Author Topic: Standard Shield under Pro 4.8-1201. Vista x86 sp1  (Read 8368 times)

0 Members and 1 Guest are viewing this topic.

streetwolf

  • Guest
Standard Shield under Pro 4.8-1201. Vista x86 sp1
« on: June 23, 2008, 06:36:10 PM »
At the moment all I have running is the standard shield.  I am only scanning executables.  Why then does Avast scan such files as .ico, .db, and index.dat to name a few?  The .ico are a few favicons in my TIF.  The db files are in my AppData.  As far as I know these are not executables?  I put them on the exclude list to no avail. 

What's the story?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
« Reply #1 on: June 24, 2008, 12:16:37 AM »
You can reduce the protection (and increase performance) a little by disabling the open/created/modified files to be scanned into the Standard Shield settings.
The best things in life are free.

streetwolf

  • Guest
Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
« Reply #2 on: June 24, 2008, 01:40:14 AM »
That's the thing, I am not using any open/modify/creation resident scanning.  Strictly executable resident scanning.  Yet It scans non executable files.  I don't think it's all non executables, maybe just particular system stuff like index.dat.  I even see it scanning jpegs.

Another 'weird' occurrence is that I use Stardock's objectdock as my program launcher and I have an icon that contains shortcuts to my favorite programs.  When I click on the icon the real program executables get scanned when the list of programs appears on a drop down menu.  The programs are not being executed at this time.  What's up with this?

Sure seems that even though I do not have anything enabled except executables opens/modifies/creations are being scanned in some cases.

Here's some files that get scanned.  They tend to happen as i exit an application.  In this case it was IE7.

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  • is OK

C:\Users\Streetwolf\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Feeds Cache\index.dat
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008062320080624\index.dat
  • is OK
« Last Edit: June 24, 2008, 02:20:47 AM by streetwolf »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
« Reply #3 on: June 24, 2008, 03:23:19 AM »
Do you mean you've edited these settings?
The best things in life are free.

streetwolf

  • Guest
Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
« Reply #4 on: June 24, 2008, 01:54:04 PM »
Those are the ones.  Everything is unchecked.

I get all kinds of files scanned.  I did manage to place a few on the exclude list and they do work.

Here are some more files being scanned by the resident scanner:

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
  • is OK

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
  • is OK

C:\Windows\Prefetch\AgAppLaunch.db
  • is OK

C:\Windows\System32\wbem\repository\INDEX.BTR
  • is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx
  • is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
  • is OK

C:\Windows\System32\wbem\repository\OBJECTS.DATA
  • is OK

C:\Windows\System32\wbem\repository\MAPPING1.MAP
  • is OK

C:\Windows\System32\wbem\repository\MAPPING2.MAP
  • is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
  • is OK

C:\Windows\System32\winevt\Logs\Security.evtx
  • is OK

C:\Windows\System32\winevt\Logs\System.evtx
  • is OK

C:\Windows\System32\winevt\Logs\Antivirus.evtx
  • is OK

C:\Windows\System32\winevt\Logs\Application.evtx
  • is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
  • is OK

C:\Windows\System32\winevt\Logs\OSession.evtx
  • is OK

C:\ProgramData\Ad Muncher\Registration.dat
  • is OK

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LDMOTB\weather_data_v2b[1].xml
  • is OK

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
  • is OK

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
  • is OK

C:\Users\Streetwolf\AppData\Local\Temp\ppcrlui_3212_2
  • is OK

C:\Users\Streetwolf\AppData\Roaming\Microsoft\Protect\CREDHIST
  • is OK

C:\Users\Streetwolf\AppData\Local\Temp\Streetwolf.bmp
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  • is OK

C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  • is OK


Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
« Reply #5 on: June 24, 2008, 02:23:54 PM »
You're right, this is indeed reproducible here... We'll find out what the problem is, and fix it in the next program update.
BTW I _think_ it will be related to the new scanning mode introduced recently which takes care of scanning of "orphaned" memory-mapped files on close.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

streetwolf

  • Guest
Re: Standard Shield under Pro 4.8-1201. Vista x86 sp1
« Reply #6 on: June 24, 2008, 03:43:36 PM »
Always happy to help.