How to scan standard-extensions on open with RS ?

Hi,

as a new user of avast 4 home (on Win2k-SP4, 56k analog-modem :slight_smile:

  1. is there an easy way to set the resident shield to scan all files of the default(write-scan) extension list on OPEN/READING ?
    as I see it now, it scans only boot, Exe and OLE …
    (P.S.: OLE meaning what apart from office-like documents??)
    Or do I have to copy & enter each item from the read list to the scan-on-open-list ?

I searched the board/FAQ a bit but couldn’t find much…
Please point me, if I missed it:-)
Thanks in advance…

:slight_smile:

I can only answer question 1 :

You have to put a asterix “*” without the “” in the > Standard shield > scanner advanced > scan files with these extension > *

Now AVAST will scan really ALL files.

I have it setup like this, and it does improves security alot, but the drawback is that it will make your system a little slower offcourse. But for me this little slowdown is woth the gain in safety.

If you have AVAST pro you can setup the resident scanner to scan and unpack ALL known archives also. Wich offers even more detection

Greets,

Waldo

Hi Waldo,

thanks, that occurred to me, but I’d rather have avast RS only scan potentially dangerous files (like in the scan-on-write default list), and not slow down my system by scannning all files on open…
If nobody here can find an easier solution, I’ll just copy all the relevant filetypes into the scan-on-open-list :slight_smile:

btw what does {*} mean in the extension list ? is this to do something with CLS-IDs ?
:slight_smile:

I have no idea at all ! :slight_smile: lol

But i do know (i’ve read it in the forums) that by putting it in, Avast scans everything.

Maybe some Avast support member can try to anwer these questions. I’m also intrested…

Waldo

but I'd rather have avast RS only scan potentially dangerous files (like in the scan-on-write default list), and not slow down my system by scannning all files on open..

I absolutely agree. Scanning all files on open is an overkill. This is the current default extension set - just copy and paste it to the appropriate box:

COM,EXE,DLL,SYS,SCR,OV?,VXD,386,BIN,BAT,CMD,DO?,XL?, PP?,HT*,HLP,CH?,{},ASP,CLA,CPL,CSS,INF,JS*,LNK,MS?,OCX,PDF,PIF,PO?, PRC,RTF,SHS,VB?,VSD,WS?,SWF,AD?,ASX,BAS,CRT,INS,ISP, MDB,MDE,PCD,PRF,REG,SCF,SCT,SHB,URL,EML,NWS

btw what does {*} mean in the extension list ? is this to do something with CLS-IDs ?

Exactly, it handles the extensions in the form {CLSID} that can be as dangerous as any other.

Vlk

Thanks VLK !!
that’s what I (being lazy & not a good typist) wanted

Keep up the good works…

:slight_smile:

btw: although I have set both prog and VDF-Updating to automatic AND was online for about 1 hour,
avast only downloaded a vps update just when I explicitly told it to check… ???
in what intervals does avast check for an open inet-connections or , if PC is online, for updates ? ???

I absolutely agree. Scanning all files on open is an overkill. This is the current default extension set - just copy and paste it to the appropriate box:

COM,EXE,DLL,SYS,SCR,OV?,VXD,386,BIN,BAT,CMD,DO?,XL?, PP?,HT*,HLP,CH?,{*},ASP,CLA*,CPL,CSS,INF,JS*,LNK,MS?,OCX,PDF,PIF,PO?, PRC,RTF,SHS,VB?,VSD,WS?,SWF,AD?,ASX,BAS,CRT,INS,ISP, MDB,MDE,PCD,PRF,REG,SCF,SCT,SHB,URL,EML,NWS


Default !? If one doesn’t write in the box the open is scanned for all of these extensions ?
Regards,rolando

No, that’s the default set of “executable” (dangerous) extensions used elsewhere. If you don’t write anything in the “Scan files for open” box, no files will be scanned just on open (which is not as bad as it sounds - they will be scanned on execution, so it’s OK in fact).

