Jump to content
Hunter03

No Real Time Protection Alert Window

Recommended Posts

In Preferences Real Time Notification, I have both the 'Alert Window and Play Sound' checked if 'Potentially Harmful Application is Found'. However, I never the the alert window or hear a sound. Why don't I see an occasional alert window or hear a sound?

Share this post


Link to post
Share on other sites

In Preferences Real Time Notification, I have both the 'Alert Window and Play Sound' checked if 'Potentially Harmful Application is Found'. However, I never the the alert window or hear a sound. Why don't I see an occasional alert window or hear a sound?

Hi Hunter.

It would normally mean that SAS is simply not detecting anything malicious in real time.

Share this post


Link to post
Share on other sites

hunter, you can test to see if SAS is functioning properly, if you want to..

i would use the "trojansimulator" to test SAS, but you could use the "eicar.com" test file, as well..

to test SAS download either the "trojansimulator" or the "eicar.com" test file and doubleclick on them to try to run them.. SAS, with its realtime-protection, should flag the file and block it from running, and you will see an "alert" pop up saying that SAS has blocked the file from running..

here are links for the "trojansimulator" and the "eicar.com" test file:

http://www.misec.net/trojansimulator/

http://www.eicar.org/anti_virus_test_file.htm

Share this post


Link to post
Share on other sites

Hi,

I downloaded the Eicar.com (68 bytes) just after I disabled ALL the avast shields and S.A.S. real time protection never warned about it when I tried to run it, not so with the Trojan simulator that made SAS to pop the warning window, go figure :shock:

hunter, you can test to see if SAS is functioning properly, if you want to..

i would use the "trojansimulator" to test SAS, but you could use the "eicar.com" test file, as well..

to test SAS download either the "trojansimulator" or the "eicar.com" test file and doubleclick on them to try to run them.. SAS, with its realtime-protection, should flag the file and block it from running, and you will see an "alert" pop up saying that SAS has blocked the file from running..

here are links for the "trojansimulator" and the "eicar.com" test file:

http://www.misec.net/trojansimulator/

http://www.eicar.org/anti_virus_test_file.htm

Share this post


Link to post
Share on other sites
I downloaded the Eicar.com and S.A.S. real time protection never warned about it when I tried to run it

hey diazruanova.. you probably have "NTVDM" disabled, on your computer.. the eicar.com test file will not run when "NTVDM" is disabled and that is why SAS did not flag it when you tried to run it..

here is a link to a related MS technet article, where it mentions disabling "NTVDM" as a workaround:

http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx

i also have "NTVDM" disabled, on my computer.. on my computer, running win xpsp3-home, i use this regkey to disable "NTVDM":

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]

"VDMDisallowed"=dword:00000001

Share this post


Link to post
Share on other sites

Hi redwolfe,

Shouldn´t in this case, avast do not detect Eicar either?

___________________________________________________________

hey diazruanova.. you probably have "NTVDM" disabled, on your computer.. the eicar.com test file will not run when "NTVDM" is disabled and that is why SAS did not flag it when you tried to run it..

here is a link to a related MS technet article, where it mentions disabling "NTVDM" as a workaround:

http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx

i also have "NTVDM" disabled, on my computer.. on my computer, running win xpsp3-home, i use this regkey to disable "NTVDM":

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]

"VDMDisallowed"=dword:00000001

Share this post


Link to post
Share on other sites

Hi redwolfe.. Shouldn´t in this case, avast do not detect Eicar either?

hey :) after taking a second look at your post, i am editing my reply.. no.. the explanation is that avast's "guard" will flag files "on access".. SAS's guard only flags files "on execution".. so avast's "guard" will flag the eicar.com test file just by "mousing over the file", without executing it.. SAS's "guard" will not flag the file unless it is executed..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...