1 There is an absolutely wonderful freebee named Process Explorer which puts Windows Task Manager to shame for the comprehensive information it provides. Download Version 14.01 of the app from:
http://technet.microsoft.com/en-us/sysinternals/bb8966532 99% of the time sf.bin is triggered by a specific .exe app being executed. Avast sees the app as a threat and issues an sf.bin, which Comodo and other firewalls respond to with their own warnings. Most of the time this sequence is triggered by a completely benign and trusted .exe being executed which most likely is designed as a Packed Image. Malware, including viruses, spyware, and adware is often stored in a Packed Image encrypted form on disk in order to attempt to hide the code it contains from antispyware and antivirus, hence the reason for the Avast sf.bin alert, EVEN THOUGH the .exe may be COMPLETELY BENIGN.
3 Process Explorer will show you the moment Avast issues the sf.bin process, it's source app trigger, and when the source app is running, whether or not it is in Packed Image format.
4 The simple trick here is to PREVENT the sf.bin from being triggered in the first place using lebob's elegant, simple solution -- After identifying the app triggering the sf.bin in Avast --
5 Open Avast's Real Time Shields > FILE SYSTEM SHIELD TAB, and click on the EXPERT SETTINGS button; select the EXCLUSIONS option; click the ADD button; browse to the target app .exe pathname; CHECK the X field to EXCLUDE SCAN ON EXECUTION; click OK and you're done. No more sf.bin appearances.
