So I got an alert on Pidgin trying to open internet explorer, which I allowed and added to the trusted processes:

01/01/2011 14:22:39	Modification of: \REGISTRY\USER\S-1-5-21-749254142-602152416-2417861921-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
    By:  F:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe
    Via: C:\Program Files (x86)\Internet Explorer\iexplore.exe
         -> Action allowed

And today, I get another alert on the same file, I allowed and added to trusted, now there are two.

03/01/2011 14:51:59	Modification of: \REGISTRY\USER\S-1-5-21-749254142-602152416-2417861921-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
    By:  F:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe
    Via: C:\Program Files (x86)\Internet Explorer\iexplore.exe
         -> Action allowed

How come it wasn’t excluded?
EDIT: Seems to happen again after a reboot. (I now have 3 entries of pidgin…)

Scott

Presumably you have it set the Behaviour Shield to Ask ?

I have mine set to allow and periodically I check the behaviourshield.txt file and manually add certain files to the trusted processes.

I recently added RocketDock to the trusted processes list as it featured in a couple of days listing in the report file. This morning it failed to load on boot, but a manual start from All Programs, etc. and it loaded. Also another topic relating to rocketdock here, http://forum.avast.com/index.php?topic=68741.0.

So I don’t know if this was just a hiccup or an issue with the trusted processes section in the behaviour shield, but this didn’t happen on the 1st or 2nd with 5.1.864 installed. The only thing that I can think of is that there was recently a VPS update that was meant to fix an issue in the behaviour shield on another process. So did this update effectively zero the previous trusted processes even though they are still displayed in the UI ?

Yes, out of curiosity more than anything else

I have mine set to allow and periodically I check the behaviourshield.txt file and manually add certain files to the trusted processes.

I recently added RocketDock to the trusted processes list as it featured in a couple of days listing in the report file. This morning it failed to load on boot, but a manual start from All Programs, etc. and it loaded. Also another topic relating to rocketdock here, http://forum.avast.com/index.php?topic=68741.0.

So I don’t know if this was just a hiccup or an issue with the trusted processes section in the behaviour shield, but this didn’t happen on the 1st or 2nd with 5.1.864 installed. The only thing that I can think of is that there was recently a VPS update that was meant to fix an issue in the behaviour shield on another process. So did this update effectively zero the previous trusted processes even though they are still displayed in the UI ?

I’m not sure, since it only seems to happen with pidgin…that is the only one in the list that I have that generates more alerts (after a reboot)

Strange yes.

I also don’t know why there there would be multiple entries in the report file for the same item. Thee appears to be two for each occurrence of the same registry key recorded at the same time.