« previous next »
Pages: [1]   Go Down

Author Topic: Where is a history or log of files deleted (NOT moved to quarantine/chest)?  (Read 6763 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Where is a history or log of files deleted (NOT moved to quarantine/chest)?
« on: July 06, 2015, 07:54:30 AM »
Using Avast! Free AntiVirus 2015 with all updates.

While accessing the C:\Windows\System32 folder, Avast File System Shield apparently performed a protective scan and deleted at least 1 *.SCR file.  I know it to be harmless from almost a decade ago based on multiple previous checks via VirusTotal and user forum discussions back in the day.

To prevent further deletions I have since hopefully updated/changed the action settings sequence from "automatic" (which ultimately results in deletion if repair then quarantine fails) to  1) attempt repair,  2) move to chest,  3) ask.  I don't know why the automatic setting was unable (or unwilling) to simply quarantine the file.

Aside from re-displaying the last pop-up message window, how/where can I view a history-log of all previous threat detection actions of the past that resulted in deletions (since no files were in the quarantine chest)?  I have not been able to locate such a *.LOG file on my system yet.

Is there a possible built-in "undo/undelete" feature I have yet to locate in Avast?  (Or is it by design that there is not, to prevent malware infections?)

Is using something like "Recuva" my only option, and to "fish around" for unknown file names since I don't know what all got deleted except for the last file mentioned in the pop-up message?

Thank you.
Logged

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5625
  • Spartan Warrior
Re: Where is a history or log of files deleted (NOT moved to quarantine/chest)?
« Reply #1 on: July 06, 2015, 09:35:59 AM »
Hi harpo2448,

Unlike the recycle bin Windows uses, Avast! deletes the entire file and it is not recoverable after.  Windows Recycle Bin differs in that the first character of a file placed in Recycle Bin is changed to make the file appear to be deleted.  The remaining part of the file can be recovered using Recuva or similar program by replacing the new character with the original one.  Unfortunately with avast, (or any antivirus program for that matter) the entire file is deleted in entirety and immediately.

This is done to remove malicious files or code completely; nothing is left after. 

It is not until Windows tells the file system to use the space occupied by the file in the recycle bin and overwrite the file, that it is then unrecoverable, which can be a significant amount of time later.

Suggest backing up all files you do not want to lose in the future, either via a hard drive crash, corruption, or antivirus action.

http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
Logged
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Where is a history or log of files deleted (NOT moved to quarantine/chest)?
« Reply #2 on: July 06, 2015, 11:07:37 AM »
Logged

REDACTED

  • Guest
Re: Where is a history or log of files deleted (NOT moved to quarantine/chest)?
« Reply #3 on: July 06, 2015, 04:06:50 PM »
Thank you, mchain and Eddy.

Yes, I understand the file is not recycled in the usual sense; and since the title/filenames of the file(s) I'm interested in are not appearing in the quarantine chest, I was hopeful there might be an obscure undelete/recovery alternative buried somewhere in Avast... oh, well.

However, since only the message of the last pop-up can be displayed (and even that disappears after a restart), I seem to have no record of other/prior files that also used to reside on my hard drive that have been deleted by the on-access file shield. 

(I may pay attention to the pop-up messages regarding "threats" as they occur, but my family doesn't!)

I looked in the folder of log files as suggested by your link to the other discussion (and of which I was already aware), and not one of those files contains an entry matching the filename in the pop-up message for the now-deleted (false) "threat" file that was in the C:\Windows\System32 folder.

The Activity page shows only the number of "threats" detected/prevented for the previous month/30 days.  It has no ability to display the filename(s) deleted that I can find.

It seems no history record is kept at all of the automatic repair(failed)/quarantine(failed)/deleted(ultimately) action sequence.  Is this correct?

I was also hoping to find the reason for the failure of the repair/quarantine move-to-chest attempt before the ultimate deletion.  Was it a permissions issue (although I was/am running in the Admin account when the Avast message popped up)?  Was the "threat" file marked "Read Only"?  Now I'll never know...

Any other suggestions?  Or is such a detailed history a feature only of the paid versions of Avast?

Thanks again.
« Last Edit: July 06, 2015, 04:25:14 PM by harpo2448 »
Logged
Pages: [1]   Go Up
« previous next »