On Access Scanner - not working?

I have had CAVS beta 2 installed for a while now, and have only just decided to investigate some of the menus.

I have noticed when i go to the reports tab, i can choose ‘on access scan’ and its empty! however the ‘on demand scan’ has entries in its report log.

i have checked the settings for the ‘on access scan’ and there are no exclusions listed. Heuristics is enabled and set to the default value and ‘file types to scan’ is set to selective (with the default list of extensions)

in an aid to investigate whether the problem was just a logging issue, i downloaded the ‘virus’ “eicar.com” from “www.eicar.org”.

once downloaded, i ran an ‘on demand scan’ and CAVS detected the virus… so thats good.

i then ran the program, “HIPS Application Control Alert” popped up and questioned as to whether I wanted to run the program. when selecting ‘allow’ the program proceeds to run with no intervention from the ‘on access scanner’ or similar, i checked the report logs and they were empty, and then checked the ‘selective files list’ to make sure the .com extension was selected, which it was.

my question is… is my on access scanner actually working? as it does not detect “viruses” when they are loaded into memory as the program is run.

any help would be appreciated.


well by the number of people reading and not replying, i guess nobody else knows either. regardless, it appears that a recent update to CAVS has resolved the issue.

the ‘on access scan report’ only shows infected objects ( the eicar file ) and the recent update now has CAVS stepping in every time i open the folder containg ‘eicar.com’ file and quarantining it.

so whatever the problem was it appears to me that the on access scanner is detecting objects ok and the report only shows infected objects./