does AVAST place file locks on the files it is scanning?

mrblint · 2015-06-18T22:42:35.000Z

I am wondering if AVAST might be interfering with my ability to publish a “ClickOnce” Microsoft app to a Windows 2003 server on our LAN. I’m trying to republish the app but am getting an error message that another application has the manifest open. Does AVAST place locks on the files it is analyzing?

Also, when I try to rename the file on the server using Windows File Explorer, that is not possible; the file has a lock on it.

Users have read-only access to the publish directory, so I don’t think any one of the end users could have done this.

Eddy · 2015-06-19T14:02:11.000Z

All security scanning applications (should) place a lock on the file it is scanning.
The reason behind it is really simple.

Example:
Let’s say you have a clean file that is 50 Mb.
avast starts scanning and have done the first 20 Mb.
You change something within the first 20 Mb.
That means avast should start scanning again from the beginning.
If it doesn’t do that, you could enter malicious code within the first 20 Mb and avast will show the file is save.
That is ofcourse not what we want and would make avast (or another scanner) useless.

mrblint · 2015-06-19T15:34:57.000Z

Thanks for the reply.

I understand the rationale for needing to prevent changes to a file while it is being scanned. I have some followup questions, if I may?

Couldn’t the files be downloaded and locked on the client workstation in a “safe area” instead of the lock being placed on the file on the server?

Can file locks be “stacked”? Is it possible for multiple locks to be placed on the same file simultaneously?

I hope the answer is yes. If it is no, doesn’t that effectively mean that when a new program is launched for the first time in an organization, a queue must form if several users should attempt to launch the same program concurrently?

Does Avast release its locks after each file has been scanned, or does it maintain locks on all files in the download package until the entire package-scan has completed?

Also, what happens if a client machine from which the scan was initiated should freeze up? The lock remains on the server file until that client PC is rebooted, and until then, the software package cannot be updated. Is there a way to find out which client workstation has set the lock?

Eddy · 2015-06-19T17:02:28.000Z

I have some followup questions, if I may?

Ofcourse you may. :D

Does Avast release its locks after each file has been scanned, or does it maintain locks on all files in the download package until the entire package-scan has completed?

Since it is a package it is basically the same as the example I have given. Scanning of the entire package must be finished before it is released.

Can file locks be "stacked"? Is it possible for multiple locks to be placed on the same file simultaneously?

In theory only one application/OS can place a lock at a time. If e.g. avast placed a lock on a file, a other application can not lock it because it has no access to the file. But as I said that is the theory. I would not be surprised if there is a way that multiple applications can place a lock on a file at the same time. Fact is that if application A places a lock and releases the file, application B can place a lock at it. So yes, locks can be "stacked". If I understand your question correctly.

Also, what happens if a client machine from which the scan was initiated should freeze up? The lock remains on the server file until that client PC is rebooted, and until then, the software package cannot be updated.

I hope I understand you correctly. A client only should scan files that are on the client or send to it. A client should never be able to lock a file on a server. If for whatever reason the client hangs, need to be rebooted or whatever, it should not have any impact at all on the file on the server. After all, the file is on the server and "only data" is send to the client.

Is there a way to find out which client workstation has set the lock?

Yes. As admin you should be able to see what clients are using the file and details about the usage and such.

As I said, I am not sure if I understood your questions correctly so I can be wrong.
The answers I have given in this post are as I see it.
Please don’t tickle me if I am wrong ;D

mrblint · 2015-06-19T19:51:16.000Z

I can clarify.

What we have is an application manifest and related files deployed to a Windows server using Microsoft’s ClickOnce publishing mechanism.

Users point a shortcut at publish.html on the Windows server, and when that page is opened it launches an EXE which in turn downloads any required DLLs to the client machine where it installs them in the client PC’s Global Assembly Cache (GAC).

When users attempt to launch a new program deployed to the server (or one that has been modified and republished to the server) an Avast window pops up on the client PCs’ screens indicating that Avast is scanning the program for malware.

If Avast is scanning files only after they have been downloaded to the client PC (Avast is running on the client), why would Avast need to place a lock on each of the files up on the server? That is what I don’t understand, why the files on the server have to be locked.

Perhaps I was unclear about that. Is Avast locking the files on the server?

Announcements