norton737

a-squared Anti-Malware 5.0 - Beta discussion

Recommended Posts

Hi Fabian and all EMSI developers.

Thanks for information. That sounds great and intriguing! :)

The question regarding Mamutu & a2-Free edition

Since some users (I am included) are using betas of both latter products for their whole life cycle, should we expect any delivery of any new features being downloaded?

I'm especially interested in Mamutu v3 (for testing on XP 32bit & win7 x64)

or

Mamutu public beta release will be announced later?

My regards

Share this post


Link to post
Share on other sites
Guest James

Hey there, i have noticed that when i go to do a custom scan and click on the 'when scan finishes' link i see a white box for a split second and then it disappears without any user interaction.

I am on XP Home SP2.

Share this post


Link to post
Share on other sites
Guest James

I have also noticed that my update logs no longer exist (others do) and my quarantine has been completely wiped.

:)

Share this post


Link to post
Share on other sites

The latest Beta release seems to be stable and has performed a relatively faster smart scan than previous builds. As I've mentioned before, my only gripe is the pop-out menu, which got stuck during a database update and refused to pop back in. Closing the A2Guard window and re-opening solved this, but could we have an option on whether this feature is active?

I have paranoid mode activated but I'm not getting the level of alerts I would expect in the early stages of usage - not necessarily a bad thing, I suppose.

Share this post


Link to post
Share on other sites

I am having problems on my real machine with the new public beta!

If it detects anything (fileguard) then i just see the detection alert window opening, but it is white and computer hangs up, i waited 1 hour, nothing happend!

Restarted, same computer hangs up after asquared starts fully!

Safemode did not work or i did not wait enough. I started in normal mode and waited for asquared icon, as soon it come i clsoed it before it turn from red to normal.

I deleted the file which was detected(falsepositive) and disable asquared from startup list.

And it worked again.

I pressed on freehijack and when closing the window again the computer hang up again...

I am using only Malwarebytes with asquared.

And my computer is pretty clean, 19 processes running after startup(without asquared)

Startup list is also clean:

Malwarebytes Anti-Malware

Asquared Anti-Malware

Logitech Set Point

OS: Windows XP 32 bit, all updates.

Realtime Security Apps: Asquared Anti-Malware, Malwarebytes Anti-Malware

I use again 4.5 i will try now to update again to v5 and try detection!

Share this post


Link to post
Share on other sites

Closing the A2Guard window and re-opening solved this, but could we have an option on whether this feature is active?

You can already disable the notifications under "Configurations"/"Popups".

Share this post


Link to post
Share on other sites

I am using only Malwarebytes with asquared.

And my computer is pretty clean, 19 processes running after startup(without asquared)

If I remember correctly MBAM uses a file system filter driver as well. So there is a chance they are causing some kind of recursion. Does the problem occur when MBAM is disabled?

Share this post


Link to post
Share on other sites

Yes i disabled everything!

Malwarebytes auto start, malwarebytes services from starting.

This was my process list before i started asquared and tested it.

unbenanntgo.png

I just tested eicar teststring:

It hangs like this and i just can shutdown when i hold the reset button of my computer.

10022010778.jpg

Share this post


Link to post
Share on other sites

Sorry i know now why it happens!

It was conflict with malwarebytes, even closing malwarebytes and its service the bug was still there.

Disabled from startup, service from mbam --> rebooted

Tested again and it works.

I will try now to exclude mbams files in asquared and lets see how it goes!

Edit: Does not work, excluding malwarebytes files does not help.

So will this be fixed? I bought mbam and i don't want to uninstall it.

Share this post


Link to post
Share on other sites

Depends if the problem is actually caused by our software or by MBAM. I will contact them to see if we can find a solution for the problem. Since this bug involves a third party there is no ETA yet.

Share this post


Link to post
Share on other sites

You can already disable the notifications under "Configurations"/"Popups".

Sorry, Fabian, I meant the menu section in A2Guard itself.

Game Mode works well with Mass Effect 2, by the way.

Share this post


Link to post
Share on other sites

You are talking about the context menu?

No, the menu on the security centre. Sometimes when it sticks when it slides out and obscures the selections hidden beneath it. Eg if it sticks in the configuration panel, it obscures the General and Scheduled Scan tabs.

It's only happened once, so no biggy. :)

Share this post


Link to post
Share on other sites

Bug?

If you set the fileguard to scan all files when read --->

If you open with explorer a folder where an infected file is, then it shows the malware detected alert window 3-5 times, you can choose qurantine and press ok but it shows the window 5 times until it is really under qurantine.

Share this post


Link to post
Share on other sites

Why is NirSoft's ProduKey detected when I scan it on demand using the context menu, but not blocked when I start it?

Does this mean I'm not protected? Or does A2 allow low risk items?

Share this post


Link to post
Share on other sites

Hi XIII,

1st that is a Riskware - it doesn't mean that is necessarily dangerous.

You can whitlist it.

Then if AV detecting the item by signatures and/or heuristics - that doesn't mean that the Behavioral Blocker (BB) part (IDS) should consider the behavior/execution as malicious.

That is not necessarily always one to one relation

My regards

p.s. it seems that "onExecution" scan should flag it (by signatures) the same way as on-demand, but there may not be alerts by BB

Share this post


Link to post
Share on other sites

Actually, it was already on my whitelist, but I temporarily removed it since I thought this would be a safe way to test the runtime protection of A2 Anti-Malware 5.0 public beta (I have had some problems with the combination Anti-Malware plus Online Armor with previous betas using eicar.com).

Any suggestions for another safe test that actually is useful?

Share this post


Link to post
Share on other sites

The File Guard uses only the IKARUS scan engine for performance reasons. The on-demand scanner uses both. If I am not mistaken the Nirsoft detection is one of our own engine (!A2). So it is normal that it's not caught by the File Guard. Try to use TrojanSimulator or Eicar since they are detected by IKARUS as well.

Share this post


Link to post
Share on other sites

The File Guard uses only the IKARUS scan engine for performance reasons. The on-demand scanner uses both.

...

The A2 and Ikarus engines are not combined in this release, they are still separate?

Share this post


Link to post
Share on other sites

The A2 and Ikarus engines are not combined in this release, they are still separate?

The engines are combined. But for File Guard only the IKARUS engine is used. Most of the signatures provided by the A2 engine are actually traces. There are only a very limited number of actual file signatures. So we decided to drop A2 from the File Guard to enhance the performance.

Share this post


Link to post
Share on other sites

That's good news. We should see a decrease in the total scan time for scheduled/on demand scanning.

Thanks for replying.

Share this post


Link to post
Share on other sites

This does not affect on-demand scanning at all. Nothing has changed there. This only affects the new File Guard.

We are working on a new engine though that showed promising results during the last tests. It is too early to comment on it or it's ETA though.

Share this post


Link to post
Share on other sites

Can i know why Surf Protection is not working?

No alerts if you visit a site, i deleted all rules and visited megaupload. com which is blocked normally, nothing! I can visit all sites, nothing gets blocked :angry:

Share this post


Link to post
Share on other sites

I got a few little problems in the GUI all of the sudden. First I tried to schedule a scan but for some reason I can not. I cannot check the box, every time I click the GUI refreshes. I tried all of the other configurations and the only other thing that does not work is the Auto Update. It does the exact same thing and will not let me enable it. I have tried shutting down services and restarting a^squared guard which did not work. I have also tried restarting my computer wich also did not fix anything. So I guess I will try a reinstall.

Share this post


Link to post
Share on other sites

I can reproduce the problem, dlc50. Since the next update is already in final testing we won't be able to fix it with the next update though.

OK thanks Fabian, that sounds great.

Share this post


Link to post
Share on other sites

I have Vista 64 Home Premium

I just got 5.0.0.27 a few days ago and I'm having some very concerning issues.

1) The scheduled scan is off and cannot be turned on. Worked fine on 4.5

2) Browsing files in windows explorer is painstakingly slow IF a) surf protection is on OR b ) if behavior protection (i.e., IDS) is turned on. This is accompanied by excessive CPU usage from the process a2-service that stays at around 40-60% and doesn't seem to go down if either of those 2 protections is turned on.

So now I am running it with only file protection on.

Is there a way to reinstall 5.0.0.27? Maybe that's my problem. I can't find a download for this version. And I don't know how to go back to 4.5.

If this doesn't get resolved in this thread in the next day or so, I will post a new topic on the forum.

Thanks for your help.

EDIT: in trying to reinstall 5.0.0.27, i downloaded 4.5, the only one i could find, and reinstalled it. I have my update options set to install betas. I ran an update, but it will not install 5.0.0.27 again. Why is this?

Share this post


Link to post
Share on other sites

I had an issue yesterday where after rebooting my PC the Desktop loaded, then froze. This may or may not have been due to the beta.

I scheduled a scan to run at 1am. I first configured a custom scan, excluding my two backup drives, and everything else(heuristics etc), was on. I did not configure the extension filter. I used the saved custom scan as the configuration for the scheduled scan.

This morning (6:40am) the scheduled scan was at 2% and the PC had frozen. I have a desktop clock that showed 2am, so the freeze occurred an hour after the scan started.

Share this post


Link to post
Share on other sites

Is there a way to reinstall 5.0.0.27? Maybe that's my problem. I can't find a download for this version. And I don't know how to go back to 4.5.

EDIT: in trying to reinstall 5.0.0.27, i downloaded 4.5, the only one i could find, and reinstalled it. I have my update options set to install betas. I ran an update, but it will not install 5.0.0.27 again. Why is this?

By unchecking the Install Beta Updates checkbox you will downgrade to the latest final stable version (4.5) of a-squared Anti-Malware.

The beta update was disabled due a serious bug. Please read the ChangeBlog for more information.

Share this post


Link to post
Share on other sites

1) The scheduled scan is off and cannot be turned on. Worked fine on 4.5

Known problem as mentioned in the beta announcement.

2) Browsing files in windows explorer is painstakingly slow IF a) surf protection is on OR b ) if behavior protection (i.e., IDS) is turned on. This is accompanied by excessive CPU usage from the process a2-service that stays at around 40-60% and doesn't seem to go down if either of those 2 protections is turned on.

Again a known problem as mentioned in the beta announcement. It was fixed though with the latest update.

EDIT: in trying to reinstall 5.0.0.27, i downloaded 4.5, the only one i could find, and reinstalled it. I have my update options set to install betas. I ran an update, but it will not install 5.0.0.27 again. Why is this?

The beta was put on halt temporarily because of a bug in the update mechanism. When certain files were replaced the updater would kill every running application. The problem is fixed in the mean time and the test continues.

Share this post


Link to post
Share on other sites

Thanks for your responses.

So the program has updated itself overnight to 5.0.0.28

Scheduled scan works now!

However, I still get high cpu usage from a2-service and slow file browsing if i turn on IDS or surf protection.

Fabian, you mentioned that problem was fixed in the latest beta. Is 5.0.0.28 not the latest beta? or is it something on my end? if so, how can remedy this?

Again, I'm on Vista 64 home premium.

Thanks so much

Share this post


Link to post
Share on other sites
Fabian, you mentioned that problem was fixed in the latest beta. Is 5.0.0.28 not the latest beta? or is it something on my end? if so, how can remedy this?

The problem is fixed but you are not using the new Behavior Blocker files yet. Only applications that are started after installing the update are using the new files. All other applications will continue to use the old files until they are restarted.

So just reboot to make sure all applications are using the newest Behavior Blocker files.

Share this post


Link to post
Share on other sites

The problem is fixed but you are not using the new Behavior Blocker files yet. Only applications that are started after installing the update are using the new files. All other applications will continue to use the old files until they are restarted.

So just reboot to make sure all applications are using the newest Behavior Blocker files.

thanks, i rebooted and everything seems like it is working (at least it says it is "on") now without a cpu drain.

however, it seems that surf protection is not actually working because it is not blocking the hosts that it was before. i have no way of testing the IDS.

Share this post


Link to post
Share on other sites

Been using this for a few days and no problems.

Though, every time i install a program i need to disable A2 to be able to install it. (Specially Antiviruses)

Even if i exclude from protection the file being used it still blocks it. :lol:

Share this post


Link to post
Share on other sites

I had a problem when resuming from Hibernation this morning, see attachment. After clicking OK on the application error box the pc froze and had to do a reset, so couldn't get to send or examine the bug report.

I notice there was an update ready to apply so maybe this will not occur with v5.0.028, now restarted after the update so will keep an eye on it.

Share this post


Link to post
Share on other sites

Another bug:

After installed the beta, windows right click menu is damaged (blue bars appear) as shown below:

53536d1265921230t-right-click-menu-display-problem-ads-z.jpg

This appears when I right click on a file (.exe, .jpeg, ...). There is no problem when right click on desktop. By the way OS is Win7 Ultimate x64. English version of the right click menu is as follows:

Open

Print

Create PDF and Bitmaps using PDF creator

open with

----------

Share with

Scan selected files with avira

add to archive

and regular winrar stuff

jetaudio

----------

load previous versions

----------

send

----------

cut

copy

----------

create shortcut

delete

rename

-----------

properties

  • Upvote 1

Share this post


Link to post
Share on other sites

I wanna submit or add to whitelist via popups.

Agreed, a good idea. However, I eventually had to exclude two programmes after "allow" did nothing of the kind. AM believed cudart.dll, part of the nvidia graphics package, to be a component of a trojan. Sorry, didn't note the name, but I have submitted all files for inspection (and hopefully addition to the whitelist).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.