Results 1 to 4 of 4

Thread: two on-access scan issues.

  1. #1
    thingie Guest

    Default two on-access scan issues.

    1. History... I installed the 9.1.008 upgrade as a fresh install, and removed the previous version with the clean tool. I followed all directions, and the install proceeded fine, so I am fairly certain it is not a corrupted install.

    Firstly, I want the mods to know that I *did* search the forums for the "error" message that shows up for the on-access scan in my AV/SW logs. I was led to this link:

    http://forums.zonealarm.com/showthread.php?t=71796

    Which doesn't exist, so Im not sure what the result/fix is for this.

    2. So I downloaded the EICAR test file, it successfully recognized it as a virus. I selected the quarantine option, and it seemed to fail, because a new row was populated on the list with the quarantine option ghosted out. (Im assuming it scanned it twice, hence the two rows in the virus action list) I then selected the "delete" option, which also failed. Then it left me simply with "delete after reboot". When I moused over to check my Temp directory, which is where the file was located, there wasn't anything there.

    Please note that despite the fact some listings say that the scan was manual, I did not initiate a manual scan.

    My log reads as follows:


    Description Anti-virus attempted but failed to repair a virus or viruses
    Date / Time 2010-06-09 15:32:20-7:00
    Type On-Access scan
    Virus name EICAR-Test-File
    Filename C:\Documents and Settings\Jonathan\Local Settings\Temp\o1U6qXW8.com.part
    Action File repair failed
    Mode Auto
    E-mail

    Description Anti-virus attempted but failed to quarantine a virus or viruses
    Date / Time 2010-06-09 15:32:20-7:00
    Type Treat
    Virus name EICAR-Test-File
    Filename C:\Documents and Settings\Jonathan\Local Settings\Temp\o1U6qXW8.com.part
    Action Quarantine failed
    Mode Manual
    E-mail

    Description Anti-virus attempted but failed to delete a virus or viruses
    Date / Time 2010-06-09 15:32:32-7:00
    Type Treat
    Virus name
    Filename C:\Documents and Settings\Jonathan\Local Settings\Temp\o1U6qXW8.com.part
    Action Delete failed
    Mode Manual
    E-mail

    (the second scan.. apparently invoked after I selected the option to "delete".)

    Description Anti-virus successfully scanned file and/or system for viruses
    Date / Time 2010-06-09 15:32:32-7:00
    Type Scan
    Virus name
    Filename C:\Documents and Settings\Jonathan\Local Settings\Temp\o1U6qXW8.com.part
    Action Scan completed
    Mode Manual
    E-mail

    Description Anti-virus attempted but failed to repair a virus or viruses
    Date / Time 2010-06-09 15:32:36-7:00
    Type On-Access scan
    Virus name EICAR-Test-File
    Filename C:\Documents and Settings\Jonathan\Desktop\eicar.com
    Action File repair failed
    Mode Auto
    E-mail

    Description Anti-virus successfully quarantined a virus or viruses
    Date / Time 2010-06-09 15:32:36-7:00
    Type Treat
    Virus name EICAR-Test-File
    Filename C:\Documents and Settings\Jonathan\Desktop\eicar.com
    Action Quarantined
    Mode Manual
    E-mail

    Description Anti-virus attempted but failed to rename a virus or viruses
    Date / Time 2010-06-09 15:33:06-7:00
    Type Treat
    Virus name
    Filename C:\Documents and Settings\Jonathan\Local Settings\Temp\o1U6qXW8.com.part
    Action Rename failed
    Mode Manual
    E-mail

    (Third scan... have no idea when this happened.)

    Description Anti-virus successfully scanned file and/or system for viruses
    Date / Time 2010-06-09 15:33:06-7:00
    Type Scan
    Virus name
    Filename C:\Documents and Settings\Jonathan\Local Settings\Temp\o1U6qXW8.com.part
    Action Scan completed
    Mode Manual
    E-mail

    Description Anti-virus successfully deleted a virus or viruses from quarantine
    Date / Time 2010-06-09 15:37:24-7:00
    Type Treat
    Virus name EICAR-Test-File
    Filename C:\Documents and Settings\Jonathan\Desktop\eicar.com
    Action Deleted
    Mode Manual
    E-mail


    As you can see, it eventually succeeded, but the "select action" window NEVER alerted me to any success, and only left me with the "delete after reboot" option. I had to check my temp directory and desktop to see if the files were still present. All referenced files were gone, and the eicar.com file DID show up in the quarantine.

