Behavior Shield text file

[Dch48]

I have never had anything show in the Behaviorshield.txt file since installing Avast! Free back in May but since the update to 5.1, I'm getting these entries at every boot.

12/31/2010 8:21:03 PM   Modification of: \REGISTRY\USER\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec
    By:  C:\Program Files\Fighters\SPAMfighter\sfus.exe
    Via: C:\Program Files\Fighters\SPAMfighter\sfus.exe
         -> Action allowed
12/31/2010 8:21:03 PM   Modification of: \REGISTRY\USER\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec
    By:  C:\Program Files\Fighters\SPAMfighter\sfus.exe
    Via: C:\Program Files\Fighters\SPAMfighter\sfus.exe
         -> Action allowed
12/31/2010 8:21:03 PM   Modification of: \REGISTRY\USER\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec
    By:  C:\Program Files\Fighters\FighterSuiteService.exe
    Via: C:\Program Files\Fighters\FighterSuiteService.exe
         -> Action allowed
12/31/2010 8:25:38 PM   Modification of: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1606DC18-9578-4cbd-8312-8E9868F06A1D}
    By:  C:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe
    Via: C:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe
         -> Action allowed

Could these be because of the auto-update features of the 2 applications? (SpamFighter and Comodo)

[swarnava]

.If I'm understanding correctly, do you have CIS installed with only Firewall enabled and you are installing AIS as well...with Firewall disabled??

[Dch48]

.If I'm understanding correctly, do you have CIS installed with only Firewall enabled and you are installing AIS as well...with Firewall disabled??

No-  Only the Comodo Firewall is installed and only the free version of Avast! is installed.

[spg SCOTT]

These are all registry points that the behavior shield monitors for changes. The last one is an auto start location, and (I think) the 'ParseAutoexec' is realted to startup aslo.

Both places that malware could use to run within windows. The behavior shield is monitoring that these programs have changed the entries in the registry...

Something DavidR mentioned:

I have mine set to allow and periodically I check the behaviourshield.txt file and manually add certain files to the trusted processes.

You could add them to the trusted processes list to stop it being scanned at each boot

[Dch48]

These are all registry points that the behavior shield monitors for changes. The last one is an auto start location, and (I think) the 'ParseAutoexec' is realted to startup aslo.

Both places that malware could use to run within windows. The behavior shield is monitoring that these programs have changed the entries in the registry...

Something DavidR mentioned:

I have mine set to allow and periodically I check the behaviourshield.txt file and manually add certain files to the trusted processes.

You could add them to the trusted processes list to stop it being scanned at each boot

I have done that and I have also set the behavior shield to ask instead of allow for the time being.