- #AVAST ROOTKIT INDICATOROSD ARCHIVE#
- #AVAST ROOTKIT INDICATOROSD FULL#
- #AVAST ROOTKIT INDICATOROSD CODE#
I immediately ran a scan to find several programs infected by a rootkit threat.
but when I went to check on the scan log it told me that the computer had never been scanned and the scheduled scan I had set up was missing. I had previously set Avast to scan on Sunday mornings around 2 a.m. Finally went into the scan area of Avast to see what the latest scan had found. Unfortunately it happened a couple more times. Not knowing if this setting was or should be higher, this made me nervous so I increased the level and went about my business. I clicked change to find that it had lowered my firewall protection to low (Home Computer Setting). I cancelled it after it had been running more than 2.5 hours and it said that it was 39% complete.I have recently started receiving notifications from Avast upon restart of my computer informing me that my email provider (Frontier) had made changes to my Firewall.
#AVAST ROOTKIT INDICATOROSD ARCHIVE#
I then ran an ashsimpl scan at Thorough with archive scanning (just as ashquick had done).
#AVAST ROOTKIT INDICATOROSD FULL#
What matters is the team getting in any finding the real cause.Įarlier tonight my full system scan using ashquick (as I do every week) completed in 34 minutes, the same time as it took with avast 4.7. It does appear from traces that something is taking up time between scanning of files - that may be something to do with the way the scan progress indicator has been implemented in ashsimpl.exe - the scan progress indicator in ashquick.exe does not seem to involve any delays between the processing of files. I do not think that this is a rootkit scanning overhead problem (look how fast the standalone rootkit scanner is). I do not think that there is any problem with the scanning of individual files being slower.
I believe that all levels of the scanning by ashsimpl.exe are considerably less efficient than they were in avast 4.7 (irrespective of whether all local drives or selected folders are scanned). If you then run an equivalent ashsimpl.exe scan of C:\Program Files and select Thorough scan with archive scanning (to match what ashquick.exe does) then you will see the considerable degradation of the performance of this scan in avast 4.8 compared with avast 4.7.
#AVAST ROOTKIT INDICATOROSD CODE#
This is the baseline - this is what avast's scanning code can achieve in avast 4.8. In a system with avast 4.8 installed, as far as I can tell, an ashquick.exe scan of say c:\Program Files will run for about the same time as it took in the 4.7 version. If you then use the ashsimpl.exe interface and run a Thorough scan with archive scanning of the same folder it will run for a very roughly similar time to ashquick and give statistics very close to those of ashquick.exe for scanning the same.
It will run for a given time and report on the files/folders scanned the total disk space scanned and the number of infected files found. In a system with avast 4.7 installed if you perform an asquick scan of say C:\Program Files then it will scan that folder and all the folders within it.
It appears to me that there is significant degradation of the performance of ashsimpl.exe compared with its performance in avast 4.7. While both of these functions have been modified in avast 4.8 to include scan progress information to the best I can tell there has been no degradation of the performance of ashquick.exe. This scanner is the one most often used to scan newly downloaded files and is the program used for the shell extension scanning when you right click on a drive, folder or file. Scanning can be performed on all local drives, selected drives and/or selected folders.Ģ) ashquick.exe - this manages ad-hoc scanning and its options are fixed at Thoroughl scan with archive scanning. Remember that we have two programs in avast that drive on demand scanning.ġ) ashsimpl.exe - this manages the classic scanning with options for Quick, Standard and Thorough scans and with archive scanning optional in each of those scan levels. I know that the following is not news to you but I want any other readers to understand. Earlier you asked for a baseline - well there is one.
0 kommentar(er)
