Author Topic: 7.0.1407 - File System Shield activity & FSS exclusions  (Read 28886 times)

0 Members and 1 Guest are viewing this topic.

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #75 on: February 28, 2012, 12:47:33 AM »
@ Tetsuo

Yes, I could not reach the servers because Avast! was fixing that corrupted vps for the 26 th. Still I have not had a straight answer why I had in my Avast! IU v. 7.0.1409. BTW when servers were enabled, I tried to update the program and the correct v. now shows in my Avast!IU.

@ DavidR and all XP pro user with the FSS hiperactivity problem.

All day working with Word, Excel, notepad, and web. My Fss count is 1127 files.  ;D Thanks Avast!, and still waiting for some thecnical explanation to us inquisitve minds  8). Was it the transient memory as DavdR suspected or something else ? Why only Xp Pro ?

Thanks again.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #76 on: February 28, 2012, 02:25:00 AM »
Yes it was a problem related to the transient cache feature.
If at first you don't succeed, then skydiving's not for you.

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #77 on: February 28, 2012, 02:40:22 AM »
Thanks Vlk

You still up. Hard work this version, doesn't it.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline reesd

  • Jr. Member
  • **
  • Posts: 60
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #78 on: February 29, 2012, 01:57:55 AM »
I just found out that 7 scanned the same, unchanged executable 5000 times in 2 days. No wonder things seem sluggish...
http://forum.avast.com/index.php?topic=94621

d
MacBook Pro
XP SP3 (Bootcamp)
Avast 6 Free
FF4, FF3.6, IE9, Chrome, Safari

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85382
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #79 on: February 29, 2012, 02:55:34 AM »
I have replied in your other topic, this for me has certainly been resolved.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline reesd

  • Jr. Member
  • **
  • Posts: 60
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #80 on: February 29, 2012, 03:10:06 PM »
Thanks DavidR. I dug through this thread before posting and didn't see it had been resolved. I think I must have missed it in the thread because it was done through a VPS update and I was looking for an EXE update.

I'm now at 928 in 12 hours with a reboot, so I think that is much better. I haven't turned off any of my new exclusions yet.
MacBook Pro
XP SP3 (Bootcamp)
Avast 6 Free
FF4, FF3.6, IE9, Chrome, Safari

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85382
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #81 on: February 29, 2012, 03:16:11 PM »
No problem.

I found when I unchecked the X (execute) box the files were scanned but only ones as they should, the transient cache now seems to be doing its job.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline reesd

  • Jr. Member
  • **
  • Posts: 60
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #82 on: February 29, 2012, 03:24:20 PM »
No problem.

I found when I unchecked the X (execute) box the files were scanned but only ones as they should, the transient cache now seems to be doing its job.
Very interesting that definition files tweak that. A little worrying also since they change so often...

You know what I would really like, is a little more info in the log. At the very least if it was a R, W, or X so I know what I need to exclude.
And an option to list exclude/transient/persistent ignores also would be good, so we can everything avast wanted to look at, but skipped for one of those three reasons.

The two combined would really help us trim/tweak exclusions and also give better feedback in threads like these.

d
MacBook Pro
XP SP3 (Bootcamp)
Avast 6 Free
FF4, FF3.6, IE9, Chrome, Safari

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85382
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #83 on: February 29, 2012, 03:54:38 PM »
The report file settings can be modified in the expert settings of the file shield. Beware of what you ask for as the log file would become massive and not particularly user friendly.

Simply adding OK files to the list of data included in the report file, will create a line entry for every file scanned and that could be a huge amount of data, even in a day.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline reesd

  • Jr. Member
  • **
  • Posts: 60
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #84 on: February 29, 2012, 03:59:51 PM »
You know what I would really like, is a little more info in the log. At the very least if it was a R, W, or X so I know what I need to exclude.
And an option to list exclude/transient/persistent ignores also would be good, so we can everything avast wanted to look at, but skipped for one of those three reasons.

The two combined would really help us trim/tweak exclusions and also give better feedback in threads like these.
The report file settings can be modified in the expert settings of the file shield. Beware of what you ask for as the log file would become massive and not particularly user friendly.

Simply adding OK files to the list of data included in the report file, will create a line entry for every file scanned and that could be a huge amount of data, even in a day.

I am VERY familiar with those settings. I actually have it on OK all the time, that is how I catch these to many scan situations like this. It doesn't really grow that large when its working well.

However, it doesn't provide any of the options I listed. It only provides OK for non-skipped files (non-excluded/transient/persistent) and doesn't indicate if they were scanned for R, W, or X.

d
MacBook Pro
XP SP3 (Bootcamp)
Avast 6 Free
FF4, FF3.6, IE9, Chrome, Safari

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85382
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #85 on: February 29, 2012, 04:33:57 PM »
For the most part files won't be scanned when read, only when written (either created or modified) or eXecuted, so the file type is likely to give a clue as to as to why the file might have been scanned.

One other problem is that some applications that actually access files do so at an elevated level, e.g. when they access the file they do so with writ privileges rather than read and that in itself forces avast to scan. So I don't see how the type of access to the file that triggered the scan helps that much unless you can also identify the application accessing the file.

That was the thing that would have been very helpful when this first happened, it was suggested to use ProcMon to see what was touching these files (triggering the scan), but no one said what we should be looking for as the amount of data returned was a snow storm when looking for a snow flake.

But all in all the only thing that needed to be known was the files were repetitively which they shouldn't have been if the Transient scan was working as it should and not what the type of access that triggered the scan.

Personally I'm reluctant to see the logs get even more verbose as for your average user this isn't a benefit. Whilst having the options there wouldn't hurt, just that I'm not sure they would have helped in this particular case.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline supatorutoru

  • Newbie
  • *
  • Posts: 1
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #86 on: March 18, 2012, 07:37:57 PM »
Thanks DavidR. I dug through this thread before posting and didn't see it had been resolved. I think I must have missed it in the thread because it was done through a VPS update and I was looking for an EXE update.
I only check the first page and this one. My program version is 7.0.1426 and I still experience dramatically low performances when the shield is on.

I'm now at 928 in 12 hours with a reboot, so I think that is much better. I haven't turned off any of my new exclusions yet.
I don't even see the point of counting considering the insane scans it keeps doing. I can't even use a LAMP powered application and a P2P client. For the last maybe I should have installed the dedicated shield. Still excluding files, PHP scripts for instance, and disabling scanning for open/write operations didn't change anything. It's like all these features were ignored.

Offline reesd

  • Jr. Member
  • **
  • Posts: 60
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #87 on: March 20, 2012, 04:49:32 PM »
The only shield I have enabled is file, that might help your P2P case.
MacBook Pro
XP SP3 (Bootcamp)
Avast 6 Free
FF4, FF3.6, IE9, Chrome, Safari