Discrepencies between AntiVir on-access vs on-demand?

Discussion in 'other anti-virus software' started by SDS909, Jun 11, 2006.

Thread Status:
Not open for further replies.
  1. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    DejaVu with my VBA32 issue of less than 50% accuracy with on-access..

    In testing today, AntiVir seems to be missing files with on-access, but finding them with on-demand. I have verified all settings, altered settings (w/reboot) to see if anything helps (all files, auto, extensions). Heuristics on/off, and about everything else, it is still missing the files.

    For example, you can test this yourself with a simple and harmless "Joke" file.

    http://www.rjlsoftware.com/software/entertainment/showhide/download.shtml
    (note, this is NOT a malicious file, but many AV's detect it as a joke)

    AntiVir completely misses it on-access, but finds in on-demand.

    Whats going on here? On-access vs on-demand discrepencies are the main reason I switched FROM VBA32, and to discover what appears to be the same thing with AntiVir?
     
  2. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    I <think> I know what the problem is.

    AntiVir is only scanning on-access with the primary databases, and leaving the secondary (Jokes/etc) as on-demand only. If this is the case, I am not too happy about it. I think all databases should be included in all measures of program operation. However I cannot fully verify these findings (yet).

    In otherwords:

    On-Access: Adware, Dialer, Double Extensions, Phishing, Backdoor-Client.

    On-Demand: Adware, Dialer, Double Extensions, Phishing, Backdoor-Client, Jokes, Games, Security Privacy Risk, Unusual Runtime Tools

    Again, pure speculation at this point, I haven't fully tested why it is ignoring things it shouldn't be. ;-)
     
    Last edited: Jun 11, 2006
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,889
    Could it have anything to do with the file extensions? I notice that in the default settings, the on-demand scanner has different settings for which files to scan than the on-access scanner.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,109
    Location:
    Saudi Arabia/ Pakistan
    I noticed few weeks back Antivir was detecting WinFixer when I tried to download it. BUT after recent version update it is not dtecting during download but detect when I try to open the file after download. I have all settings kept max.
     
    Last edited: Jun 11, 2006
  5. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    It is not my settings. I have tried *EVERY* variation of settings, including a reboot after changes, and this issue is still present.
     
  6. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    My AntiVir detects that file on access and on demand.

    Did you unpack the zip? The on-access guard does not unpack archives (which is good imho).
     
  7. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    Bah, I must be on crack tonight.. I didn't even notice that the EXE version of the file was a self extracting archive. I assumed it was just an executable file that was being missed. Apparently it is SUPPOSED to miss compressed files of all type.

    It is late, its been a long day, I should have figured that out. o_O

    Disregard, all systems normal. LOL
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.