Avast WEBforum
Other => General Topics => Topic started by: QBALL263 on March 29, 2010, 04:17:31 PM
-
I am constantly being asked by my firewall (Online Armor) that sf.bin wants to run. I check allow and install, but apparently, the program does not want to install. Is this some kind of glitch, or did I do something wrong? ANY help would be appreciated. Thanks
-
same here, with comodo. sometimes d+ pops up (its in verbose) telling me bout the sf.bin is doing smthng.
it happens sometimes, not every time avast makes updates, so my (not so) wild guess: it's related 2 the avast vps updates. ;)
any more info on what it exactly does in avast is highly appreciated! :)
asyn
edit: @qball263: u can allow it, it won't do any harm.
-
http://forum.avast.com/index.php?topic=50550.0
http://support.tallemu.com/vbforum/showthread.php?p=117332
http://www.pc1news.com/virus/file-sf-bin-379059.html
-
many thanx 4 the info, pondus!! :)
asyn
-
Thx guys. Read the links Pondus posted and they somewhat helped. Since I know barely enuff to get myself in DEEP trouble, how do I keep OA from popping up this request?
-
permanently allow it or exclude it in oa, if possible.
-
Hiya
I am having some worrying issues with the Sf.bin binary as well. A couple of days back ZA notified me that Sf.bin wanted access to Internet (239.255.255.250) and I have tried to raise that with Alwil but no response yet. I tried to create a MD5 checksum (according to Pondus posting) with a MD5 Hash toll in it failed this validation, but the tool itself is a bit flaky..
Avast free 5.0.462 and 100403-0
Vista Home Premium SP2
Any suggestions?
-
That's what whois says on 239.255.255.250...
No whois server is known for this kind of object.
Sorry, have no more to add. ;)
asyn
-
Yeah, what I'm asking here is it expected behaviour for Sf.bin to try to connect to Internet?
-
That is the "Simple Service Discovery Protocol (SSDP)" via UDP on port 1900 searching the network for Universal-P&P-devices. Doesn't have anything to do with Avast IMHO. Disable Universal Plug and Play, and it will stop.
8)
-
Ok, but ZA explicitly said that Sf.bin tried to connect to that address..
-
Oh, I see. Has something to do with code emulation... and yes, it is in the vps updates.
I guess it is ok to connect, but I don't know why it does so and what happens there.
Need a dev to explain, I suppose.
-
ok thanks the quest goes on.. anyone?
-
Same problem with Outpost firewall. Keeps asking for permission to allow sf.bin to run. I keep trying to permanently allow it but no luck.
-
permanently allow it or exclude it in oa, if possible.
I note that this thread is about a month old and that four different firewalls are reporting that sf.bin keeps wanting to run. Permanently allowing it to do so does not seem to work for me on Outpost firewall. Can this not be resolved somehow?
-
PLEASE it is the file that have the cache info for files not related to services or anything else"avast related"
ask igor or vlk or just run a scan and see how it will pop up an alert
http://blog.avast.com/2010/04/25/how-to-make-the-full-system-scan-6x-faster-in-10-days/ (http://blog.avast.com/2010/04/25/how-to-make-the-full-system-scan-6x-faster-in-10-days/)
-
I'm sorry to say that I actually switched product for this reason. I have posted this as a support ticket as well without any response in the same time.
-
Well, I don't see what we can do about it.
Sf.bin is part of avast! antivirus engine... and it's executed e.g. when a suspicious file is detected (to perform some emulation).
If Outpost, or any other products, are unable to obey the rules you set for them... that certainly should be fixed by their makers. I guess it might be slightly tricky to set such a rule (the folder of the virus database keeps changing, and the file itself changes as well) - but still, there's nothing to do on our side.
-
I posted a query if this was expected behaviour - that Sf.bin wants access to Internet - and now finally I had a reply. Thanks.
-
Well, what I'm saying is that executing Sf.bin is normal, the content of Sf.bin changing often (thus making it harder to create a rule for a 3rd party HIPS) is also normal.
Sf.bin connecting to Internet... is not, as far as I know.
-
Sf.bin connecting to Internet... is not, as far as I know.
No connection attempts to the net here at all... Only the HIPS part of comodo (D+) pops up sometimes, but not for asking to allow, just telling it's doing something, as it's set to verbose here.
asyn
-
Igor, ZA notified me that Sf.bin wanted access to Internet and I blocked it at that time. Is there any reasonable explanation to that?
