amon stuck on persfw.exe ?

Discussion in 'NOD32 version 1 Forum' started by stevenha, Feb 23, 2003.

Thread Status:
Not open for further replies.
  1. stevenha

    stevenha Registered Member

    Joined:
    Jan 28, 2003
    Posts:
    4
    Location:
    Edmonton
    Is this normal behavior? Amon seems to scan the same file over and over again. persfw.exe ( kerio personal firewall ). The total number of files scanned goes up and up, about 1 per second, but the name of the last file scanned stays unchanged. There is no sign of disk activity.

    Assuming something is wrong, can you suggest a way to fix it?
     
  2. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Looks like the firewall is active. IMHO quit normal scan on access...
     
  3. stevenha

    stevenha Registered Member

    Joined:
    Jan 28, 2003
    Posts:
    4
    Location:
    Edmonton
    Can you explain this with more detail please? Shouldn't amon be scanning files? lots of different files?

    Or, if you say that amon is scanning persfw.exe again and again, because it is receiving and sending network traffic, it doesn't seem natural that the number of files scanned would count upward like a clock ticking once per second. ( Does this happen with your computer?)

    Thanks
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Others have reported this happening with Kerio's persfw.exe. See this thread(link). Apparently, the way Kerio is designed, the process accesses segments of that file, for whatever reason (it doesn't matter how or why), so that each access is causing NOD32 to rescan the file (via its normal "on access" scanning function). Yes, amon is also scanning lots of other files as they are accessed, it's just that this file is accessed so frequently that it just looks like it's the only file being scanned.

    When people find a file that is accessed almost constantly, based upon how a specific application is built, they often add that file to the exclude lists in their scanning software. Now there's always the debate regarding whether this allows that file to be comprimised more easily. (Of course, if the file is being accessed continuously anyway, chances are its also locked all the time, so it probably won't be altered.)
     
Thread Status:
Not open for further replies.