ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Clamwin as Admin
bigdoug


Joined: 07 Nov 2014
Posts: 4
Location: Highlands Ranch, CO
Reply with quote
How do I give administrator privileges to Clamwin in scheduled scans?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
You didn't say what sort of system you have ClamWin installed on, but I have had this same problem on Windows 8.1 Since April 2014. I have tried re-installing ClamWin and running the install program as an admin with no effect--I still get the notice after I do a scheduled scan with the memory scan option ticked to "Please login as an Administrator to scan System processes loaded in computer memory". I think there were some security measures in the Windows patches added in April that disabled an admin scan as default on existing Win 8.1 systems. I also lost Windows Explorer integration with both ClamWin and Clam Sentinel, but Clam Sentinel developer Andrea Russo produced a fix for it. So I think this is something the ClamWin developers must address.

Note: The option to include a memory scan was added long, long ago (before admin execution was needed) in ClamWin with the help of software named ToolHelp, so I think this might be cured by a bit of programming from Sherpya.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Admin rights and explorer integration is working on my Windows 7 64-bit.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
I believe the problem may be with Win 8.1 (maybe on x64), and there probably aren't many people like that who use ClamWin! Perhaps the ClamWin developers are ignoring Win 8/x64--many are until they have to address it. It could be just on machines that upgraded from 8.0 to 8.1 prior to April 2014--my Win 8.1 x64 Surface works fine. Anyway, Andrea Russo fixed Clam Sentinel.

Regards,
View user's profileSend private message
bigdoug


Joined: 07 Nov 2014
Posts: 4
Location: Highlands Ranch, CO
Reply with quote
GuitarBob wrote:
You didn't say what sort of system you have ClamWin installed on, but I have had this same problem on Windows 8.1 Since April 2014. I have tried re-installing ClamWin and running the install program as an admin with no effect--I still get the notice after I do a scheduled scan with the memory scan option ticked to "Please login as an Administrator to scan System processes loaded in computer memory". I think there were some security measures in the Windows patches added in April that disabled an admin scan as default on existing Win 8.1 systems. I also lost Windows Explorer integration with both ClamWin and Clam Sentinel, but Clam Sentinel developer Andrea Russo produced a fix for it. So I think this is something the ClamWin developers must address.

Note: The option to include a memory scan was added long, long ago (before admin execution was needed) in ClamWin with the help of software named ToolHelp, so I think this might be cured by a bit of programming from Sherpya.

Regards,


I am using Win7X64 SP1. I installed with admin privileges. I get "several" like the following -

WARNING: Can't open file \\?\C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx: Permission denied
WARNING: Can't open file \\?\C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job: Permission denied
WARNING: Can't open file \\?\C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job: Permission denied
WARNING: Can't open file \\?\C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7600.16385_none_2d2382534fb0bdfa\dnary.xsd: Permission denied

My guess is there needs to be a toggle or something to allow the user to grant privileges to the AV engine. OR is there a path error that I missed. I used only defaults on the install and my system is on C:

Doug
View user's profileSend private message
bigdoug


Joined: 07 Nov 2014
Posts: 4
Location: Highlands Ranch, CO
Reply with quote
GuitarBob wrote:
I believe the problem may be with Win 8.1 (maybe on x64), and there probably aren't many people like that who use ClamWin! Perhaps the ClamWin developers are ignoring Win 8/x64--many are until they have to address it. It could be just on machines that upgraded from 8.0 to 8.1 prior to April 2014--my Win 8.1 x64 Surface works fine. Anyway, Andrea Russo fixed Clam Sentinel.

Regards,


That may be true but I am using Win7X64. I have no plans to upgrade till Win10.
Doug
View user's profileSend private message
bigdoug


Joined: 07 Nov 2014
Posts: 4
Location: Highlands Ranch, CO
Reply with quote
ROCKNROLLKID wrote:
Admin rights and explorer integration is working on my Windows 7 64-bit.


Did you make any file exceptions?
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Those permission denied files are actually normal. Those are files that the scanner cannot access. All AVs have that issue. You can exclude those files if you do not want them to show up as permission denied in the scanner anymore.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
Yes, your scan report shows that ClamWin could not scan some files that are in use by the system at the time of the scan. As RRK says, this is normal, and you should not be concerned unless you can not scan a file that should not be in use at scan time.

That still leaves me with my non-integration/admin problem on Win 8.1 x64 post 4/30/14. Perhaps it is unique to my desktop system configuration and the cause/solution will eventually be discovered. I have tried an uninstall/reinstall many times. I have integration right after an install until after I restart--when integration is lost. All other AVs/programs placed on my system have integration/system tray operation--even Clam Sentinel after developer Andrea Russo's hard work. Integration only fails with ClamWin, but I am only one user and I have heard no other complaints from users.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Speaking of ClamSentinel, I hope Andrea can update his heuristic engine to reduce the number of false positives (I am not talking about ClamAV either). I notice it seems to detect, not all, but a lot of temp files as suspicious.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
Many developers regard temp files/dll files as unimportant, and they treat them only as a way to get their main program installed/operating. Consequently, they do not document these files properly, they use cheap packers that are often used by malware authors, they tend to heavily pack the files, they put these files in a Windows temp folder instead of their own program folder, and/or they take other actions that are also done by malware authors with regard to their files. Sentinel tries to allow for this to a certain extent, but if it encounters multiple such items, it will detect a file as malware.

Because of such sloppy developers, many software developers used to recommend that a user turn off their antivirus when installing their program, and some still do. I suspect that many AVS are doing something similar to Clam Sentinel to allow for the sloppiness. Some AVs don't even bother with dll files unless they are detected by a real malware signature--not heuristics.

If users care to read the Clam Sentinel Simple Guide that comes with the installation package, they will find some suggestions for reducing false positives. The best advice I can presently give is to download but not install a file, check the file with Virus Total before installation, install the file/program if it is okay, and then turn Clam Sentinel back on. You could just disable the Clam Sentinel heuristic monitor and do a scan with ClamWin only, but I don't trust the ClamWin scan because the Cisco/Sourcefire signatures are bad on false positives and is almost useless on new malware.

There have been some suggestions to Andrea as to how he could reduce false positives. We shall see what action (if any) he takes on this. Each new version of Clam Sentinel gets a false positive check on common Windows x32/x64 programs.

If an AV doesn't detect a false positive now and then, it is not doing its job!.

Regards,

Regards,
View user's profileSend private message
Clamwin as Admin
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic