Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: alecj on August 27, 2012, 03:29:14 PM

Title: Where can I find the behaviour shield log?
Post by: alecj on August 27, 2012, 03:29:14 PM

I'm a new user still finding my way around.  I've looked in the user manual, program help and searched the forum but cannot find whether there is a log of behaviour shield events, is there one?

Last night avast popped up a supicious program (I assume behaviour shield reported this) that was rundll32 executing from my local settings\temp directory. 

I was considering uploading the file to some analysis site that I'd googled across when it the file disappeared (deleted).   Googling this I've found some virus descriptions with rundll32 running in user\local settings\temp, but none of the other indicators / virus symptoms they describe exist on my system - registry keys, other files, etc.

In behaviour shield-->show traffic history-->today I see an event but it doesn't specify what it was.  Is there anywhere I can look to see how many times this particular event has occured?
thanks
a

Title: Re: Where can I find the behaviour shield log?
Post by: DavidR on August 27, 2012, 03:49:46 PM

It is here C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\BehaviorShield.txt (winXP) or C:\ProgramData\AVAST Software\Avast\report\BehaviorShield.txt (Vista, win7), this is likely to be a hidden folder unless you have previously changed the folder options to show hidden files and folders.

Title: Re: Where can I find the behaviour shield log?
Post by: alecj on August 28, 2012, 07:52:10 PM

Thanks DavidR

Still only the one event there but I'll be keeping an eye on it

Title: Re: Where can I find the behaviour shield log?
Post by: alecj on August 28, 2012, 08:36:50 PM

I have an event showing in the behaviour shield traffic history at 7pm today but no entry in the behaviour shield log.  The original event from a few days ago is there and a start up banner from each PC reboot.

Is there any other way to find out what the shield traffic history event was?

Thanks
A

Title: Re: Where can I find the behaviour shield log?
Post by: DavidR on August 28, 2012, 09:17:39 PM

I don't find a whole lot on my XP systems, mainly because I uncheck the 'Monitor the system for unauthorised modifications' as my firewall and WinPatrol Plus cover that also.

Personally I wouldn't even bother trying to track it down as it isn't an issue of it being malicious, just that it was initially considered suspicious, so should have been further analysed, if it were malicious then there should have been an avast alert to the screen.

I tend to keep my nose out of the logs (not that interesting/exciting) I only consider it worthwhile checking if avast actually alerts, which for me is highly unlikely, normally only happens when I'm checking something out for the forums.