Discussion in 'Returnil Betas' started by Boost, Oct 1, 2009.
For example, what options was turned on? And on what version?
The reason of temperature is the CPU itself it is probably Prescott based processor on NetBurst architecture. I had such one and on the load it getting hot up to 97 (degrees Celsium).
Integrated antivirus is probably only the feature for betatesters, they must have the reasons to use RVS. This AV have found viruses in the situations whan Kaspersky failed.
I have read the documentation and want to tell you next info. This AV is designed as "second" AV, only for increase protection level. Thats meant that AV is only BONUS 4 betatesters.
Log files are not deleting from WIN directory after RVS uninstallation.
"CPU sits at zero till I hit update or scan then goes to 100% and stays there even when exiting RN." - Are you update under SS turned on?
I can answer that as it pertains to one of my machines - you really don't need to update or scan for CPU saturation to occur. Simply boot the system and it occurs on a simple P4. On a hyperthreaded or multicore CPU, it dominates the activity of a single virtual or physical core. The only evaluation I performed was with System Safe off.
I'm not quote sure what you mean here. The AV appears to be an integral component of the 2010 release version.
As one example, Home Lux, default install, so whatever options are selected by default. I've also examined with the both settings of the AE module, it doesn't matter. Virus guard set to only proven detection rules. Report anonymous information selected. Generally select "Wipe all changes" under System Safe. Nothing set under File Manager.
Yes it will be integrated after final release. I meaned that AV is not the thing what shold be understanded by betatesters as the main feature. New betatesters should understand it.
I have created such VM and around 1 hour runs such system. Hope that in next 6 hours I'll see such issue but now "system iddle" is approximately 98%.
P.S. Config of my PC includes P4 3.0 Ghz processor (with turned on HT).
I understand the aim for "one stop all in one security shop", but there will always be better AV options, and AV options means dedicating resources to reading reports, checking files, making signatures, etc ...
I would have devoted resources to most of the ideas already mentioned because they would put Returnil head and shoulders above the rest
Things like a toggle between off, a Sandbox and full blown virtualisation (green, orange/yellow, red pretty icons, etc) where the Sandbox could be invoked and revoked without a reboot, but only covered programs run from within the Sandbox (giving the advantage of no reboot, but trading the "full restore" feature of Virtualisation for "isolation for whatever you run next") ...
I reinstalled RVS Home Lux 3.0.6228.4929. This system runs KAV 2010 under LUA/SuRun, although neither cause this behavior as it is the same under an Admin account without SuRun or as the only security application at all installed on the machine.
Both machines for which I observe this do have a standard install of a defrag at the moment (DiskKeeper on this machine, PerfectDisk on the other). Neither exhibited problems with the 2008 version. This is a screen shot from the HT P4 with 3 GB RAM after a default install, cancelled AV update, nothing active.
This is not clear machine )))))))))))))))))))))))))))))))
In the processes I see KAV and ATI drivers as suspicious processes.
Please can you tell me what version of KAV/KIS you are using and at what options?
It looks like compatibility issue.
P.S. Sorry I didn't noticed that you writed it yourself (about KAV).
Hi Firemage, Blue, 7ekno, pegr, mata7, Franklin, Oremina, Boost, and Think-eDesign,
The team is aware of this and the other threads. Thank you to those who have sent in requested log files and descriptive reports. I will update the group here as soon as I know something concrete.
This machine uses KAV 2010. Don't lose sight of the fact that a second machine without KAV or anything else displays the same problem. The ATI is just the video card.
I can tell you one thing,I do not plan on installing Returnil 2010 ever again,especially seeing how many others are having similiar issues as what I had.The program just does not need an antivirus,period IMO. It was designed to be a reboot / restore program originally and that was an awsome,100% stable program.
So with that being said,I'll stay with what works and is 100% stable,and that is Returnil 2008
PC Tools ThreatFire fell into the same misconception when they too added an AV into a Behavioral Blocker?
Pls keep RETURNIL authentic and stable and let the AV's remain a separate entity.
Less fuss, fewer issues.
