File shield operation

[fhutt]

Hello,
I am puzzled by the way the the file shield operates.
I have experienced that when a virus does get hold in the computer and erratic operation starts a virus scan will find the offending virus.

This I don't understand - if a scan finds the virus, why did the file shield not prevent the virus from operating in the first place.

I have been told that a scan should be performed regularly. Again, if the scan finds a virus why does the file shield not prevent it from executing?
Thanks

[DavidR]

1.  The File Shield is an on-access scanner, and file that is created, modified or opened would be scanned.

2.  That rather depends on your settings and what the so called virus (a rare event) was, which you don't mention  ?
The Virus definitions are constantly added/updated, so may not have been covered when you got this so called virus.

3.  Personally I rarely if ever do on-demand scans as for the most part they would be scanning files that were old or not in use (as in point 1).  A file/virus that can be detected by an on-demand scan (and you don't say which one) should be detected by the on-access (executed) File Shield.  Once again without details of the so called virus (and the detection), no one can really comment.

[fhutt]

Than you DavidR.
This is acactly what I was thinking.
1) I do have the file shield activated with all settings clicked with scan files with recommended extensions.

2) I don't know the name of the virus or where it resides now. I rarely do as always want it gone.
I understand that if the definitions do not cover the active virus, it will run and there is no protection against it.

3) You say that you rarely do on-demand scans because any virus that can be detected by an on demand scan would be detected by the file shield when trying to execute. Therefore, with my settings, I think that the purpose of the on-demand scan would be to find and remove old viruses that are dormant and not causing any problems at present since they are not executing.

I think that there may be an exception to this.
The Avast service starts after some windows files are already executing. Therefore, those files would not be scanned by the file shield on-access scan.
The boot scan would scan some of those files but i'm not sure if it could check and repair all of them.

I would like to know what you think about the boot scan in this regard.
Thanks

[DavidR]

1.  Not all files are viruses (a generic term), malware is generally what is found. Some programs are also considered PUPs (Potentially Unwanted Program) and that check may not be enabled by default.

2.  Personally I never let programs take autonomous action, that includes my AV, so I set all actions to Ask. 
When you get an alert is is best to make notes, screenshot, etc. in case you want to enquire like this.

3. Old, or dormant files (malware or otherwise) don't present a direct risk, they would be scanned when active as I mentioned before.  However it is your system and your choice.

4.  The Avast services starts very early as it is a system driver, if you are basing this on the appearance of the Avast Tray icon (?), that isn't the avast service (system level driver) but the access to the User Interface (UI).

5.  I feel the same about the boot time scan as it really is a special scan if malware detected by the on-access scan can't be dealt with when the system is running.  Ordinarily if that were the case it should probably recommend running this scan.

[fhutt]

Your point (5) is very interesting.
" if malware detected by the on-access scan can't be dealt with when the system is running" would Avast issue a pop up to indicate that such a file was detected?

[DavidR]

Your point (5) is very interesting.
" if malware detected by the on-access scan can't be dealt with when the system is running" would Avast issue a pop up to indicate that such a file was detected?

I believe that is the case, but I have never experienced it (even if that was an error message in dealing with the detection).  In fact I have never had a malware/virus alert in over 17 years of using Avast Free.

[fhutt]

Wow, 17 years of not getting an alert.
I have done some .exe creation by using Freewrap which is just a wrapper for text written TCL/TK application.
Most of the times I create these .exe files I receive an Avast alert but 15 seconds later disappears with a file OK message.
This does show me that the file shield does work.
I also receive threat alerts from the Web Shield upon entering a suspicious website.

I am amazed that you don't receive any alerts.

[DavidR]

Most likely because they are new and not digitally signed, they would then be likely for further scrutiny, Behaviour Shield, Cyber Capture,  Security,

The web Shield is alerting on stuff that isn't on your system (yet), the content is intercepted and scanned before it hits your system.  I regularly get Web Shield alerts as I investigate many sites reported in the forums.  That is what prevention rather than detection on your system is about.  I don't count that as a malware/virus alert on my system. 

But again that isn't a File Shield or on-demand scan alert that you are talking about in your first post and what me replies are really are about...

[fhutt]

Thank you for all the details you provided.

I am more confident now about relying on the File Shield.

[DavidR]

You're welcome.