Discrepencies between AntiVir on-access vs on-demand?

Discussion in 'other anti-virus software' started by SDS909, Jun 11, 2006.

Thread Status:
Not open for further replies.
  1. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    DejaVu with my VBA32 issue of less than 50% accuracy with on-access..

    In testing today, AntiVir seems to be missing files with on-access, but finding them with on-demand. I have verified all settings, altered settings (w/reboot) to see if anything helps (all files, auto, extensions). Heuristics on/off, and about everything else, it is still missing the files.

    For example, you can test this yourself with a simple and harmless "Joke" file.

    http://www.rjlsoftware.com/software/entertainment/showhide/download.shtml
    (note, this is NOT a malicious file, but many AV's detect it as a joke)

    AntiVir completely misses it on-access, but finds in on-demand.

    Whats going on here? On-access vs on-demand discrepencies are the main reason I switched FROM VBA32, and to discover what appears to be the same thing with AntiVir?
     
  2. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    I <think> I know what the problem is.

    AntiVir is only scanning on-access with the primary databases, and leaving the secondary (Jokes/etc) as on-demand only. If this is the case, I am not too happy about it. I think all databases should be included in all measures of program operation. However I cannot fully verify these findings (yet).

    In otherwords:

    On-Access: Adware, Dialer, Double Extensions, Phishing, Backdoor-Client.

    On-Demand: Adware, Dialer, Double Extensions, Phishing, Backdoor-Client, Jokes, Games, Security Privacy Risk, Unusual Runtime Tools

    Again, pure speculation at this point, I haven't fully tested why it is ignoring things it shouldn't be. ;-)
     
    Last edited: Jun 11, 2006
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Could it have anything to do with the file extensions? I notice that in the default settings, the on-demand scanner has different settings for which files to scan than the on-access scanner.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I noticed few weeks back Antivir was detecting WinFixer when I tried to download it. BUT after recent version update it is not dtecting during download but detect when I try to open the file after download. I have all settings kept max.
     
    Last edited: Jun 11, 2006
  5. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    It is not my settings. I have tried *EVERY* variation of settings, including a reboot after changes, and this issue is still present.
     
  6. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    My AntiVir detects that file on access and on demand.

    Did you unpack the zip? The on-access guard does not unpack archives (which is good imho).
     
  7. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    Bah, I must be on crack tonight.. I didn't even notice that the EXE version of the file was a self extracting archive. I assumed it was just an executable file that was being missed. Apparently it is SUPPOSED to miss compressed files of all type.

    It is late, its been a long day, I should have figured that out. o_O

    Disregard, all systems normal. LOL
     
Loading...
Thread Status:
Not open for further replies.