SpIDerGuard v4.33 fixed?

Discussion in 'other anti-virus software' started by Blackcat, Oct 24, 2005.

Thread Status:
Not open for further replies.
  1. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    I suspect the new version is immune to this since the DrWEB folks are very much on the ball. I emailed their support folks with the link just to be sure. I will let everyone know as soon as the respond...cheers...:cool:
     
  2. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    I emailed them about this a week ago and still no answer. I like the program but their customer support stinketh. The website promises replies in 24 hours but... I just don't know if I am going to renew with them this week or not. Other then a few minor annoying bugs this version is running fine but the lack of any support at times gets rather aggravating. Like the Process Guard issue which is dragging on since this new release...:mad: :eek: :rolleyes:
     
  3. shorty1

    shorty1 Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    97
    Location:
    Vermont
    In case anyone is interested and as a general FYI: I see that the English documentation file for 4.33 is now available.

    http://download.drweb.com/win/
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    At last the link is working!!!! It's been up for several weeks but dead.

    117 pages in the manual, so it's a little better than the present "Help file" within the program :rolleyes:

    I would have liked a little more detail in parts, particularly for the different configuration settings but this is a good effort to build on.

    Thanks for the heads up, shorty.
     
  5. shorty1

    shorty1 Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    97
    Location:
    Vermont
    Agree with you that it would be nice if there was a little more detail on the different configurations. I see that it's listed as a "brief" users maual where mainly the default settings are described. One can only hope that means a more in-depth one where the various other setting will be published. I would be remiss though if I didn't compliment Dr Web on the vast improvement of this documentation over any previous documentation I have seen. In particular, the English translation is very good especially when compared to previous documentation. They still have some potholes in the road but it seems to me that they are making a concerted effort to improve in many areas that have long been complained about. This is good news for DR Web users.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,839
    Location:
    Hawaii
    As reported in THIS thread the Process Guard issue was fixed as of ~11/10/2005. As for support, it is indeed good that DrWeb's own Serge Popov now visits the Wilders forums from time to time.

    Version 4.33 now runs just fine on my computer. Life is good!*puppy*
     
  7. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    I agree, glad to have these posts from Serge Popov keeping us updated and to know they are watching posts here. There are quite a number of DrWEB users afoot at Wilders eh...:)
     
  8. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Just for the heck of it, my licence runs out the 24th and could not resist trying it one more time......But still bad news as far as I am concerned. It still crawls when copying, moving and deleting large exe files or whatever. It does not take minutes anymore to delete a 30 Mb exe file, but still takes too long for me, so......it's a pitty, but I'll stick to Nod32 for sure now!

    Good luck and ;)

    Putin
     
  9. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Putin,

    First of all a quick level-set: I have been running Dr. Web for at least three years on almost all of my systems with no performance problems, UNTIL I installed version V4.33 on two systems running Windows XP Home.

    It is hard (OK, impossible) to believe that you and I are the only two Dr. Web users having the same problem with downloading and/or copying larger-size files!! Slowdowns on my PCs come when copying (or downloading) packed executables. As an example, http://files.avast.com/iavs4pro/setupengpro.exe. After the dowload is complete, Dr. Web wallows around for about 10 seconds making sure is has no viruses in it; when I copy the file to another directory: same thing. Another example is the 82mb Ultimate Boot Disk image; right clicking on the downloaded file and clicking Properties sends Dr. Web out to lunch doing who-knows-what.

    I hope Technodrome (whom I respect a WHOLE LOT) or one of the other Global Moderators can screen-print every option page in/on their running-good Dr. Web systems that don't have this problem so that we can get to the bottom of the problem and solve it once an for all. Like Putin, it's driving me insane ("I've always been crazy, but it kept me from going insane" - Waylon Jennings).

    KDCDQ, Security Freak
     
  10. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Hi KDCDQ

    I use SpiderNT in "default" Mode. What kind of setting you got there?
     

    Attached Files:

  11. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    2nd shot...
     

    Attached Files:

  12. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Technodrome, thanks for your quick reply!

    My SpiderNT settings, in both of the screen shots, are identical to yours.
     
  13. OnTheEdge

    OnTheEdge Guest

    KDCDQ,

    I am also having the same problems you are with downloading packed executables. I experience long delays at the end of the download. These delays can last up to 15 to 20 seconds. I could live with this but I have also experienced when Dr.Web unpacks and scans these executables that about 1/3 of the files downloaded are corrupted by this scan process and have to download the file again. This is unacceptable.

    I bought Dr.Web after trialing 4.32b and was impressed by both its speed and detection. Two months later 4.33 was released with a lot of issues. I am also a registered user of Process Guard and was unable to run the two together until the recent fix.

    Because of the continuing issues I finally broke down and bought KAV5. Run the resident scanner with the “High Speed” setting and get almost the speed of Dr.Web.

    Frankly, right now, I am a little pissed I spent my money on Dr.Web. At a minimum, this company needs to offer its software for beta testing prior to release and/or engage in more strenuous internal testing prior to release. In my opinion, 4.33 was not a complete stable product when it was released to the public.

    Having said the above, I am all about second chances. I probably will return to Dr.Web if they are able to work out the kinks with 4.33. Dr.Web’s combination of speed and detection is hard to beat. Thanks for letting me rant.
     
  14. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Ok. I did some tests and I found out that packed files are causing these slow downs(Probably because of new unpacking engine.). If I remember right avast setup file is packed by UPX.

    Turn this off in drweb.ini file by changing Yes to No under CheckPackedFiles and reboot your machine.See if it helps.


    [SpIDerGuardNT]
    DisableEnhancedProtection = Yes
    LngFileName = ""
    FilesTypes = EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
    FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
    FilesTypes = IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
    FilesTypes = THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
    FilesTypes = CAB,LHA,LZH,BZ2,MSG,EML,TBB
    UserMasks = "*.EXE","*.COM","*.DLL","*.SYS","*.VXD","*.OV?","*.BAT","*.BIN"
    UserMasks = "*.DRV","*.PRG","*.BOO","*.SCR","*.CMD","*.386","*.FON","*.DO?"
    UserMasks = "*.XL?","*.WIZ","*.RTF","*.CL*","*.HT*","*.VB*","*.JS*","*.INF"
    UserMasks = "*.PP?","*.OBJ","*.LIB","*.PIF","*.HLP","*.MD?","*.INI","*.MBR"
    UserMasks = "*.IMG","*.CSC","*.CPL","*.MBP","*.SH","*.SHB","*.SHS","*.SHT*"
    UserMasks = "*.CHM","*.REG","*.XML","*.PRC","*.ASP","*.LSP","*.MSO","*.OBD"
    UserMasks = "*.THE*","*.NWS","*.SWF","*.MPP","*.OCX","*.VS*","*.DVB","*.CPY"
    UserMasks = "*.BMP","*.AR?","*.ZIP","*.R??","*.GZ","*.Z","*.TGZ","*.TAR"
    UserMasks = "*.TAZ","*.CAB","*.LHA","*.LZH","*.BZ2","*.MSG","*.EML","*.TBB"
    ScanFiles = ByFormat
    HeuristicAnalysis = Yes
    CheckPackedFiles = No
    CheckArchives = No
    CheckEMailFiles = No
    InfectedFiles = Report
    SuspiciousFiles = Report
    IncurableFiles = Report
    ActionAdware = Report
    ActionDialers = Report
    ActionJokes = Ignore
    ActionRiskware = Ignore
    ActionHacktools = Ignore
    ActionInfectedArchive = Report
    ActionInfectedMail = Report
    ActionInfectedContainer = Report
    ActionIfRenameFailed = Delete
    ActionIfMoveFailed = Rename
    ActionIfDeleteFailed = Lock
    ActionIfReportFailed = Lock
    RenameFilesTo = #??
    MoveFilesTo = "infected.!!!"
    ExcludePaths =
    ExcludeFiles =
    VirusBase = "*.vdb"
    LogToFile = Yes
    OverwriteLog = No
    LogScanned = No
    LogPacked = Yes
    LogArchived = Yes
    LogFormat = ANSI
    TestMemory = Yes
    TestStartup = Yes
    PromptOnAction = Yes
    PlaySounds = Yes
    UseDiskForSwap = Yes
    LimitLog = Yes
    MaxLogSize = 512
    RestoreAccessDate = No
    UpdateFlags = "drwtoday.vdb"
    UpdatePeriod = 1m
    GuardMode = Smart
    ScanBootOnShutDown = Yes
    LogStatistics = Yes
    Acknowledge = Yes
    AllowWildcards = No
    AllowRelativeFileNames = No
    EnableDeleteArchiveAction = No
    DisableHotReconfigure = No
     
    Last edited: Nov 17, 2005
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,839
    Location:
    Hawaii
    Would such a change cause any reduction in the level of protection provided by DrWeb?
     
  16. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    SpiderNT won't scan Packed malware (ASPACK, PECRYPT, UPX, MORPHINE, PECOMPACT, NFO, EXPRESSOR, etc). This is only for Real time monitoring.


    tD
     
  17. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    I'm quite sure it will. This configuration is not for nothing and disabling all kinds of archive scanning is not the way I want to use an AV scanner.

    Serge Popov warned me about using Nod32:

    As far as we talk about on-access monitors, beware that NOD32' AMON does not scan archives on the fly, while SpIDer Guard does. Its the real cause of your problems with moving a huge file to recycle bin (this file is actually a compound object what SpIDer Guard unpacks and scans on-the-fly). This kind of compound objects was unknown to version 4.32, thus it looks faster.

    Anyway, its your choice. Be safe.


    I surely don't agree with diasabling these functions within Dr. Web. I still think Dr. Web should fix these problems without bringing back the great security level and speed it used to have.

    ;) Putin
     
  18. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Running Guards of most other AV's do not even have the choice of scanning any packed files.

    I am running BOClean together with Dr Web and this seems to provide a good layered defense ;)
     
  19. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Regards to all,

    Technodrome:
    Setting Dr. Web's control setting to CheckPackedFiles = No did, indeed, eliminate the system slowdown associated with downloading and/or copying packed executables. Do you have the slowdown associated with packed executables on your Dr. Web-based systems?


    Also, now I'm mad like Putin; "I surely don't agree with diasabling these functions within Dr. Web. I still think Dr. Web should fix these problems without bringing back the great security level and speed it used to have". I couldn't say it better myself; ditto; ditto; ditto.

    Blackcat:
    Have you disabled packed file checking in Dr. Web? I also have a registered copy of BOClean. You seem to feel pretty good about this configuration....

    Together, I hope we can work this all out to the benefit of all.
     
  20. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Holy smokes, and I thought I was one of the only DrWEB users in Texas...
     
  21. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Yes!


    Many AVs out there don't even offer this(as Blackcat pointed). I don't see this as a problem.


    tD
     
  22. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Technodrome:
    Thanks for your time and efforts on my behalf; I really do appreciate it.

    By the way, I came up with a way to minimize the slow-down in Dr. Web processing packed executables downloaded from the Net: I put my IE download directory (IE_Download) in the SpiderNT Excludes list. Now I only experience the slowdown "pain" when copying the files to their "real" home directories.

    Mongol:
    You and I are practically neighbors! And I thought I was the only Dr. Web user in Texas.......

    KDCDQ, Security Freak
     
  23. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Now you're gonna exclude your download directory (IE_Download), just for the sake of keeping the right speed. Why not excluding the 'real' home directories also.......Dr. Web will fly like a butterfly......(just kidding) but what I mean to say: How far does one have to go to be able to use a SECURITY product, that is purchased to protect your computer?
    I'm pretty diasappointed about some answers given here.....for the sake of using the new version of Dr. Web with some pretty big bugs!
    I still think: if a security product needs to be altered in order to protect my pc at an acceptable speed, I think I have chosen the wrong product and go for another product.
    A good example: Kaspersky 5.0, is a great scanner, but also slowed my system down to a very acceptable level. There are many ways to avoid this slowdown, but again.....why alter this all, because it sure as hell will effect the protection I choose for in the first place!!
    I switched to Nod32, as it is rated as a very good scanner with great speed, but I'm convinced, that Kaspersky is better, but I feel more comfortable with Nod32 personally and that's what made my choice.

    I felt very comfortable with Dr. Web up to the upgrade and when I have to alter too many things in order to use this scanner the way I used to, I don't feel comfortable anymore as in my opinion the security level is brought down.

    ;) Putin
     
  24. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Our DrWEB updates could almost cancel each other out eh? The internet does make this big old world smaller...
     
  25. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    KDCDQ,

    I understand excluding packed file from scanning is not the best idea. But as I pointed out many av products don’t even scan packed files on the fly (RTM). Of course this is not an excuse for DrWeb and I hope they are working on better or optimized solution.

    I always recommend people to use explorer extension to scan file before opening (no matter what AV you use). ;)


    tD
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.