Last week I’ve got a virus opening an HTM file (It was a download of a web mail ) . Could I avoided it if I had “HTM” in the open box ?
Thanks,rolando

I think it would.
What virus did you get by opening an HTM file?

Hi Igor,

you’ve confused me there…
what’s the difference between open and execute in case of files containing code and being able to “run” on doubleclick ?
and how do you “execute” e.g. a html or a vbs-file ? they are opened and processed by their respective applications, right ? ??? ???

“Open” means “acquire read or write access”.
I know I’m a little twisted here, but when I read “open” (e.g. an executable), I personally understand something like “view it in some kind of viewer” - hexeditor, or F3 in an Nortron Commander-style program, such as Far, Total Commander etc.
“Execute” means “start the program”.

As for the others, you are right - when you execute a HTML and VBS file, the respective application is executed and the file is passed to it as an argument to be “opened” inside the program. Therefore, scanning files on execute doesn’t help here, since it is the application that will be scanned, not the “data” file.

I think it would. What virus did you get by opening an HTM file?

It was VBS:REDLOF . My double click opened to me a blank page ! from then on the windows had only the colors white and red. You cannot see any written line in a window unless you didn’t hit "Edit/select all "
when a red background allowed to see white characters !You could not write e-mails.But there is a post in this forum about this.
Regards,rolando

For sure the avast! ball turns in system tray.
Nice and not easy.

Well, you are right I am afraid… in this case (thanks to Microsoft I guess) the virus is able to “get out” of the browser, activate and spread. In the Pro version, it would be cought by the Script Blocker, but it is not available in the Home version.
If you were starting it by clicking a file, then setting “Scan file on open” on HTM* would really detect and deny it.

Hmm, maybe we should modify the default settings of the resident protection a little… :-\

Second this motion… :wink:

I have two defenses “script defender” and “Noscript”, this has minimized the problems.But, inside at the IE, jscript code have to work ,of course, to build web pages (Htlm code and jscript code).
However the scan is performed when “HTLM” is written in the open box. The fact is that the scanner has not found the virus . Also when I scanned the hard disk it has found the virus inside at system restore folder but not in the *.htm file. However if a virus is found in a file that its extension is in the open box ,what happen ? There is an alarm or something is stopped ?
THanks a lot,rolando

of course not ;D
use html, htm or best ht*

Well, if the scanner didn’t find the virus during the hard disk scan, that’s strange - if you still have the file, could you send it by e-mail?

The RedLof virus is vbscript in fact, not jscript. Of course, you want to run “reasonable scripts” in your browser (the Script Blocker of the Pro version is just another Resident Protectin provider - it scans the scripts run by the browser and blocks only the infected ones).

The rest of the post, unfortunatelly, I don’t understand… What does it mean “The scan is performed when HTML is written in the open box”? What is an “extension in the open box”? An application can put whatever extension it wants to the open dialog… of course, it usually puts there the extensions is uses…
[Edit: or you don’t mean an “open dialog”, but the resident protection settings: “Scan files on open” box?]

Generally, if any virus is found, a big warning dialog is displayed (though in the Pro version, you can configure many other actions). You wouldn’t overlook it…

I deleted the file quickly ! What are the extensions !? Of course >>>>>>>>>>>>>>>
COM,EXE,DLL,SYS,SCR,OV?,VXD,386,BIN,BAT,CMD,DO?,XL?, PP?,HT*,HLP,CH?,{},ASP,CLA,CPL,CSS,INF,JS*,LNK,MS?,OCX,PDF,PIF,PO?, PRC,RTF,SHS,VB?,VSD,WS?,SWF,AD?,ASX,BAS,CRT,INS,ISP, MDB,MDE,PCD,PRF,REG,SCF,SCT,SHB,URL,EML,NWS
<<<<<<<<<<<<<<<<<
And of course if you type them in Resident Protection “Scan files on open” box ,WHEN the file
that is processed has a virus…
WHAT happen ? 1) the virus is blocked or 2) there is only an alarm ?

You have replied that there is only a big warning.
Correct ?
Regards,rolando