KAV 4.5 won't open help file

Discussion in 'other anti-virus software' started by Mele20, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Windows just told me I don't have enough memory to open the KAV Help file! That is absurd. Very little memory is being used according to Windows Task Manager and I have no other symptoms of low memory. I have 1GIG RAM on this XP Pro box.

    I have been having a terrible time with the Report Viewer. It doesn't have any report except the most recent! So, if I do a command line scan of a file, that erases any previous report. Only one report is held in the Report Viewer. It wasn't behaving like this when I first installed KAV 4.5.

    I wanted to refresh my memory from when I read the help file on Report Viewer when I set up KAV 4.5 but I got this ridiculous error and can't view the help file. Report Viewer is supposed to keep the reports unless I delete them? Up to a certain limit? So where are the reports? Report viewer can't be full as I have only had 4.5 for about a week or so I think. Also, I can't have Report Viewer open and then use Windows Explorer. Explorer crashes. That should not happen.
     

    Attached Files:

    Last edited by a moderator: Jul 5, 2004
  2. Lisa

    Lisa AV Expert

    Joined:
    Feb 10, 2003
    Posts:
    38
    Location:
    Cambridge UK
    Hi, It looks like maybe an application has hung on tis pc - thereby using up your memeory.
    If you reboot pc is it accessible?
    What else was running at this time on the pc?

    As to the reports, Kaspersky reports such as the Monitor - are overwritten each time the pc restarts - unless you choose to Append the report.

    The Scanners report - avp32.rpt is held until a new scan is run.

    If you can send a copy of the report file to support@kasperskylab.co.uk - we will have a look at it and try to help you further.


    Regards

    Lisa
    KL UK
     
  3. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I still can't get Report Viewer to work properly. Unless you are telling me that I cannot run an on demand scan of the computer and then do a command line scan of one item I just downloaded and then go back to the main report to read it. That is what I cannot do! I have always had "append" checked. Surely I am not expected to not scan a file until I have taken the time to copy the report from the on demand monitor scan to some place on my hard drive!

    This is what is happening. I do an on demand scan. It takes an hour. It finishes and it doesn't pop up nicely and tell me it has finished. So, it sits there in my taskbar and I forget about it since it didn't tell me it was through. I downloaded a file and did a command line scan (I always practice safe hex) of it. That wiped out the full scan report! That is ridiculous behavior. Do I have it set up incorrectly or is this absurd behavior intentional?

    Plus, Quarantine doesn't seem to be working right. I told the on demand scanner to report and quarantine. Well, I can't see any from this latest scan as having been quarantined. I have several eicar and some other "viruses" that are in the NOD32 quarantine that KAV finds and should be quarantined but weren't this last scan. The only dates on the quarantined files are the original dates! Where is the date of quarantine? How come the files are not actually MOVED to quarantine but just copied? My current AV doesn't move the files either and that was a main reason I decided to try KAV. I don't want to have to go back to original location to delete the file. It should be moved to quarantine. What is the point, otherwise, of quarantine?

    I really like KAV 4.5 and the scanner detection is outstanding, but I must have a good quarantine program (like what NAV and PC-Cillin have) and I need to be able to save the reports without all these problems. You say that KAV will hold the report until I reboot. That is not the case. I have not been rebooting but the report is lost as soon as I do a command line scan! I do those frequently...everytime I download an executible or zipped file, etc. Why since I have append checked doesn't the Report Viewer store the report automatically on my hard drive? It seems it should store the reports until they reach a certain level (which should be user configurable) and then the oldest reports would be automatically deleted to free up space.

    I am running Windows XP Pro Sp1a.
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Mele,

    Are you doing an on-demand scan (via the standard task in the Control Centre, for example) and then a pure command line scan? On the command line invocation, are you using the /W switch for creation of a report? I haven't used KAV this way, so I'm a little tentative in the direction I'm going. But it appears that the command line invocation uses the default scanner report name (avp32.rpt). However, if you change the report name for the scan task in the Control Center (to say avp32-auto.rpt or whatever makes sense), this will result in two distinct report files, one for the command line runs, one for those scans initiated from the Control Centre. This appears to be one way to avoid overwrites in some quick tests that I did.
    To tell you the truth, I'm not sure here. For notification, is KAV up to generate a sound signal on completion of a defined task (Control Centre>Select Task>Right Click and Select Properties>Customize>Use sound effects)? I'd also adjust this from Control Centre>Settings Tab>Customize>Task Finished Successfully>enter Finish.wav file into browse box. Not sure of the interaction of these two settings. I think sound is the only type of immediate notification available (e-mail is also possible in some contexts, but it's not immediate).
    Are different locations used? I did notice to my chagrin that when I switched from KAV 4.5 as active monitor to NOD32 as active monitor the quarantine folder used by NOD32 is the one originally defined by KAV. I don't recall setting it this way, maybe I did or maybe theres some registry key at work here, I haven't bothered to look into it on my PC, but that's something to check.

    On the copy vs. move of a quarantined file - I believe this choice is made to prevent massive system problems in the event of a false positive involving a critical system file. If it is moved, and needed, you may not be able to successfully boot the PC at all. From a support perspective, this eventuality could be an absolute nightmare. If you accept that this is a potential outcome, I believe one can make the case that copy is really the best global option.

    Blue
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I'm just doing an on demand scan by right clicking on "Start Kaspersky Manually" and then clicking on start. When I do a command line scan later, I just right click on the file and choose KAV. I see that the reports both for a full scan and for command line are saved to the same file. I don't see how to differentiate between the two kinds of scans and thus be able to save a command line scan in a different file. It's probably there and I just don't see it.

    KAV is not set up to generate sound signals on the completion of a task. I never have my speakers turned on unless I am listening to Spinamp which I am waiting on a new Spinamp to be available in Winamp so I haven 't had the speakers on since AOL killed Spinamp back in May. :) I hate noises from the speakers. I think KAV should give a choice of noises or popups as there are a lot of people who never use their speakers except for music (or playing a DVD). I think you are correct that sound is the only immediate notification and that is a minor shortcoming in KAV.

    Even if I could set different folders for the full scan report vs the command line scans, I don't think there is any way to get KAV to keep more than the latest report in the folder. It wipes out earlier reports...not when I reboot but as soon as I do another scan the prior report disappears. It looks to me like KAV cannot save reports like NOD32 does. The only way I have lost the NOD32 reports is to uninstall it. I have the reports going way back on my W98SE box. I expected KAV to do the same . Maybe it is supposed to because I see where I can change the size of the report folder so that would indicate that it should be able to save all the reports, but it isn't and I can't see what I have set incorrectly. I may have something set incorrectly because KAV 4.5 gives you a LOT to digest and I am still learning it and forgetting some of what I read in the help files and I have to go back and read again....that sort of thing. KAV 4.5 is complex.

    What I really find frustrating is that the report for a full scan doesn't tell me much so even if it were properly saved, it is not very useful! For instance, it says I have 57 corrupted files. But it doesn't list them! Is there a way to get it to list them like NOD32 does? Why tell me a bunch of stuff in a cryptic fashion if I can't get any details? Might as well not tell me at all as the cryptic report is useless.

    KAV has Quarantine and an Infected folder for use when renaming objects. But KAV has put files in the infected folder and I did not choose rename so I don't understand that behavior either. It copied two files in the NOD32's Quarantine folder and put them in its Infected folder. It thinks the other objects in the NOD32 Quarantine folder are not infected which is interesting. At least I assume that is the case since KAV only grabbed two of the files while scanning to copy to its infected folder and left the others.

    Do you know what the Extract Files From Quarantine Wizard is? I clicked on Help for it and got a message from Windows sayng the Help file does not exist and to contact Kaspersky for an updated Help file. So what does this Wizard do? I would have thought you use it if you want to put the quarantined file back in its original location. But if KAV is just copying files to quarantine then that wouldn't be necessary. Plus, what is the infected folder for if KAV doesn't move files to quarantine but only copies?

    The Help file says this:
    For renaming or copying of infected objects use — these option buttons allow you to choose between moving infected objects to a special folder and renaming them. The program will apply this setting to those objects, for which you selected the Rename object option in the Objects settings tree.

    Special folder — this option button moves infected objects to a special directory defined in the text field below. In this case, infected objects are moved to the folder with their names and extensions unchanged.

    Note the above sentence has the word "MOVES" in it not "COPIES". But KAV is NOT moving the files to this special infected folder nor to quarantine. It is copying them instead. That entire section of the help file is very misleading. I had to read it about 10 times before it sank in that it is talking about copying files although the word move is used.

    I really didn't realize that KAV is like NOD32 with respect quarantine. I would never have tried KAV if I had known that (even though I think it has the best scan engine because that is not the only criteria for me in choosing an AV). I want a quarantine like NAV's (or least how I remember NAV's used to be ...may not be anymore and maybe I remember NAV's wrong also but I sure think I remember it MOVING not copying to quarantine).

    This relates to the issue you brought up about Quarantine copy or move. When you say an AV should copy rather than move files to quarantine because it could be dangerous to move them if one is a critical windows file, my question to you would be then why does Symantec move files to quarantine rather than copy? PC-Cillin moves them also. AT least that is how I remember it. I don't recall NAV ever leaving an infected file in its original location. With those AV, the moving is automatic and you go to quarantine at your leisure and decide in that safe place what you want to do. You can delete or restore those files, etc or leave them forever in quarantine. At least that is how versions of NAV 2001, 2002, 2003 and PC-Cillin 2003 did it. (Unless my memory is worse than I think)! I don't know about current versions. So, I don't think moving is inherently dangerous if you can move the file back.

    I find it really irritating how cryptic KAV is. It put a file in quarantine, for instance, and says it is Dc258.exe and that it was placed in quarantine because it is infected. It gives its location as the recyle bin. Now why doesn't it tell me the name of the file (mydearone2.exe) and what it is infected with?

    I'm getting a headache messing with this so I'm going to stop and do something else! Plus, I realy didn't intend to write a book!
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Mele20,

    I feel your pain. Before I possibly lead you astray, I'm using KAV Workstation, there may be some differences. Please be aware of that.

    In covering demand vs. file - as I described it, I was using the Control Centre for the "demand" (K icon in the system tray, double click it and all that) and handling the single file as you describe (right mouse click - invoke Scan for viruses). When I launch KAV from the Start menu (Kaspersky Anti-Virus Scanner), this is the same launch process as you get with the right click. However, but it is different than the task that is handled within the Control Center, on my PC's I also see the additional instance of AvpM (don't know if that will create problems). From both screens that appear, you should see a dialog box similar to the jpeg shown below. If you click Options and Expand the Save Report File section, you can adjust the file name there. The path is set during the installation for the Control Centre based task, you can alter it for the other one apparently. You can do that for the Control Centre based task and the Scanner task separately (the screen is a little different from within Scanner - in that there's an additional top menu bar). If you enter different files names in the two dialog boxes, and use append throughout (have to do it for each task), I think it will accomplish what you want for report saving.

    On losing the report folders, my guess is that you've probably set the Append option from within the Control Centre, but it sounds like you are using the separately launched Scanner task for both types of scans. I'm not really seeing problems on my PC - but I have KAV 4.5 on a separate boot partition, so I have to do restarts to check things out (I'm testing 5.0 from my main working boot partition) and it takes a bit to flesh things out.

    On the content of reports - a confession - I tend not to look at them really. I use the alerts presented in the Control Centre exclusively.

    KAV's description of quarantine and handling infected files is somewhat confusing, at least to me. As best I understand (and you have to take a structured view make your way through the docs)...

    In the configuration dialog - again, I tend to use the Control Centre - right click the monitor task and select Objects. Under Actions in case of Virus Detection, there are 3 options: Ask User, Report Only, or Disinfect. If you expand the options under Disinfect, you can check a box to enable Make a Backup for Disinfection. Also, if disinfection fails, there are options to Report Only, Rename Object (now probably hammered), or Delete. If you've enabled a backup and selected Delete if Disinfection fails, you've basically accomplished a Move operation. The Location of the folder in which the files are placed are defined under Options (obtainable by clicking the Options tab on the left). If the file is infected, names and extensions are unchanged unless the Object folder is selected.

    Now, someone from KL correct me if I'm wrong here, but it sounds like if quarantine is not selected, infected files are copies as is and stuffed into the defined infected folder. If quarantine is selected, the files are encrypted prior to the copy operation and placed in the Quarantine folder. At least that's my interpretation, it's a little cryptic.

    Extract simply decrypts the encrypted quarantined file.

    If disinfection succeeds, it may look like a copy operation since filenames are preserved, but they are different files now. So, it looks like a move operation, but it is setup in a couple of nonobvious steps, and the description of it is a little mind numbing.

    In my own work, I usually have things set to ask user or report only and I prefer to handle things manually from that point. I can see the logic of either strategy, it comes down to what set of problems you prefer to deal with - the greater risk of additional infection and system mischief or potential system problems if key files are removed from circulation.

    When I started this note I said I feel your pain, now I definitely do. After going through the KAV pdf documentation, I have to say they need a much better guide to the whole package.

    Blue
     
Loading...
Thread Status:
Not open for further replies.