Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Rekrul on February 08, 2020, 01:59:29 AM
-
I do NOT have any automatic scans set. Avast is not set to take any automatic or scheduled actions other than updating the virus definitions. So why the hell does it SNOOP through all the files on my C: drive at least once a day???
Over the course of 2-3 minutes, Process Monitor caught Avast making over a million accesses to my C: drive. A small sampling of the files that it accessed;
C:\Program Files\URUSoft\Subtitle Workshop\Langs\Galego.lng
C:\Program Files\SumatraPDF\SumatraPDF.exe
C:\Program Files\Total Uninstall\Zeckensack's Glidewrapper 084c.tun
C:\Program Files\GIMP 2\share\gimp\2.0\help\en\images\filters\examples\color-taj-vinvert.jpg
C:\Program Files\Haali\MatroskaSplitter\uninstall.exe
C:\Program Files\Games\DarkXL\DarkXL\CoreWeapons_Mortar.as
C:\Program Files\Games\Eidos\Core\TOMBRAID\LEV0_3.3DF
C:\Program Files\Games\LucasArts\MotS\Resource\VIDEO\S5L3ECS.SAN
C:\Program Files\Games\Microsoft Games\Halo\CONTROLS\controls.dll
C:\Program Files\Handbrake\Caliburn.Micro.dll
C:\Program Files\Icon Snatcher\help\search.html
C:\Program Files\Ahead\Nero\NeEm2a.dll
C:\Program Files\IZArc\Skins\Kde-linux.bmp
C:\Documents and Settings\All Users\Start Menu\Programs\HECI
C:\Documents and Settings\All Users\Application Data\Adobe Systems, Inc Shared
C:\Documents and Settings\NetworkService\Application Data\Adobe Shockwave Player 12.0 Software
If there are no automatic or scheduled scans set, why is it looking at these files? Is it snooping through my drive for information it can sell to advertisers?
-
You do realize it's an antivirus that scans things on-access? It doesn't have to be you executing or accessing the files. It can be Windows search, prefetch, Steam client doing updates, numerous things. avast! just intercepts access events and scans said files. There is nothing evil behind it and every antivirus will behave the same minus certain differences because they don't scan same scope of files and in exact same way.
-
Rej hit the nail on the head here.
I work in the (security) industry, and this is exactly what Avast! is doing, on-access scans. There is nothing abnormal about this activity. You'd be hard-pressed to find any reputable anti-virus that doesn't implement OAS. This activity is prevant in the Enterprise space as well. Applications like McAfee (ePO) will have OAS for emails, file access, downloads etc.
McAfee OAS: https://docs.mcafee.com/bundle/endpoint-security-10.5.0-threat-prevention-product-guide-epolicy-orchestrator-windows/page/GUID-5A870D4E-FFBB-4F32-866E-A0F26F327501.html
BitDefender OAS Troubleshoot > https://www.bitdefender.com/support/troubleshoot-on-access-scanning-in-bitdefender-endpoint-security-tools-for-linux-2329.html
Trendmicro >> https://docs.trendmicro.com/all/ent/tms/v2.5/en-us/tmtm_2.5_olh/on-demand_scan.htm
Kaspserky >> https://help.kaspersky.com/KS4Sharepoint/9.2/en-EN/72194.htm
-
The Coronavirus isn't the only new virus out there.
New security breaches happen constantly. The only way to stay protected,
is for your AV to scan and have access to every part of your system.
-
Bob, are you talking about the newest Coronavirus? Because 2019-nCoV is NOT SARS. The SARS infection happened back in '03, the newest one is yet to be officially named to my knowledge.
They're related, but not the same.
-
Bob, are you talking about the newest Coronavirus? Because 2019-nCoV is NOT SARS. The SARS infection happened back in '03, the newest one is yet to be officially named to my knowledge.
They're related, but not the same.
Thanks, I've corrected my post. :)
-
You do realize it's an antivirus that scans things on-access? It doesn't have to be you executing or accessing the files. It can be Windows search, prefetch, Steam client doing updates, numerous things.
I don't have Steam or anything else installed that should be scanning my drive. Windows search shouldn't be doing anything on its own.
avast! just intercepts access events and scans said files. There is nothing evil behind it and every antivirus will behave the same minus certain differences because they don't scan same scope of files and in exact same way.
If Avast is just intercepting some other process scanning my drive, why doesn't that process show up in Process Monitor alongside Avast?
-
You do realize it's an antivirus that scans things on-access? It doesn't have to be you executing or accessing the files. It can be Windows search, prefetch, Steam client doing updates, numerous things.
I don't have Steam or anything else installed that should be scanning my drive. Windows search shouldn't be doing anything on its own.
avast! just intercepts access events and scans said files. There is nothing evil behind it and every antivirus will behave the same minus certain differences because they don't scan same scope of files and in exact same way.
If Avast is just intercepting some other process scanning my drive, why doesn't that process show up in Process Monitor alongside Avast?
You missed the point of Rej's clarification. Any time you open a file (images, exes, doc(x), ppt(x), etc) Avast! will scan it do make sure it's not doing anything malicious. Evidently, you don't know why Avast! would chose to scan documents... so let me point you in the right direction. Emotet, quite possibly the most prevalent piece of malware is spread using an exploitation in word documents. It's highly effective, extremely dangerous, and unfortunately for most users, they'd never think "Oh, that PNG or DOCX file could contain malware!".
https://blog.malwarebytes.com/detections/trojan-emotet/
The United Nations (yes, the UN) was recently hit with a cyber attack using none other then Emotet. Last confirmed report I had indicated 40+ core servers compromised in the attack.
https://www.forbes.com/sites/daveywinder/2020/01/30/united-nations-confirms-serious-cyberattack-with-42-core-servers-compromised/#ad03cb3633da
That is why Avast! is scanning documents/exe/images/dlls that are opened. This is perfectly normal behaviour for any antivirus. In fact, I'd say if it WASN'T doing it, I'd be suspicious.
-
You do realize it's an antivirus that scans things on-access? It doesn't have to be you executing or accessing the files. It can be Windows search, prefetch, Steam client doing updates, numerous things.
I don't have Steam or anything else installed that should be scanning my drive. Windows search shouldn't be doing anything on its own.
avast! just intercepts access events and scans said files. There is nothing evil behind it and every antivirus will behave the same minus certain differences because they don't scan same scope of files and in exact same way.
If Avast is just intercepting some other process scanning my drive, why doesn't that process show up in Process Monitor alongside Avast?
I just gave those as an example. Also Windows Search DOES things on its own. It's called Search Indexing. Processes are also often nested where you need to expand them to see what's really running. It can be bunch of things that trigger scanning. It can be Search Indexing, thumbnail generation or preview generation, updates, god knows what, it's hard to tell as there is always a lot going on inside OS. It could even be OS triggered event that invokes scanning. I can just say for certain it's nothing bad. All antiviruses do this. It's literally their job to keep an eye on files. Old days of daily scrubbing of drives with manually started scans are long gone, real-time scanning does that job done in, well, real-time as changes happen.