Results 1 to 8 of 8

Thread: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

  1. #1
    wstern Guest

    Default With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    Hi,

    I want to use ZAISS 7.0.462 with ZA's Anti-virus "On Access" scanner turned on.
    I installed McAfee Viruscan Enterprise 8.0 with the intention of turning off McAfee's on access scanner,
    and only using McAfee as a passive on demand "2nd opinion" batch scanner.
    I want ZA Antivirus to be my only "On Access" scanner, and to keep the McAfee installed with McAfee's on access scanner disabled.

    The problem is that ZAISS 7 sees that McAfee Anti-virus is installed, and automatically turns off ZA's Anti-virus "on access" scanner.
    ZAISS 7 does this because it wants to avoid a conflict between 2 "On Access" scanners running,
    but ZAISS 7 is not smart enough to realize that I disabled McAfee's "On access" scanner.
    So once ZAISS 7 see's McAfee installed (even with McAfee's "On access" scanner disabled, ZA automatically disables its "On access" virus scanner
    as well, and it won't let me turn ZA's "On Access" virus scanner back on.

    So I need a way of disabling ZA's automatic check for McAfee's existance and ZA's automatic disabling of the ZA Anti-virus "On Access" scanner
    when it sees McAfee installed with McAfee's "On Access" scanner turned off. Is there any registry hacks which will accomplish this?

    The reason I want to do this is that ZA/Kaspersky missed a virus that McAfee caught with McAfee's superior Heuristic scanner,
    so I like having McAfee as an extra "On Demand" scanner available from the Windows Explorer when you right click on a suspicious file
    and chose scan with McAfee Anti-virus.

    Any help would be greatly appreciated.

    Thanks,

    Bill

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    <blockquote><hr>wstern wrote:
    Hi,

    I want to use ZAISS 7.0.462 with ZA's Anti-virus "On Access" scanner turned on.
    I installed McAfee Viruscan Enterprise 8.0 with the intention of turning off McAfee's on access scanner,
    and only using McAfee as a passive on demand "2nd opinion" batch scanner.
    I want ZA Antivirus to be my only "On Access" scanner, and to keep the McAfee installed with McAfee's on access scanner disabled.

    The problem is that ZAISS 7 sees that McAfee Anti-virus is installed, and automatically turns off ZA's Anti-virus "on access" scanner.
    ZAISS 7 does this because it wants to avoid a conflict between 2 "On Access" scanners running,
    but ZAISS 7 is not smart enough to realize that I disabled McAfee's "On access" scanner.
    So once ZAISS 7 see's McAfee installed (even with McAfee's "On access" scanner disabled, ZA automatically disables its "On access" virus scanner
    as well, and it won't let me turn ZA's "On Access" virus scanner back on.

    So I need a way of disabling ZA's automatic check for McAfee's existance and ZA's automatic disabling of the ZA Anti-virus "On Access" scanner
    when it sees McAfee installed with McAfee's "On Access" scanner turned off. Is there any registry hacks which will accomplish this?

    The reason I want to do this is that ZA/Kaspersky missed a virus that McAfee caught with McAfee's superior Heuristic scanner,
    so I like having McAfee as an extra "On Demand" scanner available from the Windows Explorer when you right click on a suspicious file
    and chose scan with McAfee Anti-virus.

    Any help would be greatly appreciated.

    Thanks,

    Bill

    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>


    Hi Bill

    First using two antiviruses on the same PC is never a good approach.
    The activation of the drivers and files from both scanners will eventually do funny things with the windows kernel. This will cause windows issues and possiblely a failure of the operating system. Even if one is set to on demand and the other is set for guard or resident, the actual efficency of both is often affected/reduced and some malware may elude both AV's in their weaken state. It can seriously backfire.
    Okay got that out of the way.

    Look in this registry key in the Safe Mode:

    HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs\ZoneAlarm

    Since I do not use the ZAISS, look for some key like Disable... or Enable Antivirus and change the values. REG_WORDs with a value of 0 are off (or diabled) and the values of 1 are on (or enabled). String value are written and usually resemble simple commands. It should take effect after the reboot back into the normal mode.

    Also you could try to un-install the McAfee and start the ZA AV, then install the McAfee as an on demand scanner using the Custom installation steps.

    Final comment - just do online scans instead of a second AV. You can alternate with not only McAfee, but Norton and slew of others scanners.

    Or install something like Asquared free - it is an ondemand scanner with the explorer content menu option. Although a malware scanner, it does actually best many of the poorer performing AVs. The Ewido is another freeware that will give on demand and an explorer content menu option. Neither will conflict with the resident AV.

