Threat Detected memory block imf.exe mbamservice.exe superantispyware.exe

[teacrumpets]

Hello, 

I understand from other posts that these are not threats but other security programs' virus signatures loaded into memory when the Avast scan is occurring. So thank you for calming my concerns.

But what is not clear, and this is due to my lack of knowledge of working with the results file, is what actions Avast took against them when Avast found them. Since the action feature is faded out and not usable, and the action taken column is blank, I can't tell what Avast did once it found these false-positives. All three products are in my exclusion settings. I know selecting "scan memory" causes these and I don't mind seeing them in my results for the times I scan memory. My questions:

* does Avast delete them?
* If it does, will that be a problem for the other programs to protect my system against those  signatures?
* If so, how can you do a memory scan without that happening?

My assumptions are that Avast is smart enough to leave them alone and the only reason to deselect "scan memory" would be if it was a nuisance to constantly see the red Warning Threat Detected message and to just find it's only them. I don't scan memory all the time, only my monthly or weekly scans. Daily I do quick scans without that option. Just thought I'd verify my assumptions and create a post that others, wondering the same thing, can reference.

Thank you for all your hard work monitoring these posts! It's an important job and most people volunteer their time to do so. I appreciate all of them.

Judy

[Asyn]

1. But what is not clear, and this is due to my lack of knowledge of working with the results file, is what actions Avast took against them when Avast found them.

2. * does Avast delete them?

Welcome to the forum Judy.
1. None.
2. No.

[ady4um]

The action taken by Avast always depends on the configuration of the particular scan you ran.

For example, if you have the first action set to "ask", then that's the action. When asking, if you don't (or can't) do anything with whatever was "found" (read as "reported"), then nothing happens, and those executables should still be there.

If indeed you would decide to delete them (not really recommended as the first action), the of course those executables would be deleted and the respective programs won't run. So, by contradiction, if you try to run now those programs and they indeed run successfully, then their executables are not deleted.

For memory scans, if you use other security tools (as you are), then the results should be treated "each case at a time". Mostly, "things" found in memory would be just the databases of those other security tools, but there is always a possibility to find something else too.

[Asyn]

Not applicable for a memory detection.

[ady4um]

Not applicable for a memory detection.

Yes, of course you are correct. I was referring more to the "executables" mentioned in the title of the topic. My apologies for not being so clear.

[Asyn]

Yes, of course you are correct. I was referring more to the "executables" mentioned in the title of the topic. My apologies for not being so clear.

NP pal.

[teacrumpets]

Thanks Asyn and ady4um! And I appreciate the explanation regarding the executables themselves should something like that ever be flagged.

Judy 

[Asyn]

You're welcome..!