Avast ignores "trusted application" settings

[colwarg]

And still scans files in the exclusion list.

The icon animates when opening a trusted process plus animates when the trusted process opens a file in the file system exclusion list.

Seeing as File System Shield & Behavior Shield do not work as expected, how do I disable those modules without avast pitching and showing the triangle in the taskbar?

[igor]

If you are referring to the Behavior Shield's "Trusted processes", that setting only affects the specific Behavior Shield's monitoring - it is certainly not meant to avoid FileSystem Shield's scanning when the process in question performs filesystem operations.
Regarding the FileSystem Shield exclusion list - it works correctly. I suggest to open the avast! UI, switch to the FileSystem Shield page and watch the "Last scanned" item; it's hard to guess what is actually being scanned just from the fact that the icon rotates.

[colwarg]

All right, I can understand that.

Opening: C:\Program Files\MPC HomeCinema\mpc-hc.exe

With File System Shield running, takes 2 minutes to open.
Not running, shows up instantly.

Settings is "DO scan documents when opening" & "DON'T scan files when writing"

So the issue comes from mpc opening the following files when launching:

Code: [Select]

Name Description Company Name Version Path
mpc-hc.exe Media Player Classic - Homecinema mpc-hc@Sourceforge 1.3.1249.0 C:\Program Files\MPC HomeCinema\mpc-hc.exe
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.0.2195.7038 C:\WINNT\system32\ADVAPI32.dll
COMCTL32.DLL Common Controls Library Microsoft Corporation 5.81.4968.2500 C:\WINNT\system32\COMCTL32.DLL
COMDLG32.dll Common Dialogs DLL Microsoft Corporation 5.0.3700.6693 C:\WINNT\system32\COMDLG32.dll
CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2195.6926 C:\WINNT\system32\CRYPT32.dll
ctype.nls C:\winnt\system32\ctype.nls
DCIMAN32.dll DCI Manager Microsoft Corporation 5.0.2180.1 C:\WINNT\system32\DCIMAN32.dll
DDRAW.dll Microsoft DirectDraw Microsoft Corporation 5.3.1.904 C:\WINNT\system32\DDRAW.dll
devenum.dll Device enumeration. Microsoft Corporation 6.5.1.902 C:\WINNT\system32\devenum.dll
DSOUND.dll DirectSound Microsoft Corporation 5.3.1.904 C:\WINNT\system32\DSOUND.dll
GDI32.dll GDI Client DLL Microsoft Corporation 5.0.2195.7205 C:\WINNT\system32\GDI32.dll
KERNEL32.DLL Windows NT BASE API Client DLL Microsoft Corporation 5.0.2195.7135 C:\WINNT\system32\KERNEL32.DLL
locale.nls C:\winnt\system32\locale.nls
LZ32.DLL LZ Expand/Compress API DLL Microsoft Corporation 5.0.2195.6611 C:\WINNT\system32\LZ32.DLL
MPR.DLL Multiple Provider Router DLL Microsoft Corporation 5.0.2195.7134 C:\WINNT\system32\MPR.DLL
MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.0.2195.7334 C:\WINNT\system32\MSASN1.dll
msdmo.dll DMO Runtime Microsoft Corporation 6.5.1.900 C:\WINNT\system32\msdmo.dll
msvcrt.dll Microsoft (R) C Runtime Library Microsoft Corporation 6.1.9844.0 C:\WINNT\system32\msvcrt.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.0.2195.7006 C:\WINNT\system32\ntdll.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.0.2195.7059 C:\WINNT\system32\ole32.dll
OLEAUT32.dll Microsoft Corporation 2.40.4532.0 C:\WINNT\system32\OLEAUT32.dll
oledlg.dll Microsoft Windows(TM) OLE 2.0 User Interface Support Microsoft Corporation 5.0.2195.7114 C:\WINNT\system32\oledlg.dll
PSAPI.DLL Process Status Helper Microsoft Corporation 5.0.2134.1 C:\WINNT\system32\PSAPI.DLL
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.0.2195.7281 C:\WINNT\system32\RPCRT4.dll
SETUPAPI.dll Windows Setup API Microsoft Corporation 5.0.2195.6622 C:\WINNT\system32\SETUPAPI.dll
SHELL32.DLL Windows Shell Common Dll Microsoft Corporation 5.0.3900.7155 C:\WINNT\system32\SHELL32.DLL
SHLWAPI.DLL Shell Light-weight Utility Library Microsoft Corporation 6.0.2800.2006 C:\WINNT\system32\SHLWAPI.DLL
sortkey.nls C:\winnt\system32\sortkey.nls
sorttbls.nls C:\winnt\system32\sorttbls.nls
unicode.nls C:\winnt\system32\unicode.nls
USER32.dll Windows 2000 USER API Client DLL Microsoft Corporation 5.0.2195.7133 C:\WINNT\system32\USER32.dll
USERENV.DLL Userenv Microsoft Corporation 5.0.2195.7002 C:\WINNT\system32\USERENV.DLL
VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.0.2195.6623 C:\WINNT\system32\VERSION.dll
WININET.dll Internet Extensions for Win32 Microsoft Corporation 6.0.2800.1649 C:\WINNT\system32\WININET.dll
WINMM.dll MCI API DLL Microsoft Corporation 5.0.2161.1 C:\WINNT\system32\WINMM.dll
WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation 5.0.2195.6659 C:\WINNT\system32\WINSPOOL.DRV
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.0.2195.6601 C:\WINNT\system32\WS2_32.dll
WS2HELP.DLL Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.0.2134.1 C:\WINNT\system32\WS2HELP.DLL
Changing the scan from DO on write and DON'T on read doesn't change the time it takes to load.

Something's not right when the protection is this buggy.

[Asyn.B]

Something's not right when the protection is this buggy.

What do you mean..??

[igor]

2 minutes? That's certainly not normal.
Of course the executable is loading the dependent DLLs - but even if they are scanned (most of them should not be thanks to the persistent cache - at least if the system catalogs on your machine are OK), scanning those few files should be done in a fraction of a second.

Again, if you watch the "last scanned" item on the FileSystem Shield page - what is being scanned? How many files are scanned (i.e. how much the number of scanned items grow) during those 2 minutes of starting?

[colwarg]

Watching the last scanned, it appears to be scanning everything the program is opening, either due to DLL dependance or file opening.

Count increases by 45.

Expert Settings -> Advanced:
[X] Do not scan verified system DLLs
[X] Use transient caching
[X] Use persistent caching

[igor]

45 files should be scanned in a second, not two minutes...
What if you go to Settings / Cloud Services and uncheck the option "Enable reputation services" - does it change the startup time?

Even though it might sound like a weird question - is your C: drive formatted as NTFS, or FAT?
Also, your OS is Windows 2000?

[colwarg]

First thing I did, walked through all the settings and restored the settings Avast silently resets to default on installation. *

Cloud services unchecked, web reputation removed, etc.

W2K NTFS 3.2ghz dual processor with 4 gigs of ram and way more disc space than I can remember.

* another gripe about updating to a new version, Avast deletes ALL my preferences and resets them.

P.S. I have a couple of degree's in hardware / software engineering, so I am a programmer.

P.P.S. Avast still scans files with BOTH Open & Write unchecked. Go figure, the program isn't even obeying it's own user interface.

[AntiVirusASeT]

in avast v7, it is now possible to backup ur settings to be used in future installations. (settings -> maintenance -> back up settings)

previously u have to manually set them.

[colwarg]

This gets worse, it's interferring with my online game play and scanning the traffic to the game server.

And I have no idea at this point which module is the offending module and how to go about setting it to NEVER scan traffic to the game server nor scan anything that the game program does.

[colwarg]

Again, ignores the trusted application settings and the file shield is scanning files being opened by the game program.

No means to determine which files are affected because it only displays the last file, so you have to watch it closely, and attack each file or extension as you see it zip by.

And do note, this is with the module running, but neither of the checkboxs:
[_] Scan documents when opening
[_] Scan files when writing
Is checked.

[colwarg]

Uninstalled File Shield and Behavior Shield, performance of computer is back to screaming awesome.

[DavidR]

Again, ignores the trusted application settings and the file shield is scanning files being opened by the game program.

Adding an executable file to the trusted processes won't stop the FSS scanning files that it opens (they aren't trusted/excluded by the FSS); it is just the behavior shield that won't monitor that processes activity (as Igor said in the first reply).

The Trusted Processes is a Behavior Shield setting so wouldn't be valid or carry over to the FSS settings.

[Nesivos]

Again, ignores the trusted application settings and the file shield is scanning files being opened by the game program.

Adding an executable file to the trusted processes won't stop the FSS scanning files that it opens (they aren't trusted/excluded by the FSS); it is just the behavior shield that won't monitor that processes activity (as Igor said in the first reply).

The Trusted Processes is a Behavior Shield setting so wouldn't be valid or carry over to the FSS settings.

That is also my understanding.

Are "Trusted Applications" those applications that you do not want "sandboxed"?   If that is the case I don't see why making an application a trusted one should prevent avast! from scanning it when it is opened.  In fact I would think just the opposite.  If you tell avast! never to sandbox an application I would think that you would want the application files scanned when it is opened otherwise your computer becomes essentially defenseless against any harm that the application might try to inflict when it is opened.

[DavidR]

No they aren't as trusted applications only relates to the behavior shield. You can only 'exclude files' from being Auto-Sandboxed, not processes/programs and what it might subsequently open.