Author Topic: What is sf.bin file?  (Read 14070 times)

0 Members and 1 Guest are viewing this topic.

Yance

  • Guest
What is sf.bin file?
« on: February 03, 2011, 12:51:57 PM »
Hello, since upgrade to version 5.0.889, sf.bin file from avast is very often detected by comodo D+ and anti-exe from faronics? What is sf.bin file and whether it's function in avast?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: What is sf.bin file?
« Reply #1 on: February 03, 2011, 01:42:25 PM »
quote DavidR

Quote
The SF.bin is the code emulation part of the avast and is downloaded or updated on virus definitions updates.

Yance

  • Guest
Re: What is sf.bin file?
« Reply #2 on: February 03, 2011, 02:26:03 PM »
Thank you very much guys.

Jean Severine

  • Guest
Re: What is sf.bin file?
« Reply #3 on: February 04, 2011, 05:11:02 AM »
1 There is an absolutely wonderful freebee named Process Explorer which puts Windows Task Manager to shame for the comprehensive information it provides.  Download Version 14.01 of the app from:
http://technet.microsoft.com/en-us/sysinternals/bb896653

2 99% of the time sf.bin is triggered by a specific .exe app being executed.  Avast sees the app as a threat and issues an sf.bin, which Comodo and other firewalls respond to with their own warnings.  Most of the time this sequence is triggered by a completely benign and trusted .exe being executed which most likely is designed as a Packed Image.  Malware, including viruses, spyware, and adware is often stored in a Packed Image encrypted form on disk in order to attempt to hide the code it contains from antispyware and antivirus, hence the reason for the Avast sf.bin alert, EVEN THOUGH the .exe may be COMPLETELY BENIGN.

3 Process Explorer will show you the moment Avast issues the sf.bin process, it's source app trigger, and when the source app is running, whether or not it is in Packed Image format.

4 The simple trick here is to PREVENT the sf.bin from being triggered in the first place using lebob's elegant, simple solution -- After identifying the app triggering the sf.bin in Avast --

5 Open Avast's Real Time Shields > FILE SYSTEM SHIELD TAB, and click on the EXPERT SETTINGS button; select the EXCLUSIONS option; click the ADD button; browse to the target app .exe pathname; CHECK the X field to EXCLUDE SCAN ON EXECUTION; click OK and you're done.  No more sf.bin appearances.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: What is sf.bin file?
« Reply #4 on: February 04, 2011, 05:40:50 AM »
And no more protection should that file become infected as limited as that risk might be, there is still a risk.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ace2701

  • Guest
Re: What is sf.bin file?
« Reply #5 on: February 04, 2011, 06:26:50 AM »
Thanks, now I understand what's going on.
However, I'm using Zonealarm, and eventually I
end up with a large number of sf.bin files in
my alerts log.  Can I safely delete all but the
latest alerts without any danger?

HeroX2

  • Guest
Re: What is sf.bin file?
« Reply #6 on: February 25, 2012, 12:46:33 PM »
Hi, I somehow fixed Sf.bin continually popping out in the in Windows Task Manager Processes Tab, making your computer Super Slow. This Fix works with Avast! PRO Antivirus.

Disable the Avast! Shields Control, select Disable until computer is restarted this will make your computer speed back to normal. Then go to Control Panel, Add-Remove programs, select Avast! PRO Antivirus, Click Change\Remove. When the Avast! Setup Screen Appears go to Repair and click Next, wait until the repairing process is finished, then restart your computer, this will help Fix the Sf.bin.