Hello,
My system is running o/k using Windows XP SP3 and Avast Free edition. I now run the machine as limited user.
When a virus is found in an accessible folder, there is no problem. Avast just deletes the file or moves it to the vault. However, when a virus is found in the \Windows or \Windows\system32 folders, Avast is unable to either delete it or move it until I log in as the administrator. Then no problem.
If I remember correctly, Avast boots up as a systems user, in which case I think it should work. Is there a way to confirm that Avast boots as a systems user? If not, how do I fix this problem?
Thanks a lot
Frank1
avast!'s on-access scanner services load with system privileges, but the on-demand scanner only has the privileges of the account used to launch it.
I think this shouldn’t be a problem, though. If running as a limited user, malware cannot write themselves into any folder that the on-demand scanner cannot clean anyway. If really needed, you can always run the scanner using the RunAs command to elevate privileges to administrator.
I think you don’t have a problem…
If you want full access scanning, do it through the admin account or schedule a boot time scanning within the admin account and boot.
I don’t think I explained the problem well enough. I am not talking about on demand scanning. The virus or Malawi was downloaded some time ago before the database knew these viruses were viruses. While using the machine, after a new database is downloaded, this virus is caught by Avast, the pop up asks what I want done with it, Delete, place in Vault or do nothing. If I click the Delete or Place in Vault, I get another pop up stating that the operation could not be performed and the original pop up comes up again asking to Delete, Place in Vault or do Nothing. This is, of course, if the virus is in an inaccessible location.
I checked the Avast Services and under Log On it shows who started it. In my case it is started by Local Systems account. I believe that this is correct. So I still don’t understand why a virus caught automatically, therefore running under the Local Systems account cannot delete a file in the \Windows directory.
I have also tried to Start the Avast Antivirus from the icon at the bottom tight hand corner. The virus is found but will not delete files in the \Windows directory.
Not necessarily, maybe it’s into an archive (.zip, .cab…) and avast can’t just remove the infected file and avast does not handle the entire archive file (unfortunately).
Tech,
I didn’t realise that Avast does not handle those situations.
However, why is it, in my case, that if I log off the limited user and log on as the admin, do a scan, find the virus and deletes fine?
Thanks
Frank1
Are you sure you’re referring to the same files?
If so, maybe it’s an access problem as the antivirus will be started by the user and not with necessary rights to manage the infected files.