Author Topic: New selfdef log entries after program update  (Read 3076 times)

0 Members and 1 Guest are viewing this topic.

Paradoxian

  • Guest
New selfdef log entries after program update
« on: August 23, 2012, 09:07:18 PM »
Hello. First post here. If I somehow commit a breach of etiquette, or if my non-native English is hard to understand, feel free to correct me.

I have been noticing some oddities that hopefully aren't malware-related.

Ever since the latest program update (to 7.0.1466) there have been more entries in the selfdef log than usual. Here are a couple of excerpts from today's log:

Quote
23-08-2012 07:53:29   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\aswFsBlk denied. [C:\Windows\System32\services.exe]

23-08-2012 20:11:18   Write access to file \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\Setup denied. [C:\Windows\System32\SearchIndexer.exe]

23-08-2012 20:11:18   Write access to file \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\defs\12082300_stream denied. [C:\Windows\System32\SearchIndexer.exe]

23-08-2012 20:44:39   Write access to file \Device\HarddiskVolume1\ProgramData\AVAST Software\Avast denied. [C:\Windows\System32\SearchIndexer.exe]

There are perhaps a hundred more just from today. The searchindexer.exe attempts of access are new, and started occurring yesterday at about the time I think I updated Avast. As far as I can see, services.exe has attempted access ever since the log file was created after a fresh Windows/Avast etc. install. So, is this something to be worried about or not?

Also, since the last update the behaviour shield has gone virtually inactive. Usually it scanned the same 5-6 files everytime i booted the computer, now I can have hour-long sessions without any activity. I don't think this is related, I just wanted to mention it.

Hope you guys can allay my fears, and perhaps come up with some explanations.

« Last Edit: August 23, 2012, 09:17:56 PM by Paradoxian »

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: New selfdef log entries after program update
« Reply #1 on: August 23, 2012, 09:11:12 PM »
You can install Malwarebytes in trial mode to see if any "phone home" is occuring.
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

Paradoxian

  • Guest
Re: New selfdef log entries after program update
« Reply #2 on: August 23, 2012, 09:24:43 PM »
Can I have Malwarebytes - I assume you mean the 14-day PRO trial they are advertising - running concurrently with Avast?

Once I have installed the program, how do I go about finding out there is any "phone home" activity? I'm afraid I need some hand-holding.

Paradoxian

  • Guest
Re: New selfdef log entries after program update
« Reply #3 on: August 24, 2012, 01:21:58 PM »
All right, so I installed Malwarebytes' Anti-Malware and had it perform a full system scan. It detected no malicious items. Are attempts to "phone home" included in this, or is there some special module for the purpose of detecting these that I'm unaware of?

Can anyone else check to see if SearchIndexer.exe is attempting to access Avast files according to the selfdef.log? The attempts seem to have started immediately after the reboot required when doing a program update, so I'm thinking it must be related. The attempts by Services.exe I'm not so afraid of, they've been noted for several months, and I've searched the forum and it seems to be a common phenomenon.

Well, at least I know the Behaviour Shield is functional now. The number of analyzed events skyrocketed when I installed MBAM and had it perform a scan.

By the way, these words I have to recognize and write to be allowed to post are making me wonder if I'm really human!

Edit: new entry in the log:
Quote
24-08-2012 12:39:11   Write access to file \Device\HarddiskVolume1\ProgramData\AVAST Software\Avast\db1cd27868c332d48-7cb0fe1b.dat denied. [PID 4]

This occured during the MBAM scan. Probably related and nothing serious?
« Last Edit: August 24, 2012, 01:37:59 PM by Paradoxian »

Paradoxian

  • Guest
Re: New selfdef log entries after program update
« Reply #4 on: August 24, 2012, 05:59:40 PM »
So, how soon is too soon to bump a thread?

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: New selfdef log entries after program update
« Reply #5 on: August 24, 2012, 09:44:32 PM »
If it is in trial mode, and you have the red square on your task bar, then it will give you a notice at any time that it detects and blocks any communication to any known malicious web site, automatically!
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

Paradoxian

  • Guest
Re: New selfdef log entries after program update
« Reply #6 on: August 25, 2012, 09:30:53 PM »
Ok, thanks. No such thing has happened yet, so for the moment, I presume I'm safe?

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: New selfdef log entries after program update
« Reply #7 on: August 27, 2012, 10:56:50 PM »
That is a good sign, when it's not phoning home!
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"