Hunter03 Posted August 17, 2010 In Preferences Real Time Notification, I have both the 'Alert Window and Play Sound' checked if 'Potentially Harmful Application is Found'. However, I never the the alert window or hear a sound. Why don't I see an occasional alert window or hear a sound? Share this post Link to post Share on other sites
Seth Posted August 17, 2010 In Preferences Real Time Notification, I have both the 'Alert Window and Play Sound' checked if 'Potentially Harmful Application is Found'. However, I never the the alert window or hear a sound. Why don't I see an occasional alert window or hear a sound? Hi Hunter. It would normally mean that SAS is simply not detecting anything malicious in real time. Share this post Link to post Share on other sites
redwolfe_98 Posted August 18, 2010 hunter, you can test to see if SAS is functioning properly, if you want to.. i would use the "trojansimulator" to test SAS, but you could use the "eicar.com" test file, as well.. to test SAS download either the "trojansimulator" or the "eicar.com" test file and doubleclick on them to try to run them.. SAS, with its realtime-protection, should flag the file and block it from running, and you will see an "alert" pop up saying that SAS has blocked the file from running.. here are links for the "trojansimulator" and the "eicar.com" test file: http://www.misec.net/trojansimulator/ http://www.eicar.org/anti_virus_test_file.htm Share this post Link to post Share on other sites
Diazruanova Posted August 18, 2010 Hi, I downloaded the Eicar.com (68 bytes) just after I disabled ALL the avast shields and S.A.S. real time protection never warned about it when I tried to run it, not so with the Trojan simulator that made SAS to pop the warning window, go figure hunter, you can test to see if SAS is functioning properly, if you want to.. i would use the "trojansimulator" to test SAS, but you could use the "eicar.com" test file, as well.. to test SAS download either the "trojansimulator" or the "eicar.com" test file and doubleclick on them to try to run them.. SAS, with its realtime-protection, should flag the file and block it from running, and you will see an "alert" pop up saying that SAS has blocked the file from running.. here are links for the "trojansimulator" and the "eicar.com" test file: http://www.misec.net/trojansimulator/ http://www.eicar.org/anti_virus_test_file.htm Share this post Link to post Share on other sites
redwolfe_98 Posted August 18, 2010 I downloaded the Eicar.com and S.A.S. real time protection never warned about it when I tried to run it hey diazruanova.. you probably have "NTVDM" disabled, on your computer.. the eicar.com test file will not run when "NTVDM" is disabled and that is why SAS did not flag it when you tried to run it.. here is a link to a related MS technet article, where it mentions disabling "NTVDM" as a workaround: http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx i also have "NTVDM" disabled, on my computer.. on my computer, running win xpsp3-home, i use this regkey to disable "NTVDM": [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat] "VDMDisallowed"=dword:00000001 Share this post Link to post Share on other sites
Diazruanova Posted August 19, 2010 Hi redwolfe, Shouldn´t in this case, avast do not detect Eicar either? ___________________________________________________________ hey diazruanova.. you probably have "NTVDM" disabled, on your computer.. the eicar.com test file will not run when "NTVDM" is disabled and that is why SAS did not flag it when you tried to run it.. here is a link to a related MS technet article, where it mentions disabling "NTVDM" as a workaround: http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx i also have "NTVDM" disabled, on my computer.. on my computer, running win xpsp3-home, i use this regkey to disable "NTVDM": [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat] "VDMDisallowed"=dword:00000001 Share this post Link to post Share on other sites
redwolfe_98 Posted August 19, 2010 Hi redwolfe.. Shouldn´t in this case, avast do not detect Eicar either? hey after taking a second look at your post, i am editing my reply.. no.. the explanation is that avast's "guard" will flag files "on access".. SAS's guard only flags files "on execution".. so avast's "guard" will flag the eicar.com test file just by "mousing over the file", without executing it.. SAS's "guard" will not flag the file unless it is executed.. Share this post Link to post Share on other sites