Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: streetwolf on June 23, 2008, 06:36:10 PM
-
At the moment all I have running is the standard shield. I am only scanning executables. Why then does Avast scan such files as .ico, .db, and index.dat to name a few? The .ico are a few favicons in my TIF. The db files are in my AppData. As far as I know these are not executables? I put them on the exclude list to no avail.
What's the story?
-
You can reduce the protection (and increase performance) a little by disabling the open/created/modified files to be scanned into the Standard Shield settings.
-
That's the thing, I am not using any open/modify/creation resident scanning. Strictly executable resident scanning. Yet It scans non executable files. I don't think it's all non executables, maybe just particular system stuff like index.dat. I even see it scanning jpegs.
Another 'weird' occurrence is that I use Stardock's objectdock as my program launcher and I have an icon that contains shortcuts to my favorite programs. When I click on the icon the real program executables get scanned when the list of programs appears on a drop down menu. The programs are not being executed at this time. What's up with this?
Sure seems that even though I do not have anything enabled except executables opens/modifies/creations are being scanned in some cases.
Here's some files that get scanned. They tend to happen as i exit an application. In this case it was IE7.
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Streetwolf\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\Streetwolf\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\Streetwolf\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008062320080624\index.dat
-
Do you mean you've edited these settings?
-
Those are the ones. Everything is unchecked.
I get all kinds of files scanned. I did manage to place a few on the exclude list and they do work.
Here are some more files being scanned by the resident scanner:
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
C:\Windows\Prefetch\AgAppLaunch.db
C:\Windows\System32\wbem\repository\INDEX.BTR
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
C:\Windows\System32\wbem\repository\OBJECTS.DATA
C:\Windows\System32\wbem\repository\MAPPING1.MAP
C:\Windows\System32\wbem\repository\MAPPING2.MAP
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
C:\Windows\System32\winevt\Logs\Security.evtx
C:\Windows\System32\winevt\Logs\System.evtx
C:\Windows\System32\winevt\Logs\Antivirus.evtx
C:\Windows\System32\winevt\Logs\Application.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
C:\Windows\System32\winevt\Logs\OSession.evtx
C:\ProgramData\Ad Muncher\Registration.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LDMOTB\weather_data_v2b[1].xml
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
C:\Users\Streetwolf\AppData\Local\Temp\ppcrlui_3212_2
C:\Users\Streetwolf\AppData\Roaming\Microsoft\Protect\CREDHIST
C:\Users\Streetwolf\AppData\Local\Temp\Streetwolf.bmp
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
-
You're right, this is indeed reproducible here... We'll find out what the problem is, and fix it in the next program update.
BTW I _think_ it will be related to the new scanning mode introduced recently which takes care of scanning of "orphaned" memory-mapped files on close.
Thanks
Vlk
-
Always happy to help.