Jump to content

DIVERSE

Members
  • Content Count

    59
  • Joined

  • Last visited

About DIVERSE

  • Rank
    Candidate

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Um, no. And it's become quite confusing now! I realise you were trying to help, but I think you need to move my post of Saturday, 22 December 2018 at 03:10 PM back to its original location at topic/401103-extremely-annoyed ... by FURRYHUSKY1000. (And, I suppose, the subsequent two/three replies.) After all, I was responding to FURRYHUSKY1000's thread title. Just to be clear, the rebooting problem alluded to (and very briefly described) in my post of Saturday at 03:10 PM was of automatic forced rebooting after using KIS to update a third-party software application. Not connected to the thread at topic/404186-kis-spuriously-asks- ... by DIVERSE which relates to a message warning the user (me) that I should — at my convenience — perform a reboot in order to complete a disinfection (of some unspecified file). The most likely conclusion is I never posted about the forced rebooting problem previously, despite my hazy recollection that I had done. —DIV P.S. Even if those two things had been related, it would have made more sense to me not to move my post, but merely to reply with a suggested link.
  2. Hi, richbuff. You're 100% right that this is a problem afflicting a multitude of software applications. In many of those, as per the tenor of your email, the issue is either not even noticed or else mildly irritating. Those situations include most activities with durations of seconds or minutes, like: updating databases (takes about 10 to 60 seconds); running a Quick Scan (takes about 1 to 10 minutes); installing Kaspersky Internet Security from scratch (takes, maybe, 5 to 15 minutes?). Most users will be familiar with progress bar inaccuracies, and don't really care whether the database update is predicted to take 23 seconds, but actually takes 46 seconds — or vice versa. Similarly with the other two examples: 2 minutes and 10 minutes are pretty different, but (with experience) most users are simply prepared that the tasks will take 'a few minutes', regardless of what the progress bar says. The situations where it becomes a seriously problematic bug are when dealing with activities that have durations of hours and days. For example: the Full Scan I recently performed with KIS that took more than sixteen hours; another user was waiting more than four days for their Full Scan to be completed (using KTS). In my case, after about 8½ hours into the scan, KIS was reporting that about another ½ hour would be needed to complete: that is, a total of about 9 hours. Now, you would think after so many files had been scanned there'd be quite a lot of data to make a 'ballpark' estimate. But instead of the predicted ½ hour remaining, there was actually more like 9 hours remaining in reality. Nobody can say that's 'in the ballpark', and it is against any reasonable expectation. Even worse, after 10 hours into the scan, I was continuously being shown that the scan was "99%" complete, and "less than a minute" was remaining. I was literally sitting there watching it, thinking it'd be over in somewhere between 0 and 10 minutes — because I allow a pretty broad tolerance on what a prediction of "less than a minute" might mean in reality. But when a prediction of < 1 minute remaining is displayed while there was actually more like 7 hours remaining in reality, then that is a major problem for users! I realise there are a lot of high priorities for the software developers, and this can be considered lower down the list. But I can be confident that if the user experience is entirely neglected then the customers will just turn elsewhere: as expressed by aaronmefford regarding McAfee in 2013: "I need your protection, but not at the expense of productivity." Not only that, but IT professionals will stop recommending products that cause inconvenience, as alluded to by the same user in the abovementioned post, and here's a slightly less pertinent example. If Kaspersky cannot get the time estimate right, then just don't show the time estimate, but rather simply enumerate the files scanned and the user can see that the application hasn't frozen. (But still report the actual duration at the end.) It could be advantageous if Kaspersky could show both the number of "unzipped files" and the number of "not-unzipped files" scanned. Users can more easily find out the number of not-unzipped files on their HDD, and hence will see how many have already been scanned, and thus know how many remain. The number of unzipped files would require knowing how many elements were contained inside each installer, each archive, etc., which is quite difficult to know in advance. Better yet, Kaspersky could also show in real time the total number of bytes (or MB, or GB) worth of files scanned, because it is usually quite easy for users to find how much disk space their files are consuming.
