Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: streetwolf on June 23, 2008, 06:36:10 PM

Title: Standard Shield under Pro 4.8-1201. Vista x86 sp1
Post by: streetwolf on June 23, 2008, 06:36:10 PM

At the moment all I have running is the standard shield.  I am only scanning executables.  Why then does Avast scan such files as .ico, .db, and index.dat to name a few?  The .ico are a few favicons in my TIF.  The db files are in my AppData.  As far as I know these are not executables?  I put them on the exclude list to no avail. 

What's the story?

Title: Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
Post by: Lisandro on June 24, 2008, 12:16:37 AM

You can reduce the protection (and increase performance) a little by disabling the open/created/modified files to be scanned into the Standard Shield settings.

Title: Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
Post by: streetwolf on June 24, 2008, 01:40:14 AM

That's the thing, I am not using any open/modify/creation resident scanning.  Strictly executable resident scanning.  Yet It scans non executable files.  I don't think it's all non executables, maybe just particular system stuff like index.dat.  I even see it scanning jpegs.

Another 'weird' occurrence is that I use Stardock's objectdock as my program launcher and I have an icon that contains shortcuts to my favorite programs.  When I click on the icon the real program executables get scanned when the list of programs appears on a drop down menu.  The programs are not being executed at this time.  What's up with this?

Sure seems that even though I do not have anything enabled except executables opens/modifies/creations are being scanned in some cases.

Here's some files that get scanned.  They tend to happen as i exit an application.  In this case it was IE7.

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

• is OK

C:\Users\Streetwolf\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Feeds Cache\index.dat

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008062320080624\index.dat

• is OK

Title: Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
Post by: Lisandro on June 24, 2008, 03:23:19 AM

Do you mean you've edited these settings?

Title: Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
Post by: streetwolf on June 24, 2008, 01:54:04 PM

Those are the ones.  Everything is unchecked.

I get all kinds of files scanned.  I did manage to place a few on the exclude list and they do work.

Here are some more files being scanned by the resident scanner:

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

• is OK

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

• is OK

C:\Windows\Prefetch\AgAppLaunch.db

• is OK

C:\Windows\System32\wbem\repository\INDEX.BTR

• is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx

• is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx

• is OK

C:\Windows\System32\wbem\repository\OBJECTS.DATA

• is OK

C:\Windows\System32\wbem\repository\MAPPING1.MAP

• is OK

C:\Windows\System32\wbem\repository\MAPPING2.MAP

• is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

• is OK

C:\Windows\System32\winevt\Logs\Security.evtx

• is OK

C:\Windows\System32\winevt\Logs\System.evtx

• is OK

C:\Windows\System32\winevt\Logs\Antivirus.evtx

• is OK

C:\Windows\System32\winevt\Logs\Application.evtx

• is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx

• is OK

C:\Windows\System32\winevt\Logs\OSession.evtx

• is OK

C:\ProgramData\Ad Muncher\Registration.dat

• is OK

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LDMOTB\weather_data_v2b[1].xml

• is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx

• is OK

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore

• is OK

C:\Users\Streetwolf\AppData\Local\Temp\ppcrlui_3212_2

• is OK

C:\Users\Streetwolf\AppData\Roaming\Microsoft\Protect\CREDHIST

• is OK

C:\Users\Streetwolf\AppData\Local\Temp\Streetwolf.bmp

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

• is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

• is OK

Title: Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
Post by: Vlk on June 24, 2008, 02:23:54 PM

You're right, this is indeed reproducible here... We'll find out what the problem is, and fix it in the next program update.
BTW I _think_ it will be related to the new scanning mode introduced recently which takes care of scanning of "orphaned" memory-mapped files on close.

Thanks
Vlk

Title: Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
Post by: streetwolf on June 24, 2008, 03:43:36 PM

Always happy to help.