Jump to content


Photo

Kaspersky Anti-virus Self Defense causing A-A to abort?


  • This topic is locked This topic is locked
7 replies to this topic

#1 c.haslam

c.haslam

    Member

  • Members
  • PipPip
  • 13 posts

Posted 22 March 2010 - 03:12 PM

See topic 27735 for the history with A-A 8.1. As suggested there, I removed 8.1 and installed 8.0.7 (Anniversary Edition). I avoided updating the program (and DLLs) by denying ZoneAlarm permission to access the Lavasoft server. I verified that the A-A program had not been updated: all files in the E:\Program Files\Lavasoft\Ad-Aware tree are all dated before today: the latest is dated 2009-07-03. I downloaded core.zip and extracted core.aawdef to E:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs .

When I tried to do a full scan, A-A aborted after about 10 seconds.

As in topic 27735, the event viewer showed Error 7031:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 2010-03-22
Time: 10:04:23
User: N/A
Computer: JOSIE
Description:

The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

The log in Kaspersky Antivirus is interesting: it shows "2010-03-22 10:04:04 Process (PID 700) tried to access Kaspersky Anti-Virus process (PID 1644), but the action has been blocked by the Self-Defense component. No action on your part is required." The time of the event checks with when I tried to run the scan. I conclude that KAV is causing A-A to abort.

Going back through the log, I see the same entry in the log (with different PIDs) on the date when I tried scanning with A-A 8.1.

This info may help Lavasoft developers. I'm not sure it helps me, because I don't want to lose KAV's Self Defense.

Any suggestions?

...chris

Edited by c.haslam, 22 March 2010 - 03:21 PM.


#2 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 22 March 2010 - 04:33 PM

A similar thing happened with Symantec/Norton products' Tamper-Protection feature. You can test it by temporarily disconnecting from the internet and disabling Kaspersky Self-Defense to see if Ad-Aware completes a scan. If that solves the problem, you'll need to do it every scan unless Kaspersky chooses to fix it.

Kaspersky used to detect/delete an Ad-Aware file, and it took a month for them to remove it from their definitons. It took even longer for the Norton v. Ad-Aware conflict, which Lavasoft fixed with version 8.1.2. With version 8.2.1, Ad-Aware simply turns off Ad-Watch when it detects other security software.

Basically, it's gotten to the point where you have to choose security software carefully for compatibility. It's always been advised to run only 1 resident/real-time protection, but it's more complicated now with tamper-protection/self-defense features.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#3 c.haslam

c.haslam

    Member

  • Members
  • PipPip
  • 13 posts

Posted 22 March 2010 - 07:18 PM

I tested by engaging Internet Lock in ZoneAlarm and Pausing Protection in KAV. A-A still aborted after about 10 seconds (without showing that it had scanned any files).

I also tested by engaging Internet Lock in ZoneAlarm and disabling Proactive Defense in KAV. A-A still aborted after about 10 seconds (without showing that it had scanned any files).

So it didn't solve the problem. Strange!

#4 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 23 March 2010 - 02:41 AM

When you removed 8.1, they had just released 8.1.2 - maybe you could try it again since they upgraded through 8.1.4. Not sure what the problem is, but it's two-fold since it still crashed w/o Kaspersky defense. You can try a right-click context menu scan of a small folder just to see if it will finish. Also, you can setup a profile scan to check 1 area at a time to determine which one causes the crash.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#5 c.haslam

c.haslam

    Member

  • Members
  • PipPip
  • 13 posts

Posted 23 March 2010 - 05:58 AM

I did a scan of a small directory on my data drive H: via the Context Menu. Worked AOK. I then did the same for a tree on this drive. A-A scanned 8600 files in 5 minutes AOK.

I will try installing the latest version of A-A.

...chris

#6 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 23 March 2010 - 08:08 AM

Just remember that 8.2.1 may turn of Ad-Watch automatically if it detects Kaspersky. It turns off Files Protection in Plus/Pro, not sure if it turns off Processes Protection in the Free version.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#7 c.haslam

c.haslam

    Member

  • Members
  • PipPip
  • 13 posts

Posted 25 March 2010 - 04:56 AM

I think I have reached the end of the road with Ad-Aware for the time being.

I uninstalled A-A 8.0.7, accepted reboot, installed 8.2.1, rebooted. A_A took minutes to load. At the main window, clicked on Scan System. After 10 minutes of high CPU activity I closed A-A. I ran A-A from the Desktop icon, clicked on Advanced mode. Clicked on Scan, then Scan Now. A-A aborted after 7 seconds. KAV showed usual detection; event viewer showed usual Errror 7031.

A-A is not on Context Menu.

About shows v.8.2.1

#8 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 25 March 2010 - 10:44 AM

I wish I knew why some installations cause high CPU usage. It was more frequent with older versions, there are less complaints now so I don't know if some things were fixed or people gave up. Well, as I said, it's gotten to the point where you need to choose carefully now that security programs attack each other, LOL. I've heard good things about Malwarebytes (MBAM) and MS Security Essentials, maybe that will work alongside Kaspersky.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users