4.0.417 Continually Scanning Outlook Express dbx files

Discussion in 'ESET NOD32 Antivirus' started by MarcR, Apr 6, 2009.

Thread Status:
Not open for further replies.
  1. MarcR

    MarcR Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    60
    NOD 4.0.417 is continually scanning Outlook Express dbx files over and over and over again, as long as Outlook Express is open as indicated in the Statistics Window.

    I can't stop it.

    I've even disabled Integratration with Outlook Express and went as far as to turn off email protection completely. Still won't stop scanning the same dbx files over and over while OE is open. When OE is closed, the scanning stops.

    The only way to stop it was to add the folder containing my OE dbx files to the exclusions. I assume incoming email will still be scanned.

    This is probably a bug. Can anyone replicate this? Open Outlook Express and then go to: Protection Status, Statistcs and select "Real Time File System Protection" to view currently scanned files.

    Notes: I have Cloudmark Desktop for Outlook Express Installed
    Cloudmark is an anti-spam program that integrate with OE.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Dbx files are scanned only by the on-demand scanner. What makes you think that dbx files are continually being scanned? Do you assume so because the system performance is slower or why?
     
  3. MarcR

    MarcR Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    60
    Go to Protection Status, Statistcs and select "Real Time File System Protection" to view currently scanned files in real time.

    This is where I see the same dbx files being scanned over and over (only while outlook express in open)

    Notes: The workaround for this bug, is to add the folder containing the dbx files to exclusions. I just verified that incoming and outgoing email is still scanned by using the eicar test file.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That doesn't indicate that the file is actually scanned, just processed by real-time protection because an application is accessing it.
     
  5. MarcR

    MarcR Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    60
    Oh, ok.

    That could be it. But it does say "Scanned Objects"

    Just seems really busy. When OE is closed, the number of files being processed is very low. When outlook express is open, it's scanning the dbx files constantly.

    Perhaps OE constantly accesses those dbx files. But I don't think so - it seems as though NOD is scanning them in order and over and over in the same order. Again, unless OE is doing this.

    This deserves further investigation.
     
  6. MarcR

    MarcR Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    60
    Found another possible bug:

    When I add this to exclusions, the scanning of *.dbx files stops:

    D:\PROGRAM DATA\OUTLOOK EXPRESS\*.*

    BUT -- When I add this to the exclusions, the scanning does not stop. It would appear there is a bug with wildcards:

    D:\PROGRAM DATA\OUTLOOK EXPRESS\*.dbx


    I sent a support request to Eset - Let's see what they say. Thanks.
     
    Last edited: Apr 6, 2009
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I cannot replicate this with a dbx file. Try the same with eicar.com to see if it's actually detected.
     
  8. MarcR

    MarcR Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    60
    I confirmed that *.com does work to exclude - no detection / alert and the statistics windows does not even show the file being scanned. That's good.

    Why this isn't working with dbx files I don't know. Weird.

    Thanks for your help. I'll let you know when I receive a response from Eset.
     
Thread Status:
Not open for further replies.