Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: hostricity on February 13, 2010, 02:55:44 AM
-
I've got Avast 5 Free setup and it is working great.
But, due to the way in which it was installed and some things I did, I don't trust the content in the persistent cache. Now that I understand the various settings, I want to clear the persistent cache so that I can have Avast scan and populate the consistent cache from scratch.
I haven't seen any information about how to clear or reset it and I don't know where it is stored, so the only thing I can think of would be to completely uninstall Avast 5, clean everything up and then reinstall it.
Does anyone know how to clear the persistent cache or where it is stored on a Windows XP 32bit machine?
Thanks.
-
What is it that you don't trust about it ?
I don't believe you have any say in the way it was installed as there aren't any used set options on the install so it should have been setup (but not directly populated, as scans are carried out) normally during installation.
Use persistent caching - if persistent caching is used, the information about
the scanned file is stored in the permanent memory. This means it is not lost
after a system restart and it is also not affected by virus definition updates.
Consequently, persistent caching is suitable only for files which are guaranteed
not to contain any virus infection e.g. operating system files, files signed by
trusted publishers, or other files covered by the avast! whitelist. This box is
checked by default; if you want all files to be scanned regardless of their
trust status, this box should be unchecked.
So given the above information unchecking the option doesn't seem such a good idea and there doesn't appear to be a clear cache option either. So if you really want to clear it that may take a reinstall.
-
I had the detection level set low and add to persistent cache on.
My concern is that stuff was placed in the persistent cache due to low setting that would not have been put there on the higher settings I am now using.
I'll bet that if I could figure out where the persistent cache is stored, I could delete it and Avast would re-create it from scratch. If not, nothing lost since I'd just do the reinstall.
-
You don't have any control over persistent cache and you don't need any. Only control that you have is storing the data intoo it when doing a full scan. It's designed in a way that you CANNOT store anything untrusty into it. Stuff that is 100% trusted is stored there based on whitelist that is maintained through VPS updates. If the file is not listed in the persistent cache, it is scanned the regular way and stored only in transient cache where security measures are more strict and the caching is only temporar till the file changes or there is new VPS installed.
Bottom line, forget about the caching, because you don't have to worry about it. It's designed in a way that you don't have too worry about it and that it's secure no matter what.
-
in case you really want to get rid of it and get avast to generate a new one (persistence cache), just turn off Avast self protection module (in main settings), and if that's not enough disable (temporarily) Avast services from Computer management/services... and then delete the files found here:
C:\ProgramData\Alwil Software\Avast5 ... these are the files starting with deb, and an "dat" extension. Then turn everything back on ;)
-
Don't know where you get the files starting deb and are .dat files as there are no such files on my system, much less in the avast5 folder. I don't have hidden folders, etc.
-
Don't know where you get the files starting deb and are .dat files as there are no such files on my system, much less in the avast5 folder. I don't have hidden folders, etc.
you're on XP, it's under the alwil folder in all users
-
Oh no it isn't, I checked there and my complete c:\drive
I have files beginning db*.dat, so if yours begin with deb*.dat then the start of the file name differs from OS to OS also ?
-
The persistent cache is indeed stored in the db*.dat files (there's one file per volume).
Typically, they shouldn't be bigger than a few hundred KBs.
Thanks
Vlk
-
Oh no it isn't, I checked there and my complete c:\drive
I have files beginning db*.dat, so if yours begin with deb*.dat then the start of the file name differs from OS to OS also ?
oh come on, you found those, so there's a big chance I mistyped "db" and wrote "deb" instead no ? and there's also a big chance that the files I'm talking about are the files you found ;D (hey, I gave the extension as well :D )
-
It's designed in a way that you CANNOT store anything untrusty into it.
Well, let's imagine that some guys developed a virus which is named as "trusty file", have same size that "trusty file" and placed into same location as "trusty file". So, the Avast! wouldn't check it at all? What are the principles of "trusting"?
