I’m running the latest version of Avast Premiere (11.1.2245) with the latest virus definitions.
Periodically, I get a pop-up complaining about a file in a directory that really shouldn’t be in use - it’s on a backup drive, in a “windows.old” directory, pointing to an old cache for IE. This is starting to sound like a bad Douglas Adams book.
Here’s the pop-up:
http://i67.tinypic.com/9knlhc.jpg
Now, I can hover over the truncated item, and view the HUGE path, but I cannot copy and paste the path. Also, the pop-up goes away after a certain period of time, which is probably good in normal situations but right now, it’d be nice to have it up, seeing as I brought it up manually. In fact, if a pop-up appears, I should be able to click it, to bring up more detail - detail I can copy and paste. If I manually bring up a pop-up, it should STAY up until I dismiss it.
My question is this: where is this information kept? I see a PID (9900) which is not currently running on my system. I don’t have a process name, and I see “Infection: HTML:iframe-inf”. The object, as mentioned before, is a deep link into a backup directory. I’m not sure why any process would be in there. My last backup happened at 0100 today, and completed a few minutes later.
I’ve gone through MANY other posts, describing where to find logs and reports, and I am unable to locate this information. I’d expect, as a command-line guy, to be able to find ALL of this information in a report, or a log, or somewhere. I want this information easily accessible, just in case I need to do a deep dive into a filesystem. Clicking “Report the file as a false positive” is stupid, if I don’t know whether or not it’s an active threat. Also, if I could copy and paste the path, I could easily go to that directory, see that it’s all old junk, and delete several paths back. Done.
Here are the places I’ve checked for this information:
C:\ProgramData\AVAST Software\Avast\log
C:\ProgramData\AVAST Software\Avast\report
Also, Avast should have a button in each pop-up that brings me DIRECTLY to this information. Like a “view in log” button or something. Or there should be a log/history within the application (which I haven’t been able to locate).
A lot of the interface is dumbed-down over the past few iterations, which makes it more challenging for folks who want to do forensics and after action reports.
Anyway…thoughts?