Hi,
My system config : WinXP SP3, Avast 7.0.1466
Avast File System Shield (realtime scanner) config :
scan when executing : all 3 options checked
scan when opening : ‘docs’ + ‘all files’ checked
scan when writing : ‘default extensions’ + ‘all files’ checked
scan when attaching : all 2 options checked
exclusion : none
advanced : ‘don’t scan system DLLs’ un-checked, ‘transient caching’ checked, ‘persistent caching’ un-checked
packers : NONE CHECKED (the problem comes from this option)
sensitivity : all 3 options checked
*** The scan archive problem ***
I place a large ZIP file on the desktop : ‘BigFile.zip’
I right-click it, the copy and paste it on the desktop (thus creating a copy : ‘Copy of BigFile.zip’)
I see that ‘BigFile.zip’ and ‘Copy of BigFile.zip’ are both scanned
(I can see it in the file system shield traffic and it takes a few seconds)
question : since no packers are checked, especially the ZIP ones, how is it that both zip files get scanned?
if the ‘scan all files on opening/writing’ overrides this option it looks like a bad idea.
My intend was to have all files scanned on opening/writing EXCEPT the archives (like the zip file I used for the test).
*** The transient caching problem (not really related to the first problem, except that it makes it worse) ***
Immediatly after creating the first ‘Copy of BigFile.zip’
I right-click again ‘BigFile.zip’ and paste it again on the desktop (thus creating a second copy : ‘Copy (2) of BigFile.zip’)
I see that ‘BigFile.zip’ has been scanned again despite the fact that ‘transient caching’ is active
this time it look likes a mere bug, Avast does not remember that it has already scanned the file 5 seconds ago.
(I’ve already made a similar remark about the ‘transient caching’ in another thread)
*** Conclusion ***
If I copy a 500Mb archive on my system, both the source file and the copied file get scanned, which hangs the system for a long time.
If this copy (or move) operation has been done automatically by a program then I don’t even know why my system gets blocked.
(I’ve got the habit to look at the orange ball in the systray to see if it turning around)
Can anyone replicate this behaviour?
Any advice appreciated.
I won’t advertise for Avira (for some other reasons) but this AV has the option to exclude archives from realtime scan.