    The best and cleanest and very effective AV scan to use?? Have one PC with one AV brand and another PC with another AV brand. Pull the HDD out of one of the PCs and attached it to the other PC with a USB adapter. The scan and detection and removal will be the very best - windows is not active in the USB drive and the PC's scanner will be doing it's very best. Plus the resident scanner and the windows of the pulled drive will never know it was scanned by another AV. The stubbornest troyan or virus is easily removed and cleaned. Any corrupted or deleted windows files can be easily replaced before the HDD is returned back to the PC.

    Oldsod

    Message Edited by Oldsod on 02-18-2008 12:34 AM
    Best regards.
    oldsod

  3. #3
    wstern Guest

    Default Re: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    Hi Oldsod,

    Thank you for your very informative post.

    I was able to overcome the issue by going into the Windows XP control panel, administrative tools, services,
    and I stopped and disabled the Network Associates McShield Service. This service is only used for &quot;On access scanning&quot;.
    If you only turn off &quot;On access&quot; scanning from the McAfee console, it still leaves this service running.
    This is the service which ZAISS 7.0.462 looks for when determining if you have McAfee &quot;On Access&quot; turned on.
    So, I've overcome the issue by stopping and disabling the Network Associates McShield Service.

    McAfee has decent protection for viruses and spyware, but it excels in providing you complete control over scanning options.
    Its console is highly multi-threaded, allowing you to run 5+ scans simulaneously - Like of your c: drive, d: (second hard drive),
    e: drive (external fire wire hard drive), f: drive: (Usb flash drive), g: drive: Apple Ipod, h: drive (SD flash card) i: drive CD/DVD drive, etc.

    Also, McAfee also provides the explorer context menu right click scan single file or directory option, which gives a quick 2nd opinion
    to ZA's Kaspersky explorer context menu option. McAfee's excellent heuristic scanner saved me as Kaspersky missed a trojan from a file
    I had downloaded.

    I also have the a-squared free 3.0 &quot;On demand scanner&quot; installed, and so I have 3 explorer context menu right click scanners: ZA/Kaspersky, McAfee, A-Squared.

    Quick question - The Kaspersky 6.0 virus engine which comes with ZAISS 7.0.462 has a weak heuristic scanner as judged by http://www.av-comparatives.org/
    But Kaspersky 7.0 virus engine has an excellent heuristic scanner as judged by http://www.av-comparatives.org/

    Is there any way for me to manually upgrade ZAISS 7.0.462 from the Kaspersky 6 engine to the Kaspersky 7 engine.

    Thanks,

    Bill

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    Hi Bill

    Now that you mention the disabling of the McShield Service, it got me thinking. Open the Add and Remove Programs in the Control Panel and open the Change of the McAfee. Some applications have allowances for installing and uninstalling certain components with out uninstalling the entire program.
    If windows asks to procedure with the removal, then just deny. If you have a windows with options or custom, then it maybe possible to uninstall the McShield Service without uninstalling the ondemand scanner. Just a thought.

    As far as I know the KAV6 and KAV7 are actually the same antivirus engine - just some auxillary files were edited. removed or added. The ZAISS is using this same kaspersky engine.

    But the Kaspersky is not well known for it's great heursitics. It is really a definitions based scanner - the almost hourly updates are what keeps gives it the great detection ratings.

    Scanner like NOD and Avira/Antivir are great heuristics scanners. If you want some day to drop the McAfee, then try the freeware version of the Antivir. It is great on heuristics and is at the top of the list at av comparitives.
    It can be custom installed for just an ondemand scanner or customized after. There is a hack for the nagging buy me screen. It will show in the context menu as well. Plus it is very fast and very light and deadly detection rates. It will also do simultanous scans of drives, files and folders.

    I suppose if you want some more context menu scanners, try the Ewido and the superantispyware. Both have freeware versions and are fairly decent.

    Myself I just use a seperate AV (and the ZA firewall for resident. Plus asquared free for a second opinion. If I am in doubt, I use online scanners like virusscan (jotti) or virustotal to scan a dubious file. That is more than sufficent for my needs Yes, I travel the dark side of the internet often and download unsafe things, but I can avoid the traps and pitfalls plus I use a safe browser like Opera and proper web filtering and a special IP blocker.

    Best regards, Oldsod.
    Best regards.
    oldsod

  5. #5
    wstern Guest

    Default Re: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    Hi Oldsod,

    Thanks for the tip - it worked. Under Windows XP Control Panel, Add/Remove programs, there is a &quot;Change&quot; button next to McAfee Viruscan Enterprise 8.0
    which allows uninstalling the &quot;On Access&quot; scanner, but leaving the on demand scanner there.

    One more question - I'm interested in finding any links to posts of people who have manually upgraded their
    ZA from ZA/Kaspersky anti-virus engine version 6 to version 7 by adding / changing some auxilliary files (as you mentioned in your previous post).

