SpIDerGuard v4.33 fixed?

I suspect the new version is immune to this since the DrWEB folks are very much on the ball. I emailed their support folks with the link just to be sure. I will let everyone know as soon as the respond...cheers...

 

I emailed them about this a week ago and still no answer. I like the program but their customer support stinketh. The website promises replies in 24 hours but... I just don't know if I am going to renew with them this week or not. Other then a few minor annoying bugs this version is running fine but the lack of any support at times gets rather aggravating. Like the Process Guard issue which is dragging on since this new release...

 

In case anyone is interested and as a general FYI: I see that the English documentation file for 4.33 is now available.

http://download.drweb.com/win/

 

At last the link is working!!!! It's been up for several weeks but dead.

117 pages in the manual, so it's a little better than the present "Help file" within the program

I would have liked a little more detail in parts, particularly for the different configuration settings but this is a good effort to build on.

Thanks for the heads up, shorty.

 

Agree with you that it would be nice if there was a little more detail on the different configurations. I see that it's listed as a "brief" users maual where mainly the default settings are described. One can only hope that means a more in-depth one where the various other setting will be published. I would be remiss though if I didn't compliment Dr Web on the vast improvement of this documentation over any previous documentation I have seen. In particular, the English translation is very good especially when compared to previous documentation. They still have some potholes in the road but it seems to me that they are making a concerted effort to improve in many areas that have long been complained about. This is good news for DR Web users.

 

As reported in THIS thread the Process Guard issue was fixed as of ~11/10/2005. As for support, it is indeed good that DrWeb's own Serge Popov now visits the Wilders forums from time to time.

Version 4.33 now runs just fine on my computer. Life is good!

 

I agree, glad to have these posts from Serge Popov keeping us updated and to know they are watching posts here. There are quite a number of DrWEB users afoot at Wilders eh...

 

Just for the heck of it, my licence runs out the 24th and could not resist trying it one more time......But still bad news as far as I am concerned. It still crawls when copying, moving and deleting large exe files or whatever. It does not take minutes anymore to delete a 30 Mb exe file, but still takes too long for me, so......it's a pitty, but I'll stick to Nod32 for sure now!

Good luck and

Putin

 

Putin,

First of all a quick level-set: I have been running Dr. Web for at least three years on almost all of my systems with no performance problems, UNTIL I installed version V4.33 on two systems running Windows XP Home.

It is hard (OK, impossible) to believe that you and I are the only two Dr. Web users having the same problem with downloading and/or copying larger-size files!! Slowdowns on my PCs come when copying (or downloading) packed executables. As an example, http://files.avast.com/iavs4pro/setupengpro.exe. After the dowload is complete, Dr. Web wallows around for about 10 seconds making sure is has no viruses in it; when I copy the file to another directory: same thing. Another example is the 82mb Ultimate Boot Disk image; right clicking on the downloaded file and clicking Properties sends Dr. Web out to lunch doing who-knows-what.

I hope Technodrome (whom I respect a WHOLE LOT) or one of the other Global Moderators can screen-print every option page in/on their running-good Dr. Web systems that don't have this problem so that we can get to the bottom of the problem and solve it once an for all. Like Putin, it's driving me insane ("I've always been crazy, but it kept me from going insane" - Waylon Jennings).

KDCDQ, Security Freak

 

Hi KDCDQ

I use SpiderNT in "default" Mode. What kind of setting you got there?

 

2nd shot...

 

Technodrome, thanks for your quick reply!

My SpiderNT settings, in both of the screen shots, are identical to yours.

 

KDCDQ,

I am also having the same problems you are with downloading packed executables. I experience long delays at the end of the download. These delays can last up to 15 to 20 seconds. I could live with this but I have also experienced when Dr.Web unpacks and scans these executables that about 1/3 of the files downloaded are corrupted by this scan process and have to download the file again. This is unacceptable.

I bought Dr.Web after trialing 4.32b and was impressed by both its speed and detection. Two months later 4.33 was released with a lot of issues. I am also a registered user of Process Guard and was unable to run the two together until the recent fix.

Because of the continuing issues I finally broke down and bought KAV5. Run the resident scanner with the “High Speed” setting and get almost the speed of Dr.Web.

Frankly, right now, I am a little pissed I spent my money on Dr.Web. At a minimum, this company needs to offer its software for beta testing prior to release and/or engage in more strenuous internal testing prior to release. In my opinion, 4.33 was not a complete stable product when it was released to the public.

Having said the above, I am all about second chances. I probably will return to Dr.Web if they are able to work out the kinks with 4.33. Dr.Web’s combination of speed and detection is hard to beat. Thanks for letting me rant.

 

Ok. I did some tests and I found out that packed files are causing these slow downs(Probably because of new unpacking engine.). If I remember right avast setup file is packed by UPX.

Turn this off in drweb.ini file by changing Yes to No under CheckPackedFiles and reboot your machine.See if it helps.


[SpIDerGuardNT]
DisableEnhancedProtection = Yes
LngFileName = ""
FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
FilesTypes = CAB,LHA,LZH,BZ2,MSG,EML,TBB
UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
UserMasks = "*.BMP","*.AR?","*.ZIP","*.R??","*.GZ","*.Z","*.TGZ","*.TAR"
UserMasks = "*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2","*.MSG","*.EML","*.TBB"
ScanFiles = ByFormat
HeuristicAnalysis = Yes
CheckPackedFiles = No
CheckArchives = No
CheckEMailFiles = No
InfectedFiles = Report
SuspiciousFiles = Report
IncurableFiles = Report
ActionAdware = Report
ActionDialers = Report
ActionJokes = Ignore
ActionRiskware = Ignore
ActionHacktools = Ignore
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Report
ActionIfRenameFailed = Delete
ActionIfMoveFailed = Rename
ActionIfDeleteFailed = Lock
ActionIfReportFailed = Lock
RenameFilesTo = #??
MoveFilesTo = "infected.!!!"
ExcludePaths =
ExcludeFiles =
VirusBase = "*.vdb"
LogToFile = Yes
OverwriteLog = No
LogScanned = No
LogPacked = Yes
LogArchived = Yes
LogFormat = ANSI
TestMemory = Yes
TestStartup = Yes
PromptOnAction = Yes
PlaySounds = Yes
UseDiskForSwap = Yes
LimitLog = Yes
MaxLogSize = 512
RestoreAccessDate = No
UpdateFlags = "drwtoday.vdb"
UpdatePeriod = 1m
GuardMode = Smart
ScanBootOnShutDown = Yes
LogStatistics = Yes
Acknowledge = Yes
AllowWildcards = No
AllowRelativeFileNames = No
EnableDeleteArchiveAction = No
DisableHotReconfigure = No

 

Would such a change cause any reduction in the level of protection provided by DrWeb?

 

SpiderNT won't scan Packed malware (ASPACK, PECRYPT, UPX, MORPHINE, PECOMPACT, NFO, EXPRESSOR, etc). This is only for Real time monitoring.


tD

 

I'm quite sure it will. This configuration is not for nothing and disabling all kinds of archive scanning is not the way I want to use an AV scanner.

Serge Popov warned me about using Nod32:

As far as we talk about on-access monitors, beware that NOD32' AMON does not scan archives on the fly, while SpIDer Guard does. Its the real cause of your problems with moving a huge file to recycle bin (this file is actually a compound object what SpIDer Guard unpacks and scans on-the-fly). This kind of compound objects was unknown to version 4.32, thus it looks faster.

Anyway, its your choice. Be safe.

I surely don't agree with diasabling these functions within Dr. Web. I still think Dr. Web should fix these problems without bringing back the great security level and speed it used to have.

Putin

 

Running Guards of most other AV's do not even have the choice of scanning any packed files.

I am running BOClean together with Dr Web and this seems to provide a good layered defense

 

Regards to all,

Technodrome:
Setting Dr. Web's control setting to CheckPackedFiles = No did, indeed, eliminate the system slowdown associated with downloading and/or copying packed executables. Do you have the slowdown associated with packed executables on your Dr. Web-based systems?


Also, now I'm mad like Putin; "I surely don't agree with diasabling these functions within Dr. Web. I still think Dr. Web should fix these problems without bringing back the great security level and speed it used to have". I couldn't say it better myself; ditto; ditto; ditto.

Blackcat:
Have you disabled packed file checking in Dr. Web? I also have a registered copy of BOClean. You seem to feel pretty good about this configuration....

Together, I hope we can work this all out to the benefit of all.

 

Holy smokes, and I thought I was one of the only DrWEB users in Texas...

 

Yes!

Many AVs out there don't even offer this(as Blackcat pointed). I don't see this as a problem.


tD

 

Technodrome:
Thanks for your time and efforts on my behalf; I really do appreciate it.

By the way, I came up with a way to minimize the slow-down in Dr. Web processing packed executables downloaded from the Net: I put my IE download directory (IE_Download) in the SpiderNT Excludes list. Now I only experience the slowdown "pain" when copying the files to their "real" home directories.

Mongol:
You and I are practically neighbors! And I thought I was the only Dr. Web user in Texas.......

KDCDQ, Security Freak

 

Now you're gonna exclude your download directory (IE_Download), just for the sake of keeping the right speed. Why not excluding the 'real' home directories also.......Dr. Web will fly like a butterfly......(just kidding) but what I mean to say: How far does one have to go to be able to use a SECURITY product, that is purchased to protect your computer?
I'm pretty diasappointed about some answers given here.....for the sake of using the new version of Dr. Web with some pretty big bugs!
I still think: if a security product needs to be altered in order to protect my pc at an acceptable speed, I think I have chosen the wrong product and go for another product.
A good example: Kaspersky 5.0, is a great scanner, but also slowed my system down to a very acceptable level. There are many ways to avoid this slowdown, but again.....why alter this all, because it sure as hell will effect the protection I choose for in the first place!!
I switched to Nod32, as it is rated as a very good scanner with great speed, but I'm convinced, that Kaspersky is better, but I feel more comfortable with Nod32 personally and that's what made my choice.

I felt very comfortable with Dr. Web up to the upgrade and when I have to alter too many things in order to use this scanner the way I used to, I don't feel comfortable anymore as in my opinion the security level is brought down.

Putin

 

Our DrWEB updates could almost cancel each other out eh? The internet does make this big old world smaller...

 

KDCDQ,

I understand excluding packed file from scanning is not the best idea. But as I pointed out many av products don’t even scan packed files on the fly (RTM). Of course this is not an excuse for DrWeb and I hope they are working on better or optimized solution.

I always recommend people to use explorer extension to scan file before opening (no matter what AV you use).


tD