Files locked AFTER scan - TDS does not release

Discussion in 'Trojan Defence Suite' started by halcyon, Jan 3, 2005.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I've been battling with this problem for some time now:

    1. I download a file (it is not locked)
    2. I scan manually the file in TDS-3. Scan finishes. Nothing found
    3. I try to delete the file: File is locked
    4. I quit (completely quit) TDS-3 from Systay and try deleting: file deletes ok

    So, it appears to me that TDS-3 locks the files for scanning, but does not release them immediatelly after scanning, EVEN IF the files are completely clean.

    Is this a user setting?

    Can I somehow get around it, without having to Quit and Restart TDS-3 every single time I scan something and want lock removed on the file scanned?

    Anyone?
     
    Last edited: Jan 4, 2005
  2. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Eh, am I really the only person suffering from this problem?

    Any ideas?
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I normally get round taht by closing the folder the downloaded file is in

    That normally releases TDS's lock on it

    It only seems to happen in a few cases though and generally I can delete anythinng after TDS has scanned it
     
  4. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Thanks for chiming in!

    So, you are confirming it's a bug.

    None of my other scanners (Ewido, NOD32, A2, Bitdefender, etc) do the same.

    They all release the file lock succesfully after a scan.

    I think this is a bug and should be fixed, even though it is a minor one.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I'm not sure if it's a TDS bug or a windows bug as I get the same problem with Kapersky as well
     
  6. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    It must be your guys choice of AV's locking the file's or some other process ... I just tested it with an .exe file and a .txt file ... TDS immediately released it after the scan and the file's are very deletable.

    The real time scanner in your AV scans right along with TDS whenever you perform any scan ... I am using NOD32 ...

    If your AV has an option to kill the real time scanning feature give it a test. Although some have that option and do not really stop/terminate.
     
  7. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    You could always confirm that TDS has the file open using Sysinternals Process Explorer

    Make sure that the lower pane view is on and showing handles, 2 ways to do this, either :
    - type control-H
    or
    - Make sure that the "Lower Pane View" is on (via Menu: View, Show Lower Pane should be ticked) and also make sure that you are viewing Handles in the lower pane (via Menu: View, Lower Pane View Handles)

    Then scroll down the open file handle list in the bottom pane looking at objects with a "Type" of "File". If your recently scanned file is there (it will probably be at the end of the list being a recently opened file) then you have confirmed the behaviour

    I haven't tried this but it should work, right click on the file in question and "Close Handle" to manually unlock your file...

    I also did a test with an exe file and it wasn't held open, so it isn't the "normal" behaviour of TDS-3 to do that (at least on my computer)

    If it isn't TDS holding the file open then use Process Explorers "Find" command to search and see which process it is
    Either control-F or Find, Find Handle and put in the executable name and click on search and see what process comes back...
     
Thread Status:
Not open for further replies.