Hi there.
I think I found a problem with Avast detecting a virus, and Microsoft’s EFS (Encrypted File System) built into Windows. The problem results in severe system instability that (for me) requires physically pressing the reset button to get the system back. The steps to duplicate the problem are as follows:
- Make an encrypted folder.
- Put a file infected with a virus into that folder (eg, download a virus from the internet and save it to that folder. I think because the avast service is running under SYSTEM, it cannot check the file, it is encrypted. Only the user can transparently access it).
- Right click the virus file and click properties.
- In “Attributes”, click Advanced.
- In “Compress or Encrypt Attributes” untick “Encrypt contents to secure data” and click OK.
- Click Apply on the properties window.
At this point the EFS system is called to decrypt the file. Avast immediately detects the virus and asks what you want to do. I tried deleting the file and on another occasion moving it to chest, but both ways result in the properties window to hang. At this point the system becomes unstable.
I’m not sure whats going on inside, but I this is what I think. Avast has blocked EFS, and some code in EFS has trouble when it finds the file is abruptly removed. This causes EFS to hang, and has a knock on effect on explorer.exe. A lot of my files are encrypted with EFS, so this may be why my crashes are so severe. Possibly if it was just the 1 file, the crash would just take down explorer.exe, which can be restarted. Thats all my guess, I don’t know whats actually happening.
I’m running:
AMD Athlon 2500+ XP
512MB DDR SDRAM
Windows XP SP2
Avast build 4.6.623
I searched the forum but found no mention of EFS. Has Avast been tested with EFS? If you need more info please ask.
Thank you.