I have beem following the ARK-tool from the earliest betas in March this year, and tested version 0.9.6
of the beta successfully. The same goes to the AR-module in Avast.
Since then I have done a lot of reading to catch up on this tool and the module in Avast.
I must have missed something, and I have some questions to ask around this.
As I learned 9 months ago the tool was automatic at Windows boot every time after 8 minutes,
and this scan takes 3-5 seconds. Resuts are logged in aswar.log.
By duing a manual thorugh or standard scan the tool is run, but I suppose in another way than the 3-5 seconds at Windows boot. No logging of those AR results (at that time.)
While waiting for the Standalone AR that didn’t come out of beta I played with some batch-files
to accomplish what I hope is same results as the AR-tool.
I did as described on the fora and used Ashquick.exe to make 3 batchfiles named SUPER-QUICK, QUICK and FULL. They run for 3-5 seconds, half a minute and a little more than a minute on one of my systems.
(It will of course depend on many variables.)
Lately I dicovered a new log, aswar1.log, which is produced by doing a Thorough scan manually through the userinterface, but not by a Standard scan. The heading of the log is Quick.
Here are my questions;
Does the standard manual scan do a RT-scan, if yes why is it not logged in aswar1.log?
(Or must we use a thorough scan to accomplish this which produces a QUICK scan log in aswar1.log).
Is the only means of getting a FULL scan using Asqick.exe with parameter FULL.
Will 2 give us more safety than 1 concerning RK detection. It uses the double time as far as I can see.
Is FULL scan something like what was planned for the standalone tool that AFAIK never got out of beta?
During the beta period it was talked about a special version of a RK-scanning done during a scheduled boot-time scanning. Is this there by now?
As you can see the only part of Avast RT-part I am familiar with is the scanning 8 minutes after Windows boot.
It is in the log all the time, but it takes VERY short time. That is my reason for the other questions…
I use my FULL scan with my batchfile, but I suppose this was not the intention…
My goal for asking is to get the most out of Avast RK-module.
It’f from a thorugh, manual scan, and as you can see it gives a ‘medium’ AR-scan(Quick) as asked in question 1 in original post. As I asked I don’t get it with standard scans?
EDIT: IT’s easy to find because it gets appended all the time.
i think most of the users don’t want to read so much text to answer 5 little questions…
if you want an answer the question should be small and clearly asked!
My 5 questions still remain in the first post numbered from 1-5.
‘5 little questions’ was really an understatement.
Some material is impossible to ask with a short sentence. This is a black area for the most of us.
But those interested and knowledgeable in the field will take their time to read and possibly answer.
You like it short: ‘Give me an oveview of Avast antirootkit protection from the users point of view.’
(super-quick, quick and full and when they are performed automatically…)’
I’ll stick with the numbers to make communication easier.
1. Does the standard manual scan do a RT-scan, if yes why is it not logged in aswar1.log?
(Or must we use a thorough scan to accomplish this which produces a QUICK scan log in aswar1.log).
can just be answered by an avast!-team-member...
2. Is the only means of getting a FULL scan using Asqick.exe with parameter FULL.
in my opinion the opinion of alwil is that a home-user shouldn't be able to do a manual rootkit-scan - and so there is no other posibility than by in my opinion "hacking" or tricking ( i dont know an fiting english word) on avast with batch-files or special parameters...
or use the pro version...
3. Will 2 give us more safety than 1 concerning RK detection. It uses the double time as far as I can see.
with a full scan more areas on your pc are scaned (in the pro-version you see it) so it is able to detect more rootkits (in more areas), but in my opinion the most important areas are scanned by a quick scan too and that should be enough...
4. Is FULL scan something like what was planned for the standalone tool that AFAIK never got out of beta?
also can just be answered by an avast!-team-member
but what i can say is that a full scan is included in the pro version, so its not only for the standalone anti rootkit and i'm quiet sure that the full scan would also have been included in the standalone tool...
5. During the beta period it was talked about a special version of a RK-scanning done during a scheduled boot-time scanning. Is this there by now?
i didn't hear/read about this, probably also only a avast!-team-member can answer this...
And now we can hope that an avast!-team-member answers the staying questions^^