  3. By the way, for me personally I would probably be scanning each of the individual disks (one[?] internal HDD and three external HDD's) separately. That way you have more control to get one disk scanned, and then do some hard-core computing (gaming, simulation, ...), or surf the internet et cetera, or maybe even just turn off the computer and go to bed. When you've got those things done, you can then scan another disk, and so forth. [Yes, AV scans do work in the background, but they are also disk-intensive, and can be CPU-intensive, and it becomes wore if the user is regularly reading and writing to disk while the scan is happening.] Another benefit is that after running the scan to completion for one disk, you'll have your own empirical estimate of how long the scan takes on your system, and hence roughly how much time to allow for scanning each of the other disks. And, finally, you'll have a better ability to figure out whether one particular disk (or type of disk, or type of file) is causing problems. Debugging: if you cannot complete a scan of even one single HDD within 24 hours, say, then try scanning individual folders to figure out (i) time required and (ii) any source of slowdown.
  4. Slightly off-topic: it seems KIS is not the only AV product where application/engine upgrades are not always quickly pushed out to users — it was also reported with McAfee (albeit from 5 years ago).
  5. BTW, I was a little lazy — or out of time! — to check the details of the "Parse email formats" setting myself. I've since had a scout around online, and the information I saw is both old (try over ten years old!) and not very encouraging about enabling it! 15045-question-about-the-parse-email-formats-option 78411-parse-e-mail-formats-causing-full-scan-to-take-8-hours/ On the other hand, in 2011 there was one indication that perhaps it wasn't always a terrible idea to enable this functionality, and it could be tolerated in a Custom Scan (which doesn't exist by that name in the 2019 version of KIS). It kind of aligns with an idea I had for this setting, which is that it might be suitable to run once, on-demand, while the email browsing client is turned off.
  6. No worries, I learned a lot too :-) I am happy to leave the information here, and others may then add to it, or maybe get some pointers too. Thanks for all your suggestions, plb4333!
  7. This is the recommended setting, by the way: http://kb.mozillazine.org/Download_each_e-mail_to_a_separate_file_before_adding_to_Inbox It should cause each email to be saved first to a separate file before agglomerating it with the Inbox.
  8. One more Thunderbird link: http://kb.mozillazine.org/Antivirus_software
  9. See also these settings in KIS 19: Settings > Additional > Network settings > Mozilla Firefox and Thunderbird ☑ Scan secure traffic in Mozilla applications If secure traffic scan is enabled, access to websites via the HTTPS protocol may be blocked. ⊚ Use Windows certificate store (recommended) ◯ Use Mozilla certificate store The certificate must be installed manually Note the comment at the first option: "If secure traffic scan is enabled, access to websites via the HTTPS protocol may be blocked.". Of course, not having this option selected seems to decrease protection from any threats arising on HTTPS websites, which seems to account for about half the internet these days.
  10. I have identified the following email-related settings in my installation of KIS Settings > Additional > Network settings > Mozilla Firefox and Thunderbird ☑ Scan secure traffic in Mozilla applications If secure traffic scan is enabled, access to websites via the HTTPS protocol may be blocked. ⊚ Use Windows certificate store (recommended) ◯ Use Mozilla certificate store The certificate must be installed manually Settings > Scan > Advanced Settings > Full Scan settings > Additional Settings > Scan of compound files ☑ Scan archives ☑ Scan installation packages ☑ Scan OLE formats ☐ Parse email formats ☐ Do not unpack compounds larger than x MB Settings > Scan > Advanced Settings > Quick Scan settings > Additional Settings > Scan of compound files ☐ Scan archives ☐ Scan installation packages ☑ Scan OLE formats ☐ Parse email formats ☐ Do not unpack compounds larger than x MB Settings > Scan > Advanced Settings > Selective Scan settings > Additional Settings > Scan of compound files ☑ Scan archives ☑ Scan installation packages ☑ Scan OLE formats ☐ Parse email formats ☐ Do not unpack compounds larger than x MB I am not sure about the "Parse email formats" setting, which is not ticked for any of them. As you know, KIS was still able to pick up a few of the incoming email attachments last month with the above settings in place. I am a little reluctant to change it now, without knowing exactly what it will do. As per my posts from yesterday, I don't want it to lock up my system by trying to scan a file of a gigabyte or so in size every time a new email comes in, or I read/move/delete/write an email. Nor do I want an entire set of emails to be deleted due to the contamination of 'one bad apple'. The latter three groups of settings are respectively for Full, Quick and Selective Scans. In other words, the ad hoc user-initiated, on-demand scans. I am guessing that External Device Scan would follow the settings of Full Scan. What settings get used for the automatic, behind-the-scenes scans, triggered by things like trying to open/view/copy/execute/read a file? I can't see any explicit settings for these. And how about the automatic on-idle scans? And the automatic Rootkit scans? —DIV P.S. In regard to the first group of settings, maybe this also relates a little to the issues some users have had viewing HTTPS websites in SeaMonkey and Firefox.
