember users reporting this issue for Vista/W7...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85608
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #67 on: February 27, 2012, 02:44:58 PM »
@ mchain
I don't believe that the .ini file would reveal much, as the previous ones attached showed little difference between. Looking at your figures then look reasonable balanced when compared with the web shield and network shield.

The problem as outlined I believe are/were more related to a problem in the transient cache and not so much the filesystemshield.ini setting, unless of course the user set it to scan all files.

@ Tetsuo
Yes as has been mentioned it is mostly seen in XP Systems.

UPDATE: For Igor and others with the problem
As I mentioned in Reply #62 above in response to Igor's comment "How about now, any improvement?" I have modified my exclusions to see if that reproduces the problem.

Yesterday there were 5 VPS/engine updates, so it may be that one or more of these were engine updates and changed the way that the transient cache and FSS work together, I don't know. However, the current status is that the repetitive scanning appears to have stopped, e.g. the transient cache function appears to be working now.

####
So for those with the problem, I suggest you reset the last scanned count, so as to see how it is working now and monitor over an hour or two. To reset the counts, Stop the FSS (self-defence module will seek confirmation) and immediately Start it again, the counts will be at 0/0.

@@@@
One thing that I have noticed (whilst I had the Report File set to record OK files), if I use the XP Quick Launch toolbar and open just one application, avast's FSS scans All quick start links (.lnk)

Code: [Select]
27/02/2012 11:09:42 C:\Documents and Settings\UserName\Recent\FileSystemShield.txt.lnk [+] is OK
27/02/2012 11:09:42 C:\Documents and Settings\UserName\Recent\report.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\OEQuoteFix (Non Admin).lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedyFox.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (Non Admin).lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Bullzip PDF Printer.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatExpert Memory Scanner.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Viewer.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\BT Broadband Desktop Help.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\BT Broadband Life.LNK [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\BT Yahoo! Online.LNK [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\BT Hub Manager.LNK [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! SecureConnect.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Quicken Deluxe 98.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\vscan_start.bat.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Normal.dot.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\backup8gb.bat.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\databackup.bat.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\backup.bat.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\MailWasher (Non Admin).lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox (Non Admin).lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop iCalendar Lite.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\z Avast5_ForumVirusGen.txt.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Explorer E Data.lnk [+] is OK
27/02/2012 11:09:50 C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Thunderbird (non-admin).lnk [+] is OK


So it would appear that some things have changed in yesterdays updates as currently the FSS files scanned count is 124/0.
« Last Edit: February 27, 2012, 02:47:25 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #68 on: February 27, 2012, 03:22:21 PM »
Igor and DavidR.

I must admit that I went back to A 6, but after reading Igor's post this morning I proceeded to install A7 again. First I tried thru internal updater but it failed. It just stopped at step 1 " Saving Package" . I had to do a clean install of V 7. WoW no more analyzing the same file. I also rebooted a couple of time to make sure. All settings as default. I have not changed anything. By my third reboot I noticed that a new version is available 7.0.1409. I tried to update thru Avast again but I got a Server error unreachable. Also I tried to add English to my Spanish installment but can't download package  :(

DavidR I stopped FSS and started it again 0/0 right now. I'll keep and eye or two see what happens.

What's with the servers ? Not able to reach then. Are they down ?

« Last Edit: February 27, 2012, 03:25:33 PM by iroc9555 »
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85608
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #69 on: February 27, 2012, 03:27:06 PM »
For me I was a little more stubborn and wanting to try and track down the problem as several people were experiencing it.

Which servers, there are hundreds ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #70 on: February 27, 2012, 03:50:28 PM »

Which servers, there are hundreds ?

Did not say, or did not paid attention. I'll see again if it happens.

My count for FSS 230/0.

For me I was a little more stubborn and wanting to try and track down the problem as several people were experiencing it.


It would be nice if Igor would report back with an explanation about it.

Thanks DavidR
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85608
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #71 on: February 27, 2012, 03:53:39 PM »
You're welcome.

I now assume that this from the avastUI and you were trying a manual program update ?
If so it may be a while whilst they are repopulated with the 7.0.1409 version, I just tried a manual update and it started but didn't progress, so I cancelled it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #72 on: February 27, 2012, 04:04:26 PM »
Yes me too. I am going to wait a little. BTW I still do not have any stream update. I mean, looking at your screenshot, I still do not have any of those folders.
« Last Edit: February 27, 2012, 04:40:27 PM by iroc9555 »
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6346
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #73 on: February 27, 2012, 04:21:58 PM »
For me, the problem is gone on my WinXP Home SP3 Laptop :)

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

Offline Tetsuo

  • Poster
  • *
  • Posts: 594
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #74 on: February 27, 2012, 07:03:38 PM »
By my third reboot I noticed that a new version is available 7.0.1409. I tried to update thru Avast again but I got a Server error unreachable. Also I tried to add English to my Spanish installment but can't download package  :(

You may be interested in this thread: http://forum.avast.com/index.php?topic=94454.0

Unfortunately there's also a brand new problem a problem caused by a bogus definition file (see VLK's posts).