I’ve recently been seeing a Windows dialog window appear with the message “An application is requesting access to a protected item”. The dialog window also contains an entry box to fill in a password, and a “Details” button. Clicking on the Details button displays:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
This typically occurs once a day in the afternoon. Surprisingly this does not occur during the nightly scheduled full system scans.
Any ideas about how to address this or to find out what is the protected item that avastsvc is attempting to access would be most appreciated. This is really driving me nuts!
FYI I’m running Avast! Free 11.1.2241 with virus def 151127-0
This occurred again today at 3:33:00 PM EST. Applications that were running at the time were Chrome, Outlook Express and Windows Explorer. There is nothing in any of the event logs at or around 3:33pm. I was not at my computer at that time. Scheduled Tasks show nothing was scheduled to run during that timeframe.
The attached screenshots show:
av1: initial windows dialog
av2: after clicking on the “Details” button
av3: right-dragging the filepath to see the full filename
av4: after entering a bogus password in the initial window and clicking ok
Thanks for the help. Let me know if I can provide anything else.
A bit more info: I noticed that at exactly 3:33:00pm Outlook Express was checking for new messages. I know this because today I set up Debut to do a screen capture video taking snapshots at 1 fps. I could see OE start the “authorizing” process when the dialog popped up at 3:33:00pm.
It seems to me that something on your system is accessing a file/application that avast wants to scan, but safeguard is blocking avast from doing its job.
I was not at my computer at that time
It could be a screensaver wanted to run, the system wanted to go into sleep-mode or something like that.
It seems to me that something on your system is accessing a file/application that avast wants to scan, but safeguard is blocking avast from doing its job.
Agreed
It could be a screensaver wanted to run, the system wanted to go into sleep-mode or something like that.
I have no screensavers running and sleep-mode disabled. The computer is always on.
Obviously I need to find out what “protected item” avast is trying to access. Is there an avast log I can enable that records all it’s real-time Active Protection file accesses? That might help. I could match up the time the popup occurs with the timestamp in the log.
Hi Eddy - There were no errors reported in the FileSystemShield log. The daily entries are all similar to this:
Avast Real-time Shield Scan Report
This file is generated automatically
Started on: Monday, November 30, 2015 10:33:38 AM
Infected items, Hard Errors, Soft Errors and Skipped Items are all enabled in the File System Shield reports settings. But it’s strange that avast is not reporting this. :-\
I rather doubt that anything will show in the log - given what the OP said - as essentially the file shield didn’t scan anything as it was blocked ???
Now confirmed
It would also depend on what the log settings are for the file shield as it only reports/records Infected items, Hard errors by default. I just wonder is this would be considered a hard error.
The only way I would suggest would be to include Soft errors, Skipped items and possibly OK items (but this last item would swamp the log). The log file could get quite large considering you may have to wait some time for a replication to occur.
It’s strange. I do have Infected items, Hard Errors, Soft Errors and Skipped Items enabled but the log entries only contain a start time (as below):
Avast Real-time Shield Scan Report
This file is generated automatically
Started on: Monday, November 30, 2015 10:33:38 AM
So this particular issue is not logged for some reason. Tomorrow I will add OK Items and see what happens. I also have Debug enabled. I’m not sure but am assuming those logs are located under the /log folder. But there are a lot of logs to go through and the info is really meant for developers, so end users like me are pretty lost trying to parse what’s going on in there.
Its in your images, your system has a program or function (presumably called Protected Storage - safeguard) to protect certain areas that is stopping avast scanning those areas. You need to find its settings and add avastSvc.exe to its exclusions.
Thanks for the suggestion and clarifications. Try as I might, I cannot find any configuration UI for the Protected Storage service on my WindowsXp machine. I did find this description of the Protected Storage Service here: https://msdn.microsoft.com/en-us/library/aa939852(v=winembedded.5).aspx which says that “There are no configurable settings for this component”. So I’m at a loss on this angle.
However I found some other interesting info: today the “Protected Item” error dialog popped up at 11:29:02 am EST. I was looking through the Avast debug logs searching for any entries timestamped 11:29:02 or 16:29:02 GMT and found 4 files. I included excerpts from 2 of the files below (if you want to see more of a particular file, let me know):
Well I found out source of the problem. It is Avast’s Home Network Security scanning. I can duplicate this issue by simply opening the “Scan for Network Threats” and poof! The dialog appears each time I do so. So now I’m trying to find out how to disable HNS. I think adding my router URL to the Exclusions list should do it. I will let you know how that’s working after a few days.
I wonder if this might have something to do with others having problems with the scan itself. That said they aren’t mentioning about this Protected Storage dialogue window.