    I also noticed that all failed attempts were to the temp file, not the file on the desktop.

    However, I find this to be... well.. unsatisfactory and disturbing. I worry that the av software is unable to quarantine any files a virus/malware executable may drop into other directories and the registry. I am unaware if the on-access scanner's response was unique to the eicar file or not.

    Which brings me to:
    3. Does Zone Alarm scan the registry?

    I am aware that the newest version (9.1.603) has been released, and that *may* fix the problem. However, I am on windows XP Pro, SP3, and I know that 9.1.507 had some issues with XP, so I am remiss to upgrade for a while, until I can see how it has affected other XP Pro users on the forum.

    Any help with this would be much appreciated.
    Last edited by thingie; June 9th, 2010 at 03:23 PM.

  2. #2
    Join Date
    Dec 2002
    Location
    San Carlos, California
    Posts
    1,636

    Default Re: two on-access scan issues.

    Hello,

    This is not an idicator at all if our AV is not working properly.

    We cant help you with "testing' the AV.

    If you have a real world threat and there is an issue then support could help you.

    If your using a trial of our software you may want to try other brand of AV if your not comfortable with our software for a comparision.


    Forum Moderator
    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    thingie Guest

    Default Re: two on-access scan issues.

    Im not sure I understand.

    This is an issue regarding the on-access scan feature in the AV section. Namely, the "error" message that comes up in the logs. I stated before that I was getting those regularly, I found a link posted in several of the threads explaining what the problem is, however, the link goes to a page that no longer exists, so I was searching for an answer here.

    In addition, the eicar.com test was something recommended in another thread, to test for the exact same problem I am having. Eicar, as you know, is a test file, not a real virus, and the suggestion, I believe, was posted by a guru. A moderator never commented in that thread if this was inappropriate, so apologies for the misunderstanding.

    "This is not an idicator at all if our AV is not working properly."

    Perhaps I worded it wrong. I wasn't saying the AV was acting abnormally. I stated that I was concerned, and wanted to know if this behavior was normal? abnormal? Is this how Zone Alarm behaves all the time when one is given the choice to quarantine, delete, etc? I am doubly confused here, since, once again, the eicar test was suggested in another thread. I have also found other threads in the AV/SW forum which deal with the eicar test as well, so Im not sure why this thread is inappropriate. Im simply requesting more information on this behavior.

    "If your using a trial of our software you may want to try other brand of AV if your not comfortable with our software for a comparision."

    I have been a zone alarm user for years, and my signature indicates that I am not on a trial version.

    Also, would it be possible if someone could answer my third question? Namely, does zone alarm AV/SW scan the registry?

    Please don't misunderstand me. Im not P-O'ed at your response. Just a bit confused, since, as I said before, I have seen several threads dealing with similar issues, one which leads to a possible solution, except that the link is broken, the other suggests the eicar.com test. I personally feel that this post contains three valid questions that warrant feedback.

    I will absolutely take it up with support if need be, but my experience so far has been that the user base has been more helpful, so I would like to please see if anyone here has any suggestions or have had similar experiences before I contact CS.
    Last edited by thingie; June 9th, 2010 at 04:05 PM.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: two on-access scan issues.

    Try to clean install the latest ZA Extreme version and test again (ZA 9.1.603). You should not get an option to select the treatment option unless you have modified the way viruses are treated. EICAR should be deleted on the spot unless you are running other tools that conflicts with ZA (tipically other security tools).

    Once installed try to download the file:
    http://www.eicar.org/download/eicar.com

    What is the result?

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Solved] Scan issues
    By wyappy in forum ZoneAlarm Installation
    Replies: 6
    Last Post: October 28th, 2009, 07:46 AM
  2. Replies: 0
    Last Post: December 3rd, 2007, 12:44 PM
  3. Virus Scan slow down issues
    By ssri in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 2
    Last Post: November 20th, 2007, 11:37 PM
  4. Replies: 1
    Last Post: July 23rd, 2006, 12:26 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •