What is KAV doing?!?

Discussion in 'other anti-virus software' started by jstegmann, Apr 7, 2005.

Thread Status:
Not open for further replies.
  1. jstegmann

    jstegmann Registered Member

    Joined:
    Mar 28, 2005
    Posts:
    9
    Hello guys,

    I've been testing numerous AV product over the last couple of weeks because I'm responsible for choosing the next AV slotuion at my workplace. The turn has now come for testing KAV.

    Everything is working just fine, but from time to time KAV goes bananas and run 100% on the CPU and bumps memory usage to 50-60MB. And this goes on for a loooong time :rolleyes:

    I've disbaled all scheduled tasks and the resident scanner seems to do nothing. At least the "files scanned" count doesn't change...

    Any idea whats going on - and more importantly - whether it can be disabled?

    Thanks,

    JS.
     
  2. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    One possibility: KAV is adding Alternate Data Streams to your hard drives.

    Acadia
     
  3. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Thats certainly not normal and not what i see (never over 25mb and usually between 7-15mb). Also on a daily basis you should not notice Kav 5.0, i often only notice the scheduled scan when it's finished.

    What Av's have you trialed before Kav and more importantly, what have you done to make sure that they have been uninstalled properly? (regcleaner, removaltools etc..) :)
     
  4. jstegmann

    jstegmann Registered Member

    Joined:
    Mar 28, 2005
    Posts:
    9
    Acadia:
    I think you are on the right track - I disabled iStreams and now I'm back to 12MB and zero CPU usage. Thanks! :)
    I guess this ties in with the iChecker feature, which I have never had enabled. Any thoughts on this?

    Don Pelota:
    Glad to hear that KAV is not a major impediment on the system - I hope that will be my impression from now on as well. And yeah - I did clean up before going with KAV ;)

    Thanks guys!

    JS.
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    For me, ADS was a major pain and it is the primary reason I removed 5.0 form my system and went back to 4.5. Getting rid of all KAV ADS was even a bigger pain. I understand that 6.0 will not be using ADS. Be aware, that if you purchase there 5.0 Pro version, there is no installation option to suppress ADS. For some reason, Kaspersky decided to give this option only to users of the Personal edition. While I love KAV 4.5 for its scanning and detection capabilities (I use extended databases) and daily updates, I can only describe the 5.0 architecture as oddly chaotic. I believe that they must have been drinking a lot during the 5.0 software design party. Hopefully 6.0 is better.

    Rich
     
    Last edited: Apr 7, 2005
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    The ADS are added on the first system scan and are not noticable.

    Kav 5.0.227 works absolulty perfect on my comp with ADS. According to Kav and several av forums I have been on they all agree that you will not even realize that ADS are being used. Your comp technically doesn't use them so it doesn't really care if they are used or not. I do know that kav will scan up to 30% faster useing ADS with the added benefit of having your files checksumed as a bonus.
     
    Last edited: Apr 7, 2005
  7. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    If I wanted to give KAV 5 Personal trial version a go, and then decided I didn't like it, KAV's ADS stays on my computer. Is this correct?

    I know there are ADS removal tools around, but what bad things, if any, can happen if I don't remove them?
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Well, for one, defragmenting your system will become one big pain in the arse.
     
  9. rabmail

    rabmail Registered Member

    Joined:
    Feb 11, 2005
    Posts:
    47
    Location:
    Phuket, Thailand and Jakarta, Indonesia
    Why is this. I have several Workststions and a Server running KAV 5 and am not having any problems with defragmentation. Diskeeper is handling it with ease.

    I think there are other files that have ADS tags, like jpg and music files. Why are KAV's ADS streams any different.

    You may well be right that there is a problem but I am not seeing it.

    Dick
     
  10. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    The problem with fragmentation was mostly with the first releases of Kav 5.0 and also mostly when also using Windows System Restore, i never used it (System Restore), there are much better alternatives and have as a result not seen any eccessive fragmentation. :)

    Graystoke: Leave them and see how it goes, some never see any problems (like me) and if it does cause you any trouble, then simply use NTFS Streams Eraser or/and ADS Spy once and you're down to perhaps 10 ADS, a whole lot better than say 45000 files. ;)

    P.s. There's a ADS-remover in the next maintenance pack (beta ATM) of Kav Personal btw.
     