-
Just because it has the same name, size and in the same location, doesn't mean it will be trusted.
-
Just because it has the same name, size and in the same location, doesn't mean it will be trusted.
So, what's the other differences? Contents of a file? Well, the Avast! must check contents in this case, and this would be a scan.
-
Consider date created, date modified, and the checksum of the file. All these should be considered to check if the file has been modified. If any of these have changed, then the contents of the file would be scanned.
-
Those system files with digital signatures are another area, you can have a file with the same name and location, but if it isn't the original or it has been modified the digital signature would either not be present or fail checking.
Obviously avast aren't going to tell all the measures relating to the use of the persistent cache, especially on a public forum or people could try to circumvent those measures.
-
What are the principles of "trusting"?
Digital signature.
Quick checksum of the file into the whitelist.
-
Consider date created, date modified, and the checksum of the file. All these should be considered to check if the file has been modified. If any of these have changed, then the contents of the file would be scanned.
So when Avast is doing active scans of files being used, does it compare Windows trusted files all the time? I mean, without some sort of check, how does it know that the file hasn't changed compared to whats in the whitelist. How much quicker is this check than if that file was to be scanned?
-
...How much quicker is this check than if that file was to be scanned?
That would depend on exactly what check is made compared to how long it would take to scan the file, and in turn how big the file is.
-
...How much quicker is this check than if that file was to be scanned?
That would depend on exactly what check is made compared to how long it would take to scan the file, and in turn how big the file is.
Well, exactly what check needs to be done to a file to see if it has changed. That check.
-
Digital signature.
Quick checksum of the file into the whitelist.
Thanks for your answer. It seems Avast! to be the fastest antivir now. :)
-
So when Avast is doing active scans of files being used, does it compare Windows trusted files all the time? I mean, without some sort of check, how does it know that the file hasn't changed compared to whats in the whitelist. How much quicker is this check than if that file was to be scanned?
I've answered that before... the white list is safely populated. The check is faster than the rescan (otherwise, the feature won't be of any help, will it?).
-
One example of the difference would be the scan logs.
My first full scan(on January 27) before populating the persistent cache took 48min 44sec to scan 51.26GB while my latest full scan took 17min 38sec to scan 49.03GB. In between these scans I'd updated some programs as well as the MS updates on Patch Tuesday which required those to be rescanned during the last scan. The reduction from 51.26 to 49.03GB was due to deleting a couple of installer files and running CCleaner to remove all the temporary files that had accumulated.
This is only an example, and during normal usage the variance would be different, so cannot be directly compared. Obviously, there were quite a few files that had been changed by the various OS and program updates that required rescanning of the contents but the majority of the files had been unchanged and only required verification that there was no change.
I have no way to determine which files were content scanned and which files were just checked for updates via persistent cache, nor how exactly that affected the scan time, nor do I care. Obviously, it's above my pay grade. ;D
-
I'd posted somewhere else here that I'd seen a huge speed increase by ticking both cache options. Back on 4.8, I was scanning about 6 gigs (with archives excluded) in roughly 15 minutes. My first full system scan in 5 (with packer settings left at default, by the way) took just under an hour, obviously due to having to populate the persistent cache from scratch. The next scan with same settings, a week later, took about 8 minutes -- roughly twice as fast as 4.8 without archive scanning.
-
The persistent cache is indeed stored in the db*.dat files (there's one file per volume).
Typically, they shouldn't be bigger than a few hundred KBs.
Thanks
Vlk
thanks
where are these files in w7 ?
but should i stop the service and avast pop to fix now ???
i guess i should detele some reg keys ,right , to purge the persistent cache and re-build
i want to have a persisten cache only for 1 volume
yesterday i did for all my volumes 6
-
thread is more than a year old, start a new one.
edit: hmm... no need, there's no solution to your problem, just disable the persistence cache if you fear the indexing of some sort of content ;D
ps: you're a real Avast reverend ??? :D