Author Topic: What does avast! scan after boot and why? [Outpost Pro causes excessive access]  (Read 28086 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86683
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #30 on: June 15, 2005, 07:37:55 PM »
Further update, after excluding op_data.mdb and op_data.ldb, disabled SnagIt again and rebooted the Scanned Total was 761 so no major difference.

Manually started SnagIt and the scanned total only went up by 3.

So we are still in the same position of not knowing what and why outpost pro accesses on boot.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

toadbee

  • Guest
Re: What does avast! scan after boot and why?
« Reply #31 on: June 15, 2005, 07:48:56 PM »
this might help you?

If nothing else you'll see that Avast! isn't alone (neither are you ;) )

http://www.agnitum.com/support/kb/article.php?id=1000030&lang=en

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86683
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #32 on: June 15, 2005, 08:53:48 PM »
Thanks Toadbee, I have been doing some searching on the Outpost forum but found very little and was just about to post a new thread. So I will check out the KB article first.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86683
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #33 on: June 15, 2005, 09:12:44 PM »
Checked the KB article, outpost's solution useless, basically it is just recommending what I had already tried, exclude the .mdb file.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86683
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #34 on: June 21, 2005, 06:42:01 PM »
Update.

Well after a good number of useful responses to my query on the Outpost forum, I have received no direct reply as to what files outpost accesses on boot or why - What files does outpost access/check at startup and why?
I have an open support ticket about it awaiting a detailed (rather than automated reply) response.

I tried a number of things which had a limited or no effect at all.
Exclusions didn't work at all.
Disabling a number of other startup entries (SnagIt, etc.) very limited effect, confirming outpost was the cause of the excessive file activity and scans.
I also tried reducing the Standard Shield sensitivity to Normal from High (before disabling outpost), this had the desired effect reducing the scanned total from 800+ to 300. But I felt that this lowering of my AV defence wasn't acceptable.

It was only when outpost startup entry was disabled and the outpost firewall service was set to manual that there was a real effect, the scanned total dropped from 800+ to around 300.

Warning - It is important to ensure you start your firewall before you connect to the internet, so this may not be an option for those with a direct always on connection, for me on dial-up there is less of a problem.

Starting both the outpost firewall service and the outpost GUI manually was a bit of a pain and you have to do it in firewall service, GUI order. Fortunately someone on the outpost forum told me the run command to start the service net start "outpost firewall service" (with the quotes because of the spaces). So I created a small batch file 'OupostStart.bat' located in C:\ with a shortcut in the quick launch tool bar (to give one click outpost start).

The batch file had the line to start the service and the path to execute outpost.exe, which started the GUI:
Net Start "outpost firewall service"
"C:\Program Files\Agnitum\Outpost Firewall\outpost.exe"
« Last Edit: June 21, 2005, 06:45:53 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47175
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
I haven't see a whole lot of interaction from the Alwil team on this thread either.

The large amount of scans performed at boot up  aren't only related to folks that use Outpost.
It also happens with ZA and probably many other Firewall programs.
I do know that my system takes a long time to boot. I usually start it and then just forget about
it for a while and do something else. (Yes I know I have a lot of programs that start when the computer starts.)
It shouldn't be that way. This was one of my main gripes about NAV. The big difference is that eventually-
avast! does stop it's morning ritual. NAV hogged my computer all day long. Guess what, I slaughtered that hog. ;D
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
I know I have a lot of programs that start when the computer starts.
Startup Delayer does a very good job in this case.
Other one is NetRun that controls 'when' you get on-line and start (or delay) the startup of programs. Here you can add all applications that you run only when connected.
The best things in life are free.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47175
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Technical
I'm already using a program called Startup Faster 2004. That's not where the problem lies.....
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://

kephryn

  • Guest
I found a great utility that might help you out,

http://www.sysinternals.com/Utilities/Filemon.html

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86683
  • No support PMs thanks
If you read the complete thread (reply #15, #17, #18) you will see I have used filemon and it doesn't turn up any easily interpreted information, rather the opposite it gives too much information. when set to run on boot (it still starts late to catch early boot activity) until activity stabilises after about 2 minutes the file generated is 1.5MB and 13000+ lines, murder to read.
« Last Edit: August 08, 2005, 02:37:20 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86683
  • No support PMs thanks
Further update, I have re-enabled Outpost on boot but lowered the Standard Shield to Normal and that brings the total Scanned Count to around 250 - 300, more acceptable and my boot time to the avast! icon stopping is just under one and a half minutes.

However, there are still exe files in the Program Folder/s being scanned even though they aren't being started and I haven't used them in months.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47175
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
I've also noticed quite a few un-install programs being checked during boot-up.
And these aren't for newly added programs either.  ??? ???
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://

jagged ben

  • Guest
Re: What does avast! scan after boot and why?
« Reply #42 on: January 23, 2006, 12:23:55 AM »
Well I added filemon.exe to the startup group...
...there were references by explorer.exe to Explorer.EXE accessing C:\Documents and Settings\All Users\Start Menu\Programs\

[...]

could some of these .exe files that are being scanned come from the fact that the icon is being extracted from the programs .exe file to display in the Start, All Programs Menu and their sub menus since icons are displayed in the lists?


I think this is clearly a culprit, and the only one I need solved myself.  When I backed up my start menu folders and deleted everything in them, my scanned count on startup dropped from about 230 to 12 (!!).

What can be done about this?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86683
  • No support PMs thanks
Well I added filemon.exe to the startup group...
...there were references by explorer.exe to Explorer.EXE accessing C:\Documents and Settings\All Users\Start Menu\Programs\

[...]

could some of these .exe files that are being scanned come from the fact that the icon is being extracted from the programs .exe file to display in the Start, All Programs Menu and their sub menus since icons are displayed in the lists?


I think this is clearly a culprit, and the only one I need solved myself.  When I backed up my start menu folders and deleted everything in them, my scanned count on startup dropped from about 230 to 12 (!!).

What can be done about this?
Yes initially this was discounted (by some Alwil Moderators) as a potential cause of the high scan count but in a later response it was offered as a possible reason for the high scan count.

So I believe they acknowledge it as the cause/reason but I'm not sure what they can do to avoid it. If a file is accessed for anything other than read access I believe avast is going to scan it even on the Normal (lowest) setting for Standard Shield. So if a file is accessed with write access or what ever is required to extract the icon. I did suggest some way of giving a user different levels of boot scan to try and avoid this, it didn't draw a response.

As you have shown, no startup folder, little activity but that is a little severe a work around. So I too would like to see if there is a way of either not having windows display icons in the windows start menu folders or a way for avast to ignore this extraction of the icon in the exe files.

Short of excluding the start menu folder in standard shield, which could leave you very vulnerable, I can't see an easy solution.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jagged ben

  • Guest
Well, I excluded my start menu.  (This does not make me feel super vulnerable, although I will probably move my startup folder to a different path.)  Predictably, this only cut the count in half, no doubt because the shortcuts weren't scanned but the programs they link to were still scanned.  It did not cut the busy time down to my satisfaction.

It's pretty dissappointing to find out that this is the way Avast works.  Extracting an icon should not require a scan of the entire file containing the icon.   I'm almost tempted to turn off the standard shield, or at least certain options in it.  (What are OLE documents, by the way?)  I'm far more worried about scanning my internet traffic, that's why I have an anti-virus program.