I’ve got Avast 5 Free setup and it is working great.

But, due to the way in which it was installed and some things I did, I don’t trust the content in the persistent cache. Now that I understand the various settings, I want to clear the persistent cache so that I can have Avast scan and populate the consistent cache from scratch.

I haven’t seen any information about how to clear or reset it and I don’t know where it is stored, so the only thing I can think of would be to completely uninstall Avast 5, clean everything up and then reinstall it.

Does anyone know how to clear the persistent cache or where it is stored on a Windows XP 32bit machine?

Thanks.

What is it that you don’t trust about it ?
I don’t believe you have any say in the way it was installed as there aren’t any used set options on the install so it should have been setup (but not directly populated, as scans are carried out) normally during installation.

Use persistent caching - if persistent caching is used, the information about the scanned file is stored in the permanent memory. This means it is not lost after a system restart and it is also not affected by virus definition updates. Consequently, persistent caching is suitable only for files which are guaranteed not to contain any virus infection e.g. operating system files, files signed by trusted publishers, or other files covered by the avast! whitelist. This box is checked by default; if you want all files to be scanned regardless of their trust status, this box should be unchecked.

So given the above information unchecking the option doesn’t seem such a good idea and there doesn’t appear to be a clear cache option either. So if you really want to clear it that may take a reinstall.

I had the detection level set low and add to persistent cache on.

My concern is that stuff was placed in the persistent cache due to low setting that would not have been put there on the higher settings I am now using.

I’ll bet that if I could figure out where the persistent cache is stored, I could delete it and Avast would re-create it from scratch. If not, nothing lost since I’d just do the reinstall.

You don’t have any control over persistent cache and you don’t need any. Only control that you have is storing the data intoo it when doing a full scan. It’s designed in a way that you CANNOT store anything untrusty into it. Stuff that is 100% trusted is stored there based on whitelist that is maintained through VPS updates. If the file is not listed in the persistent cache, it is scanned the regular way and stored only in transient cache where security measures are more strict and the caching is only temporar till the file changes or there is new VPS installed.

Bottom line, forget about the caching, because you don’t have to worry about it. It’s designed in a way that you don’t have too worry about it and that it’s secure no matter what.

in case you really want to get rid of it and get avast to generate a new one (persistence cache), just turn off Avast self protection module (in main settings), and if that’s not enough disable (temporarily) Avast services from Computer management/services… and then delete the files found here:
C:\ProgramData\Alwil Software\Avast5 … these are the files starting with deb, and an “dat” extension. Then turn everything back on

Don’t know where you get the files starting deb and are .dat files as there are no such files on my system, much less in the avast5 folder. I don’t have hidden folders, etc.

you’re on XP, it’s under the alwil folder in all users

Oh no it isn’t, I checked there and my complete c:\drive

I have files beginning db*.dat, so if yours begin with deb*.dat then the start of the file name differs from OS to OS also ?

The persistent cache is indeed stored in the db*.dat files (there’s one file per volume).
Typically, they shouldn’t be bigger than a few hundred KBs.

Thanks
Vlk

oh come on, you found those, so there’s a big chance I mistyped “db” and wrote “deb” instead no ? and there’s also a big chance that the files I’m talking about are the files you found ;D (hey, I gave the extension as well )

Well, let’s imagine that some guys developed a virus which is named as “trusty file”, have same size that “trusty file” and placed into same location as “trusty file”. So, the Avast! wouldn’t check it at all? What are the principles of “trusting”?

Just because it has the same name, size and in the same location, doesn’t mean it will be trusted.

So, what’s the other differences? Contents of a file? Well, the Avast! must check contents in this case, and this would be a scan.

Consider date created, date modified, and the checksum of the file. All these should be considered to check if the file has been modified. If any of these have changed, then the contents of the file would be scanned.

Those system files with digital signatures are another area, you can have a file with the same name and location, but if it isn’t the original or it has been modified the digital signature would either not be present or fail checking.

Obviously avast aren’t going to tell all the measures relating to the use of the persistent cache, especially on a public forum or people could try to circumvent those measures.

Digital signature.
Quick checksum of the file into the whitelist.

So when Avast is doing active scans of files being used, does it compare Windows trusted files all the time? I mean, without some sort of check, how does it know that the file hasn’t changed compared to whats in the whitelist. How much quicker is this check than if that file was to be scanned?

That would depend on exactly what check is made compared to how long it would take to scan the file, and in turn how big the file is.

Well, exactly what check needs to be done to a file to see if it has changed. That check.

Thanks for your answer. It seems Avast! to be the fastest antivir now.