  11. As far as I understand, "Maildir" here is referring to a 'protocol' for storage of email messages. In a broadly similar way to DOCX being a 'protocol' for storage of a bunch of word-processing objects (within a zipped archive, in that case). Maybe 'protocol' is not the best word: maybe 'standard' or 'format'. I am inclined to say 'protocol' for Maildir, because it dictates the storage of multiple (separate) files. Unlike, say, BMP as a file format, which only specifies what happens in a single file. It is not referring to a particular directory/folder. (Just to add to the confusion, if the Maildir protocol is adopted, then often — but not always — the relevant 'home' directory will indeed be called "maildir" or "Maildir". But that is maybe kind of like deciding to save all of your reports in a folder called "Word" — i.e. it is intuitive & reasonable, but not required.) Some other links and comments about Maildir were provided in my post of 13 November, above. —DIV
  12. Apparently getting anti-virus software and email clients to 'play nice' together is often fraught. As noted by aaronmefford (in relation to McAfee): "This is a problem with real time scanning, there is no effective way to real time scan very large files that are frequently edited." So I guess any email client (not 'in the cloud') is likely to be subject to this if they store emails lumped into one big aggregate (or a few), rather than one-or-more files per email (more than one if they have attachments or embedded stuff). There are mixed messages on whether Kaspersky is entirely compatible with Thunderbird — along with numerous other packages. https://wiki.mozilla.org/Thunderbird:Testing:Antivirus_Related_Performance_Issues http://kb.mozillazine.org/Thunderbird_:_FAQs_:_Anti-virus_Software I guess we might say it's 'generally' compatible, but maybe not quite 'perfect'. I will check for relevant KIS settings next.
  13. I cannot find one. Through the main menu: Options > Options, in the GUI that comes up the only thing that looks vaguely relevant is under the Security group of options, on the Anti-Virus tab, there is a setting for "Allow anti-virus clients to quarantine individual incoming messages". I have it ticked. [Better than taking no action, or deleting the entire Inbox!] I also searched through the about:config preferences accessed via the Config Editor ( Options > Options > Advanced > General ). I searched for "scan", "anti", "virus" and "malw", but I didn't find anything relevant. I also did a very rough-and-ready online search, that didn't turn anything up about that sort of option in Thunderbird.
  14. Could be. BTW, there's a typo in the "EXAMPLE" in my post at the top of this thread: "50% complete (50001/10002)" should have read "50% complete (5001/10002)" — the 5001 is from 4999 + 2.
  15. Hi, plb4333 & all. It appears I may have been a trifle hasty in my previous report of 'success'. To recap: I am getting regular spam emails, with malicious attachments, that are 'obviously' (to a human) from the same source, albeit in different guises. Previously KIS never detected the threats contained in the attached files when I use the Thunderbird email client. KIS would only detect them if I 'did something with the email' — in my case, it was just to go through the motions of clicking "Forward", which apparently causes the attached file to be temporarily copied/written to a temp folder on its own. By changing "mail.server.default.fetch_by_chunks" to false in Thunderbird's preference settings, KIS 19 was indeed able to successfully detect the threats in the next few incoming spam emails. But since then there have been a dozen or more of these malicious spam emails coming in, with KIS not finding the threats in the attachments. (Unless I 'do something' with the email, as in preparing to forward it to someone.) For the record, here is one that was missed, in an email received on 08 November 2018: 22.12.2018 16.00.37;Object (file) detected;C:\Users\[username]\AppData\Local\Temp\nsmail-1.doc//HJwECcZECQ;Thunderbird;C:\Users\[username]\AppData\Local\Temp\nsmail-1.doc//HJwECcZECQ;12/22/2018 16:00:37;Trojan-Downloader.MSWord.Agent.cej 22.12.2018 16.00.45;Detected object (file) moved to Quarantine;[...] 22.12.2018 16.00.45;Detected object (file) disinfected;[...] Exactly the same thing in another email from that day. (I don't want to play around with attachments from more recent emails, given there's more risk there I reckon.) I take your point that it's not actually harmful per se to have infected files sitting around on one's system. But somehow it also doesn't feel comfortable, and also it seems contrary to the way I expect KIS — or any other anti-virus/anti-malware application — to operate. —DIV P.S. These attachments maybe are stored by Thunderbird by default (when "Maildir" is not used) in some binary lump that KIS can't read, so that also the Full Scan I did a few days ago did not pick them up. P.P.S. There are still some other "chunk" settings in the Advanced Configuration preferences of Thunderbird, although most contain "imap" in the name, so I have not changed them. Not sure whether it's possible that they could still be relevant even when POP3 is in use.
×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.