The client is stable. The issue is actually at the server and you should see relief by tomorrow:
Mike, the problem is, the new beta changed just about all of our perception of Returnil. Come on, you know how long the other beta took. Now when this one comes out it is obvious that resources went into combining another vendors AV instead of back into Returnil itself. I wont use it just because of the AV issue. If I need to add one, there are plenty of freebies better then what Returnil adds. Heck, Hitman Pro is perfect for a clean, no-av Returnil. I would bash SD if Tony included one in his product. That is not what products like this are suppose to do. That is why their is a new market for scanners like Hitman Pro. Personally, Returnil sealed its own future, which is not good, with this version.
All you do is cheapen the product by doing this, and that, is really a shame.
The addition of antimalware is to specifically address a real weakness in virtualization only approaches like the one you refer to; they are incapable of detecting or blocking the activation of malware; especially the types that are designed to circumvent ISR. The AV we are using in 3.0 is well known and the team behind it have a great deal of expertise in dealing with these types of malicious/hacker programs and is included even in the registered Home Free version (Hint: Free).
The thing to remember however is that the AV component does not need to be used if you prefer a virtualization only approach; simply turn it off...
With kind regards
I am a big fan of RVS 2008. It has been utterly reliable and very easy to use. I have looked forward to the new version to see what improvements it would bring but I don't see the integrated AV as an improvement. I already have an AV. I would think that most people who are going to install and use virtualization software most likely already have protections in place against malware. I don't really want the added system load of another real time scanner either. Yes, you can turn off Returnil's AV but I would rather have seen the option in the installer to not even include it if you wish.
You can always continue to use RVS 2008 though and that's what i plan to do at least for now.
Let me come back with a bit of a contrarian view.
I actually think that inclusion of an AV has appeal. I'd say mass market appeal, but I'm actually talking about myself here.
I try for simple. I know a cascade of specialized apps is a target of many. That's not me. I happen to think suites are a decent idea. One location, all controls. If there are issues, at least they shouldn't involve the various components of the suite - which eliminates what's usually examined first in problem debugging of security apps.
Until the minor bump in the road that many of us experienced, my primary machine was being run with LUA/SuRun/RVS 2010. That's it. I tend to think this is a very simple, decently powerful approach. Virtually anyone can run it. There's not a whole lot to understand or decide when surfing and it strikes me as achieving an excellent balance in overall security, low system impact, and robustness. The only difference between this configuration and what I've used for over the past year is the integration of the AV into the RVS package. The AV is different (I was running Dr Web), but the basic design ethic is the same. Obviously, I could run with a separate AV if desired, but I like to simplify where possible.
Think about this from a structural perspective.
OK, there may be something out there in principle waiting to blow by everything..., personally I'm not going to worry about me being the first hit by that (and if I am subject to that 1 in a billion chance - WHS allows a bare metal reset to virtually any point in time - remember - backup backup backup).
So..., LUA - the scope of action of anything that runs is limited. Problems can arise, but not propagate system-wide. In some respects, this is the most critical element of all.
SuRun, an essential patch-up for legacy apps that don't play nice in LUA and a bit of a convenience for performing any admin level functions. Renders LUA user friendly.
RVS 2010 - want to up the protection level dynamically (say surfing to unknown territory or check some link posted here)? Jump into a virtualized mode. LUA limited scope with respect to the system, this limits it with respect to time.
However, when not in virtualized mode and/or committing content to the real disk - an AV is present as an ever present backstop. There is some level of automated (assuming real time is active) expert system check that any downloaded file is OK. Yea, this is not foolproof, but it's certainly much more of an analysis than I'd do on the fly.
Also, I tend to have the AE functionality active in RVS 2010, and I personally think this is a bit of an unheralded and very useful additional. The more I think about this piece, the better I like it.
That's the logic. Layered in the sense that I believe is useful. Flat in terms of conceptual basics.
There are certainly some rough spots needing to be ironed out. That's par for the course on a major version upgrade whether we like it or not. The glitches here are performance based and that needs to be kept in mind. I have yet to experience anything untoward with any version of RVS.
"I have yet to experience anything untoward with any version of RVS."
conceptual,performance,all the same if it will not work.
Constant CPU use of 50%-100%,plus the inability to register the
product do not amount to "untoward"?
Separate names with a comma.