7.0.1407 - File System Shield activity & FSS exclusions

[iroc9555]

@ Tetsuo

Yes, I could not reach the servers because Avast! was fixing that corrupted vps for the 26 th. Still I have not had a straight answer why I had in my Avast! IU v. 7.0.1409. BTW when servers were enabled, I tried to update the program and the correct v. now shows in my Avast!IU.

@ DavidR and all XP pro user with the FSS hiperactivity problem.

All day working with Word, Excel, notepad, and web. My Fss count is 1127 files.  Thanks Avast!, and still waiting for some thecnical explanation to us inquisitve minds  . Was it the transient memory as DavdR suspected or something else ? Why only Xp Pro ?

Thanks again.

[Vlk]

Yes it was a problem related to the transient cache feature.

[iroc9555]

Thanks Vlk

You still up. Hard work this version, doesn't it.

[reesd]

I just found out that 7 scanned the same, unchanged executable 5000 times in 2 days. No wonder things seem sluggish...
http://forum.avast.com/index.php?topic=94621

d

[DavidR]

I have replied in your other topic, this for me has certainly been resolved.

[reesd]

Thanks DavidR. I dug through this thread before posting and didn't see it had been resolved. I think I must have missed it in the thread because it was done through a VPS update and I was looking for an EXE update.

I'm now at 928 in 12 hours with a reboot, so I think that is much better. I haven't turned off any of my new exclusions yet.

[DavidR]

No problem.

I found when I unchecked the X (execute) box the files were scanned but only ones as they should, the transient cache now seems to be doing its job.

[reesd]

No problem.

I found when I unchecked the X (execute) box the files were scanned but only ones as they should, the transient cache now seems to be doing its job.

Very interesting that definition files tweak that. A little worrying also since they change so often...

You know what I would really like, is a little more info in the log. At the very least if it was a R, W, or X so I know what I need to exclude.
And an option to list exclude/transient/persistent ignores also would be good, so we can everything avast wanted to look at, but skipped for one of those three reasons.

The two combined would really help us trim/tweak exclusions and also give better feedback in threads like these.

d

[DavidR]

The report file settings can be modified in the expert settings of the file shield. Beware of what you ask for as the log file would become massive and not particularly user friendly.

Simply adding OK files to the list of data included in the report file, will create a line entry for every file scanned and that could be a huge amount of data, even in a day.

[reesd]

You know what I would really like, is a little more info in the log. At the very least if it was a R, W, or X so I know what I need to exclude.
And an option to list exclude/transient/persistent ignores also would be good, so we can everything avast wanted to look at, but skipped for one of those three reasons.

The two combined would really help us trim/tweak exclusions and also give better feedback in threads like these.

The report file settings can be modified in the expert settings of the file shield. Beware of what you ask for as the log file would become massive and not particularly user friendly.

Simply adding OK files to the list of data included in the report file, will create a line entry for every file scanned and that could be a huge amount of data, even in a day.

I am VERY familiar with those settings. I actually have it on OK all the time, that is how I catch these to many scan situations like this. It doesn't really grow that large when its working well.

However, it doesn't provide any of the options I listed. It only provides OK for non-skipped files (non-excluded/transient/persistent) and doesn't indicate if they were scanned for R, W, or X.

d

[DavidR]

For the most part files won't be scanned when read, only when written (either created or modified) or eXecuted, so the file type is likely to give a clue as to as to why the file might have been scanned.

One other problem is that some applications that actually access files do so at an elevated level, e.g. when they access the file they do so with writ privileges rather than read and that in itself forces avast to scan. So I don't see how the type of access to the file that triggered the scan helps that much unless you can also identify the application accessing the file.

That was the thing that would have been very helpful when this first happened, it was suggested to use ProcMon to see what was touching these files (triggering the scan), but no one said what we should be looking for as the amount of data returned was a snow storm when looking for a snow flake.

But all in all the only thing that needed to be known was the files were repetitively which they shouldn't have been if the Transient scan was working as it should and not what the type of access that triggered the scan.

Personally I'm reluctant to see the logs get even more verbose as for your average user this isn't a benefit. Whilst having the options there wouldn't hurt, just that I'm not sure they would have helped in this particular case.

[supatorutoru]

Thanks DavidR. I dug through this thread before posting and didn't see it had been resolved. I think I must have missed it in the thread because it was done through a VPS update and I was looking for an EXE update.

I only check the first page and this one. My program version is 7.0.1426 and I still experience dramatically low performances when the shield is on.

I'm now at 928 in 12 hours with a reboot, so I think that is much better. I haven't turned off any of my new exclusions yet.

I don't even see the point of counting considering the insane scans it keeps doing. I can't even use a LAMP powered application and a P2P client. For the last maybe I should have installed the dedicated shield. Still excluding files, PHP scripts for instance, and disabling scanning for open/write operations didn't change anything. It's like all these features were ignored.

[reesd]

The only shield I have enabled is file, that might help your P2P case.