-
At a guess (I don't really know anything about this though), could it be the webshield using the code emulation?
That would cause a connection would it not?
-
At a guess (I don't really know anything about this though), could it be the webshield using the code emulation? That would cause a connection would it not?
The webshield connects via AvastSvc.exe not Sf.bin
If Sf.bin would connect (or even try to connect) I would have an entry in the firewall log.
asyn
-
Well, I don't see what we can do about it.
Sf.bin is part of avast! antivirus engine... and it's executed e.g. when a suspicious file is detected (to perform some emulation).
If Outpost, or any other products, are unable to obey the rules you set for them... that certainly should be fixed by their makers. I guess it might be slightly tricky to set such a rule (the folder of the virus database keeps changing, and the file itself changes as well) - but still, there's nothing to do on our side.
I have in fact given permission for sf.bin to run, both in Outpost Application Rules and Host Protection but because, as you point out, the folder and file keep changing the rules won't stick. So how on earth can this be fixed by Outpost. This problem started with v5.0.507.
-
Igor, ZA notified me that Sf.bin wanted access to Internet and I blocked it at that time. Is there any reasonable explanation to that?
No, not really. Maybe some other program has installed system-wide hooks and is injecting itself into every created process? (just a wild guess)
This problem started with v5.0.507.
That's not possible... the Sf.bin executable, as well as other modules responsible for launching it, are fully contained in the "virus database & engine" and are completely independent of the program version. You may have an old version of the program, yet a brand new virus database - and it will behave exactly the same as with a new program build.
-
Well, I don't see what we can do about it.
Sf.bin is part of avast! antivirus engine... and it's executed e.g. when a suspicious file is detected (to perform some emulation).
If Outpost, or any other products, are unable to obey the rules you set for them... that certainly should be fixed by their makers. I guess it might be slightly tricky to set such a rule (the folder of the virus database keeps changing, and the file itself changes as well) - but still, there's nothing to do on our side.
I have in fact given permission for sf.bin to run, both in Outpost Application Rules and Host Protection but because, as you point out, the folder and file keep changing the rules won't stick. So how on earth can this be fixed by Outpost. This problem started with v5.0.507.
Strange as I have Outpost Firewall Pro 2009 ver. 6.7.2 (3001.452.0718) and I have not had a single Outpost pop-up relating to sf.bin and it isn't in my Application Rules section of Outpost Firewall Pro.
-
I'm still having problems with sf.bin popups - I'm using Sunbelt Personal Firewall. Any ideas on how to stop this? Much appreciated!
-
Well, what I'm saying is that executing Sf.bin is normal, the content of Sf.bin changing often (thus making it harder to create a rule for a 3rd party HIPS) is also normal.
Sf.bin connecting to Internet... is not, as far as I know.
I have the latest version of ZA Pro and I never get pop ups wanting to allow Sf.bin. This obviously due to the auto configuration at set up 0f ZA Pro (I guess Check Point is aware of the issue) .
the content of Sf.bin changing often
This explains why I get multiple entries of Sf.bin in ZA Pro ???
-
this is another ip address from sf.bin
224.0.0.252 28th 19:00
ZA can't fight against millions of different IP address's
-
this is another ip address from sf.bin
224.0.0.252 28th 19:00
ZA can't fight against millions of different IP address's
http://forum.avast.com/index.php?topic=85392.msg692923#msg692923
224.0.0.252 Link-local Multicast Name Resolution. RFC 4795
-
this is another ip address from sf.bin
224.0.0.252 28th 19:00
ZA can't fight against millions of different IP address's
Why dredge up a topic that hasn't had any activity in over a year, stick to the topic you created already. But again this really is a non-issue.
-
Hi, I somehow fixed Sf.bin continually popping out in the in Windows Task Manager Processes Tab, making your computer Super Slow. This Fix works with Avast! PRO Antivirus.
Disable the Avast! Shields Control, select Disable until computer is restarted this will make your computer speed back to normal. Then go to Control Panel, Add-Remove programs, select Avast! PRO Antivirus, Click Change\Remove. When the Avast! Setup Screen Appears go to Repair and click Next, wait until the repairing process is finished, then restart your computer, this will help Fix the Sf.bin.