Scan-on-Write still fails with 4.1.260 HE

Hi,

although I have set the RS to scan created/modified files according to extension list, the RS doesn’t act up, if I write eicar.com from editor or unpack it from an encrypted ZIP.

it does scan on opening with editor or touching the eicar.com file in Explorer though… (scan-on-open is fed with the default list, as well as scan created…; basic page: default settings…)

W2k-SP4 plus all critical patches; AMD 2000+ with dial-up

and eerhhmm… I copied the new, larger VPU-files from the avast-setup-folder of an avastly updated PC(version #259 I think) with fast inet to this one with slow inet; and then ran avast’s prog-update.
took a while ( so I don’t know if avast didn’t download everything again, or just the #260…?),
but then it finished seemingly without problems…
was this evil …? ;D ;D

After the recommended reboot the versionnumbers and everything else looked ok to me…
??? :wink:

whocares, kindly read this post:

http://www.avast.com/forum/index.php?board=2;action=display;threadid=1121

minacross, that thread concerns Win9x only.

Strange, scanning eicar.com on write works here (Win2k, SP3)…

whocares, does it help if you enable scanning of all files on write?

Vlk

Hi Vlk,
Thx for the hint; I’ll try and let you know … (not at home now)
Could this be a problem of my rather creative update-procedure ?
:-\

I don’t think so since the basics of Standard Shield are working OK. If it was a corrupted file or something it wouldn’t work at all, I guess.

Hi Vlk,

scanning of ALL files on write brings only minor improvements (RS-provider stopped and restarted after setting the options; I’ll try it with reboot later…)

-still nothing from RS when writing from wordpad/notepad

  • SOMETIMES when writing from (encrypted) zip archive:
    1st unpack → nothing
    2nd unpack with overwrite over the 1st eicar.com-file → alert; choice delete → pretends to delete, but doesn’t delete…

  • 2 avast services running & set to automatic
  • ashdisp in HKLM-RUN

non-PnP in Device Manager:
aavmker4 active; BUT:

C:\Programme\AntiVir\Avast4\Setup\INF

17.10.2002 18:06 1.683 AavmKer4.inf
11.09.2003 17:02 13.248 Aavmker4.sys

Verzeichnis von C:\WINNT\system32\drivers

03.07.2003 13:58 13.248 aavmker4.sys
this alright ? the aavm-kernel is unchanged ? or didn’t it get copied to ? why the different dates ?

avast providers running:
IM, P2P & standard Shield

???

Well that stinks. The updater must have someone missed installing the drivers (maybe because of the twisted updating method you used?). Anyway, just copy the *.sys files from setup\inf to system32\drivers and reboot – this should have been done by the updater itself…

You’re appearently using the 4.0.235 drivers so no wonder the situation has not changed.

Vlk

Hi Vlk,

P.S.:
device=C:\PROGRA~1\AntiVir\Avast4\aswmonds.sys
in system32\config.nt

OK,
after a reboot both writing from editor and zip is scanned,
when scan-on-write is set to “all files”

I’ll experiment a bit with the options & rebooting:
to see whether I can make it work
with scan-on-write only for the ext-list…

Well well well much ado about nothin’, it seems;
works with extlist now, too… don’t know why not before
(works only after reboot. I’m quite sure I DID reboot quite a few times after the update, though…)

I’ll monitor this… :slight_smile:

P.P.S.: in advanced-Exclude there is
C:\WINNT\temp*.tmp

Is this a default setting, or one of my own invention ??

In both cases, I don’t deem it sensible…

so… somewhen after checking manually for program updates (no new results) avast tells me a couple of minutes later, it needs to reboot…

so being a good boy I do this, and now i have
aavm and aswmon with dates of 11.09.03 and version number of 4.0.191.0
in system32\drivers
same as in setup\inf (which alas, I think I didn’t copy during my manual “update” )

the version numbers in setup\inf and system32\drivers are correct ?

or do I need to fiddle some more ?? or a complete reinstall ?
Sorry about this…

:-\