  11. rabmail

    rabmail Registered Member

    Joined:
    Feb 11, 2005
    Posts:
    47
    Location:
    Phuket, Thailand and Jakarta, Indonesia
    I don't use the Windows System Restore as I agree with you, it is not as good as the alternatives.
     
  12. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    The ADS interfere with some anti trojan programs and Sysinternals rootkit revealer, Unless there is a fix in a more recent version of the rootkit revealer.
     
  13. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    ADS drove Prevx crazy on my box. Interfered with TDS-3 and Rootkitrevealer. No utility I used was able to completely get rid of them (system files), even in safe mode. Finally I did an image restore. Unless someone can clearly enumerate any clear advantages that 5.0 has over 4.5, I would recommend 4.5 to any new user.

    Rich
     
  14. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I would recommend 4.5 to anyone, I tried version 5 but didn't like it at all, so I stuck with 4.5 for a whole year (x-files)

    is the x-file database accessible now for the pro version (v5)?

    Thanx
     
  15. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Yep, it's called "hacktools" and extended is called "Riskware", but Personal generally seems to run a little better on "most" systems, when version 5.0 is being used. ;)

    P.s. What's the status on your very unfortunate computer rebuild. :)
     
  16. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    :D problem solved but costed my a lot of money...new mobo, new psu and new dvdrw cause they all burned out due to the psu failure...I learned my lesson :p

    Thanx for the respons Don, time to trial version 5 pro ;)
     
  17. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    So there really isn't any big security problem with ADS attached to the files. That was the concern I had.
     
  18. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Depends what you mean by security problem. I couldn't use TDS-3 to scan ADS because it would flag every file (the size of the ADS would vary). I couldn't run Prevx because Prevx was alerting on every system file change (Prevx is a primary security software on my machine), and Rootkitrevealer was tagging every file as a possible problem. What's more, ADS provided me with no advantages whatsoever. I don't want my AV to skip any file when I request a scan.

    I have no idea what similar problems ADS may pose for me in the future (e.g. could a smart virus disguise itself as a KAVICH ADS), which is why I find ADS a "security" problem. Since it appears that Kaspersky is dropping ADS in their next version, I presume that others (including KAV engineers) probably agree with me.

    Rich
     
  19. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Is you experience with Prevx/Kav some time ago and with older versions of these? The reason i ask is because i tried Prevx this week and didn't see those alerts, also from what i read Prevx has made tweaks to it's detection so it won't be so sensitive with less alerts as a result. I didn't like it much so i uninstalled it, but it seems like a good free offer to those who need an extra layer.
    That could happen, since it's made by humans it's not perfect, but so far hasn't (release date, 28 april 2004) and isn't this true in fact of all AV's and their components that they in fact could be hacked and that they then of course would release an update as fast as they could?
    Yes, they are not using iStreams in the next, not because they think iStreams is a bad solution, but because a year has passed and with the constant evolution of software, they have developed technology they think is even better with speed/detection/memory-use in mind. :)
     
  20. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I hear about all of the problems "some" people seem to have with ADS on their system. Well they don't interfer with my defrag program and My Hdd doesn't get any more fragmented than it did with out the ADS. I have run tds3 with no problems, It hasn't affected my antitrojan programs. In actuality it has not affected my comp at all except that Kav scans much faster with them than without. It is possible that the people that are having Supposed ADS problems could actually be having something else on their system causing their problems. I have tried Kav 5.0.227 on five different computers that had some AMD and some Intel processors different software installed and have yet to be able to duplicate the problems I hear about ADS. In my opinion the use of ADS tags is a non problem.

    bigc
     
  21. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Don,

    My experiences with Prevx and KAV were a few weeks ago. There should still be the messages that I posted on ICE's forum. It was a real mess. I never really got an answer to my questions (I couldn't stop 5.0 Pro from creating ADS for the system files), so since my system was at a standstill and I couldn't get rid of all of the ADS, I just did a complete image restore. Cost me about 5 hours of time to get everything current again. I didn't want to use 5.0 Personal, because it had less configurablity than 4.5 (why go backwards?).

    From a design point of view, I think ADS was a really bad decision, and probably a stop-gap as KAV attempted to find a quick "performance fix" in order to enter the OEM market. I am not sure it was ultimately a net help or hindrance in their sales effort, but I think it was a really bad idea because the effects of this decision (i.e., creating ADS for every file) where unpredictable and uncontrollable. I'm glad it is gone.

    Rich
     
  22. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi BigC,

    How do you scan using TDS-3 without "skipping" KAVICH ADS? Either you are masking for KAVICH (a hole) or you are skipping ADS of certain size (a hole) or you are not scanning the ADS (a hole). If there is another way to scan ADS (using any of the ADS scanning tools - not only TDS-3), I would be interested in knowing abou this.

    Suffice to say, I am not alone in my concerns about ADS. That is why KAV finally came out with their own ADS removal tool and options in KAV Personal to suppress ADS. I think online polls of KAV users was lopsided in their desire to rid their systems of ADS. As I commented before, the implications of ADS are unpredicatable - now and in the future, so it is best to avoid them if at all possible. In my case, I couldn't, even though I wanted to.

    As Mele suggested, unless users make their situations known, vendors cannot react. I think it would be most welcome for KAV 5.0 to have an option, during the install process, to suppress ADS forever and all times on my machine. This would seem to be an especially good idea in light of the fact that 6.0 will not using ADS anymore, so why have any of it on a system if a user doesn't want them?

    Rich
     
    Last edited: Apr 8, 2005
  23. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    ADS is only a problem for a minority of folks ... I, unfortunately am one of them, software incompatibility. It will be some time before I trust KAV enough to put it on my system again, I might just be one of the minority, BUT IT IS MY SYSTEM THAT GOT HOSED, and that is what matters to me :mad: (And I never did hear from KAV tech support; that request was made in January!)

    Acadia
     
  24. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Well i agree with you on couple things about this. First i think you're right Kav 5.0 was probably made because the geek-market (that's people like us ;) ) was explored/conquered and they needed to find new & bigger markets, and to do that they needed a product which had the same detection or better, secondly it had to be less of a drag on resources with faster on-demand scanning, and just as important the GUI had to be much more easy to manouver.
    Believe me when i say that on the computers where i have installed Kav 5.0 none has been negative, they can now themself configure (instead of me :D ) without feeling uneasy about perhaps making them less protected, because of the confusing layout of 4.5 for someone doesn't care about configurability, but just wants great protection and thats exactly what they IMHO get with Kav Personal (don't like Pro much myself, Personal seems to run smoother).

    The next step in Kav 6 (it seems) is to do it even better and at the same time also perhaps make a delicate blend of 4.5 & 5.0 , (functionality & configurability, if you wish) this combined with the natural evolution of technologies could make it a killer product..........................jeezuuz i'm sounding like a commercial, i'm closing for tonight..........will be back tomorrow with a fresh mind and a new improved commercial....... ;) :D :D :D
     
  25. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Acadia,

    I hear you. It is rare that I have to do I image restore ... and it is very, very rare that I have to do one to recover from a program that is suppose to secure my system. I really hope Kaspersky and other vendors think twice before they do things to a computer system that might ultimately damage it. I think they were too quick to go after the bling bling.

    But sometimes it pays to reconsider ...

    When I first put Prevx on my system ... about a year ago, it too hosed my sytem registry. Not very good. I was awfully upset ... mostly with myself .. for installing a product that was pretty new and essentially untested. Fast forward about a year, and I have reinstalled Prevx after convincing myself that it is a stable product and I am very happy that I have. It is a supremely good product and upon reflection, I was too quick to install a product early in its lifecyle. I should have let the "beta testers" (who are equipped to test new products) go at it for a while. Of course, vendors such as Prevx and Kaspersky should be much more cautious in their recommendations. I belive Kaspersky is taking its time with the release of 6.0.

    So maybe in the future, you may have the occassion to give KAV a try again ... after it is tested and really stable. So far, unfortunately, I don't think that this is the case with 5.0. I'll wait a good long while before I go anywhere near 6.0. Hopefully 4.5 is supported while I am waiting. 4.5 is an excellent product and it has guarded my system very well ... much better, than Norton for example. So what can I say ... I recommend 4.5 very highly and I hope that 6.0 is a good successor.

    Rich
     
Loading...
Thread Status:
Not open for further replies.