    The motivation for this is that Kaspersky version 7 scores an &quot;Advanced +&quot; highest rating for its heuristics scanning
    at http://www.av-comparatives.org/

    Thanks,

    Bill

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    Hi Bill

    I am not much help there. I really have no idea about adding files, since the files would have to registered and properly programmed in the ZA in both the data and executible files.

    On the other hand I would not worry about it. The kaspersky 6 did have about a 98 per cent detection rate, without the heurisitics.
    The kaspersky 7 antivirus does have extra and new drivers which changed a lot of ways the antivirus engine was applied. The ndis driver was added supposedly for the network scanner, but it is also at the same time a driver needed for the firewall of the kaspersky security suite. The original tcp/ip filter driver is there as this is also needed for their antivirus and firewall.

    From what I understand the promised heuristics in the kaspersky 7 never really materialized. It was more hype or publicity than anything else. The heuristic are expected to arrive in the version 8. But still would not count on it.

    I did have a look at the kasperksy 7 antivirus when it first came out. I concluded it is basically a kaspersky security suite without some of the data files added in. Their antivirus does seem to be a pared or reduced version of their security suite, not a pure antivirus application. I think this is why it add to the difficulty for a user to add files. From a business point of view, this does make a lot of sense. Just make one coded application and create two or even maybe three versions from the same code and files.

    I use the NOD 2.7 and the Antivir. Both are pure antivirus applications, with out any firewall drivers or un-needed files. These are both still pure antiviruses in this sense and have no added bloat or hidden/unused files and drivers. I prefer clean and lean applications with out the junk or unused extra code and dead files.
    Both antiviruses have excellent heuristics. Probably the best in the business. The NOD is known to have less false positives and the Antivir is known by some to have more false positves. But it has been my personal experience this is not so - I had the kaspersky 5 and 6 had the highest number of false positives. The kaspersky declaring the registry and windows explorer as malware are some of the well known examples. Kaspersky did declare many of the office files from ms to be malware and a few other normal applications. Never at these times did I get any false positves from either the antivir or the nod. And still have yet to get any false psoitives from either one.

    The NOD from eset is an example of explaining what I meant. The NOD 2.7 and the NOD 3.0 both use the very same anitivirus engine, just same as with the kaspersky with the 6 and 7. The NOD 2.7 and the NOD 3.0 have the exact same detection rates.
    But the NOD 3.0 has added some newer firewalling files. Again I would suspect probably firewall drivers were probably added, since they would also use the "single code" approach to create a couple or more product.
    The only new "working" files added to the NOD 3.0 antivirus would be some files for assisting in the malware removal and of couse some newer GUI. But the detections between the NOD 2.7 and the NOD 3.0 are exactly identical, since they use the same engine.

    I use the ZA AntiSpyware, but at the same time I do unregister, remove un-needed files, and edit the .xml files., etc. I stop short of re-compiling the code/files. I customize the ZA Antispyware to my own preferences and likes.

    Cheers, Oldsod.

    Message Edited by Oldsod on 02-19-2008 12:30 PM
    Best regards.
    oldsod

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    Hi!
    to follow up on the added heuristics detection for KAV 7.
    So far, most test I have seen are reporting a different between 0.1% to 1%.
    A really negligible difference as compared to KAV 6.

    It is promised to improve a lot in the near future....

    By the way, Mcafee is not better than KAV in heuristic detection so I would not opt for Mcafee for heuristics
    See here: http://blog.chip.de/0-security-blog/...2008-20080122/
    under "Proaktive-Erkennungsrate"

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: With ZAISS 7.0.462, I cannot use McAfee Viruscan Enterprise 8.0 as an On-demand scanner.

    <blockquote><hr>fax wrote:
    Hi!
    to follow up on the added heuristics detection for KAV 7.
    So far, most test I have seen are reporting a different between 0.1&#37; to 1&#37;.
    A really negligible difference as compared to KAV 6.

    It is promised to improve a lot in the near future....

    By the way, Mcafee is not better than KAV in heuristic detection so I would not opt for Mcafee for heuristics
    See here: http://blog.chip.de/0-security-blog/...2008-20080122/
    under "Proaktive-Erkennungsrate"

    Cheers,
    Fax
    <hr></blockquote>
    Thanks Guru fax

    I had thought there was now real change in the kaspersky's heurisitics, but barely 1 per cent difference is really not much difference.

    It is noted also the Webwasher is a gateway application software using the antivr with additional filters for spam and phishing sites, spyware and troyan sites and some web content fitering (activex, js, java, etc). Hence it's excellent detections.

    The AVK is actually a dual purpose antivirus- for either a gateway application or a desktop. It uses two seperate antivirus scanners for it's detections and removal. Hence it's excellent detections.

    Oldsod.

    Message Edited by Oldsod on 02-19-2008 01:48 PM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •