dantz
join:2005-05-09
Honolulu, HI
 ·Hawaiian Telcom
| reply to hpguru
Re: The Best Free Antivirus Program?
said by hpguru  :No issues with iSwift here. Works great.  If you run at least one full scan of Drive C with iSwift enabled then the so-called NTFS identifiers will be permanently added to your filesystem indexes. (Uninstalling KAV or AVS won't remove them). After this happens, try running CHKDSK on Drive C and see if your system experiences a noticeable delay at the beginning of Phase 2 (or "Stage" 2, if you scheduled CHKDSK to run after a reboot). If you are lucky this is all that will happen, but some people experience worse symptoms.
If you have not yet run a full scan of Drive C and you want to try this, I strongly recommend that you save a fresh image before you do so, as the NTFS identifiers are very difficult to remove from the partition containing the OS. In fact, the simplest way to "remove" them is to restore from a previous image. |
|
clocks11
join:2002-05-06
00000 | I wish I read your post about this sooner. I have the dreaded delay now. It will be a long time before I use anything Kaspersky again. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to dantz
said by dantz :...try running CHKDSK on Drive C and see if your system experiences a noticeable delay at the beginning of Phase 2 (or "Stage" 2, if you scheduled CHKDSK to run after a reboot). If you are lucky this is all that will happen, but some people experience worse symptoms. I just checked. There is indeed a slight delay over what I would expect but nothing serious. I suppose if one makes a habit of watching chkdsk it would seem like it is taking forever but it isn't but just a moment. Besides, when I have occasion to scan my disks, I schedule them, reboot and go do something else for a while.
--
The Gospel of Supply Side Jesus |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| Some people see just a minor delay, others a much longer one. Mine is about 10 minutes at the beginning of Stage 2. Some users have reported not being able to get CHKDSK to run to completion.
For many it is just a minor annoyance, for others it's a deal breaker.
Kaspersky has an excellent reputation, but their unwillingness to acknowledge the problem despite numerous documented cases and complaints is disappointing. ISwift is proprietary technology, so it's not easy for a 3rd party to devise a removal tool. In my opinion, Kaspersky really should step up to the plate and offer a removal tool for those users who are affected by this bug.
In the past they did it for iStreams, why not for iSwift? |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
| Well, according to this thread, if you uninstall KIS or KAV 6 the ISwift goes away, but even they in the forum seem to ignore the issue.
I will play around later and let you folks know.. and if it's true, I will uninstall KIS and go with AVG. I've had it with all these "little" surprises the AV companies play. Sometimes it seems the cure is worse than the disease with these guys...
»forum.kaspersky.com/index.php?s=···ry212917
--
"Who Loves Ya Baby?" |
|
clocks11
join:2002-05-06
00000 | I can say I have uninstalled, and still have the delay. I guess it could be something else, but I doubt it. |
|
dantz
join:2005-05-09
Honolulu, HI
·Hawaiian Telcom
1 edit | reply to StraitShoot
said by StraitShoot :Well, according to this thread, if you uninstall KIS or KAV 6 the ISwift goes away, but even they in the forum seem to ignore the issue. Nope, sorry, that doesn't work. You can uninstall KAV and/or delete the several "fidbox" files, but the so-called "NTFS identifiers" that were added to the NTFS indexes will still remain. If you are getting the CHKDSK lag, you will keep on getting it. If CHKDSK crashes after the lag, it will keep on crashing. To the best of my knowledge, the changes that were done to the NTFS filesystem cannot be undone by merely uninstalling the program and/or deleting the fidbox files.
Here's a link to the main thread on the Kaspersky forum that discusses this issue in greater detail (18 pages and counting):
»forum.kaspersky.com/index.php?sh···ic=14995
You can also search the KAV forums for "chkdsk" and find a few other related threads.
My current thinking about the fidbox files is that they are a database containing copies of the NTFS identifiers, the last scanned dates, the virus definition version in effect when each file was scanned, etc. that is used for comparison purposes, i.e. for each file being scanned, the index value of the NTFS identifier is compared to the fidbox data, then KAV decides how to handle that file. I think that each file's NTFS identifier is also updated or appended during the scan. I'm just guessing at this point, but eventually I will figure it out. I'm continuing to research this issue and will post my results on the main thread. |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| dantz , I think your analysis of these mysterious NTFS identifiers is correct. Here is a link that explains about NTFS "object identifiers" and how they work. Essentially an attribute is added to each file which uniquely identifies it.
»msdn2.microsoft.com/en-us/librar···997.aspx
Here is code which will delete object identifiers:
»msdn2.microsoft.com/en-us/librar···559.aspx
What we need is a simple program that will run that last routine on every file on disk and I think we will have the problem solved.
Antaeogo , that's a separate issue. This CHKDSK problem is not caused by NTFS ADS. There were problems with metadata fragmentation, but this is a separate issue. |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
| reply to dantz
said by dantz :said by StraitShoot :Well, according to this thread, if you uninstall KIS or KAV 6 the ISwift goes away, but even they in the forum seem to ignore the issue. Nope, sorry, that doesn't work. I played with it and you're correct...
Jim
--
"Who Loves Ya Baby?" |
|
HA Nut
Premium
join:2004-05-13
USA | reply to jmorlan
Interesting discussion about KAV 6. I ran it for nearly a year and wondered why CHKDSK ran so slow in comparison to other PCs. Thankfully, mine never froze... |
|
dantz
join:2005-05-09
Honolulu, HI
·Hawaiian Telcom
| reply to jmorlan
said by jmorlan : dantz , I think your analysis of these mysterious NTFS identifiers is correct. Here is a link that explains about NTFS "object identifiers" and how they work. Essentially an attribute is added to each file which uniquely identifies it. » msdn2.microsoft.com/en-us/librar···997.aspxHere is code which will delete object identifiers: » msdn2.microsoft.com/en-us/librar···559.aspxWhat we need is a simple program that will run that last routine on every file on disk and I think we will have the problem solved. Thanks. I'm not too sure that's the appropriate code, but I'll look into it. My focus is centered in the MFT's extended attributes, particularly $Extend\$ObjID:$O, as this area showed extensive fragmentation immediately after running a KAV filescan. |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| There are a number of utilities that can defrag metadata. I have at least two and they both report that my metadata is not fragmented at all. Yet I still have the CHKDSK issue. If it were just a matter of defragging metadata, I think it would be a minor issue with an easy fix.
I believe this issue is different.
We probably should move this discussion over to the new thread. |
|
dantz
join:2005-05-09
Honolulu, HI | I'm not particularly concerned about the fragmentation itself; I'm just using that as a marker to show me which areas are active during a scan, and thus a likely location of the NTFS identifiers. But yes, I'll switch to the other thread. |
|
