Results 1 to 4 of 4

Thread: Turned on all logging options - now seeing "Handle is Invalid" errors in AV log.

  1. #1
    lalittle Guest

    Default Turned on all logging options - now seeing "Handle is Invalid" errors in AV log.

    Please note:
    I searched for and found other reports of this issue on these forums, but there were no solutions or explanations in the other threads, so I'm starting a new thread to ask about some specifics to what I'm seeing on my system.

    I'm running ZASS 7.0.483 on a Core 2 Duo 3.0 gig with 2GB RAM using XP Pro SP2.
    After checking ALL the
    items in the ZASS
    Advanced logging options, I noticed that I'm getting a lot of error reports in the ZASS
    log after doing a virus scan.
    The errors say "Error: The handle is invalid."
    I don't see this for "every" file, but I see it for a LOT of them (thousands.)
    At this point it appears that this is only happening on one drive, but there does not appear to be any problem with this drive (more on this in a moment.)
    The scan says that it completed normally, and if I
    uncheck "Anti-virus scanning errors" in the log options (which is actually the default setting), I get no indications of any problems.
    One thing that may be significant is that if I just scan a single file, I get two entries in the log.
    The first says "Error: The handle is invalid"
    and lists the filename.

    This is immediately followed by another entry at the EXACT same time that lists the same filename and says "Scan completed."
    In other words, both entries are at the same time, both list the same filename, and the second one says that the scan completed normally.
    As mentioned above,
    others have reported
    experiencing the same thing.
    It may be significant to re-iterate that Anti-virus error logging is OFF by default in ZA -- you have to go to the Advanced options and specifically check this option in order to see these errors.
    I'm wondering if this is the only reason that we don't see more reports of this.
    I said above that I only appear to be seeing this issue on one drive.
    Before
    assuming that the drive is at fault, however, I need to add that I have a duplicate copy of the contents of this drive on another drive.
    I did
    a bit-by-bit comparison of the contents of these drives, and they are identical -- absolutely no differences.
    I also did a chkdsk which shows no errors for the drive.
    On top of this, I checked the smart info for the drive and it shows nothing unusual.
    Basically, I have absolutely no problems with this drive, which checks out fine using more than one method and all the data compares exactly with the same files on another drive.
    ZASS is the ONLY program that seems to have a problem with this drive, and if it wasn't for the fact that I happened to have manually checked the "Anti-virus error logging in the advanced logging options, even ZASS would be indicating no problems.
    I can't help wondering if these "handle is invalid" error are erroneous, and that the "scan completed successfully" entry in the log is the only one I need to pay attention to.
    Thanks for any feedback on this,
    Larry

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    findley Guest

    Default Re: Turned on all logging options - now seeing "Handle is Invalid" errors in AV log.

    lalittle,
    Some time ago I asked this same question in this forum, had done some things similar to what you posted checking the health of my hard drives and yes I had checked, as you did, the box to enable anti-virus error logging.
    I learned that the "Handle is Invalid" error in the anti-virus log is just an indicator of system files and files in use; files that cannot be scanned.

    As someone posted the answer from
    their tech ticket "ZoneAlarm can not scan files that are in use."
    So, yes I agree with your conclusion these "Handle is Invalid" errors in the AV log
    are,
    as you put it, erroneous and the advice which has been given here in this forum is uncheck anti-virus error logging.

    There is a reason that by default the anti-virus error logging is unchecked.
    Findley

  3. #3
    lalittle Guest

    Default Re: Turned on all logging options - now seeing "Handle is Invalid" errors in AV log.

    Findley,
    THANK YOU for your post -- you pointed me right to the problem!
    I thought about what you said about the error being due to "system files" or "files in use," and I got to thinking about access permissions.
    As I mentioned above, the only drive that had this issue was a drive that had previously been in another system.
    I thought that perhaps this had led to this drive having different access permissions that might be causing the behavior.
    I checked, and this drive did indeed have permissions that were different from my other drives for the folders in question, which were different from the permissions on the root of the same drive.
    I should mention that the permissions did not appear to be anything that would prevent access to the drive -- I can't remember exactly what they were, but they appeared to imply "full control" for all users, and I am always logged in as an administrator anyway.
    Never-the-less, I clicked on the root of the drive and hit Properties, opened
    the security tab, and hit "Advanced."
    I then checked the "Replace permission entries for all child objects..." box and applied it.
    The process appeared to hand
    on the file "MountPointManagerRemoteDatabase" (a system file) for some reason, but it appeared to work.
    After doing this, ZASS no longer gives me the error messages in the log when scanning this drive.
    Just out of curiosity, I tried applying the "Replace permissions..." setting again and it hung on the same file.
    I get the impression that this may be a glitch from having Explorer set to show all files including system files.
    The bottom line is that updating the security permissions worked -- no more "handle is invalid" errors in the ZASS log.
    It occurs to me that the implications of this are potentially incredibly important.
    It appears that the scanner may not have been scanning the files on this drive, and if it weren't for the fact that I had manually changed the ZASS logs to show me AV errors, I would never have known this.
    For anyone reading this, I would recommend checking the "AV errors" box in the advanced ZASS logging options and checking the logs after a scan.
    If you run into this error, check the security permissions and try the steps outlined above.
    Thanks again to Findley for helping me solve this issue,
    Larry

  4. #4
    findley Guest

    Default Re: Turned on all logging options - now seeing "Handle is Invalid" errors in AV log.

    Larry,
    You're welcome:8}
    Findley

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •