SafeBrowser.txt in Avast report folder

Hello, I just updated Avast Free Antivirus and it is currently:
Program version 24.7.6124 (build 24.7.9311.856). I’m using Windows 11 Home.

I noticed that there’s a new text file in the report folder, named SafeBrowser.txt, which only appeared after the update
I only have File Shield, Behavior Shield, Web Shield, Mail Shield, and Ransomware Shield installed. No browser extension or secure browser.

Inside the text file, it states “Avast Real-time Shield Scan Report This file is generated automatically” along with the usual started on and shield stopped timestamps.

Any idea what this is? There’s no mention of it in the notes for the latest release.

Also, the digital certificate signer for the AvastUI.exe process seems to have changed to “Sectigo Public Time Stamping Signer R35”.

Cheers

Bumping this thread. I just noticed this file myself when I was in the same folder in ProgramData. Looks like my report file started on July 30, 2024. I also don’t have the Secure Browser installed nor can I find any “Safe Browser” shield settings on Avast. Based on the log this shield seems to be turning off and on with any restart like any of the other shields.

Some insight would be very appreciated.

If the Secure Browser was installed, it would perform some scanning (of the downloaded stuff) via the Avast AV. That’s nothing new, that feature has been there for a long time, just recently it was split into a separate shield with a separate report file (not completely sure where the detected files would have appeared before, probably in File Shield report).
If the Secure Browser is not installed, it doesn’t do anything.

I have never used the Avast Secure Browser and its still there.

Basically because I don’t like Chrome and ergo Chromium based browsers.

This SafeBrowser.txt is also a recently arrived report file see attached image, the creation date was 26-07-2024 and last modified 23-9-2024. I certainly didn’t have the Avast Safe Browser installed then or previously. So it is likely to have been created after a recent program update.

Ok so then what is the ‘SafeBrowser’ shield and why is there a log for it on our computers?

As I tried to explain, it’s something that’s just waiting for a call from Safe Browser, asking to scan a downloaded file for malware.
If the Safe Browser isn’t there, the call never arrives and it doesn’t do anything (except for the initial logging that it’s starting to listen).

I have this file too, and I also have never installed or used the Safe Browser.

What is this ‘something’ you speak of? Please elaborate. Because it seems like a shield we have no control over, and I don’t like that idea.

Practically speaking, it is just a useless log of how long my PC has been on every day. Is there a maximum size before it starts overwriting itself or does it just keep growing?

I’m honestly not sure how else I should be describing it.
Yes, it’s a “shield” - whose only purpose is to wait for requests from Secure Browser and scan files on its behalf (so, if you don’t have Secure Browser installed, it won’t do anything). As I mentioned, that feature has been there for a long time - only now it’s become a tiny bit separated to avoid weird conditions in code.

As for the size of the report file - I’m honestly not sure but personally I don’t think the report files are overwritten. However, have you ever had problems with the sizes of the other report files? I mean, if I’m counting it correctly - if you rebooted (i.e. not put the computer to sleep or hibernated) regularly every day, you get 100KB in a year, 1MB in 10 years… that’s negligible, compared to the other reports, logs and other files. Plus the separation is a new thing, maybe the report file gets disabled completely in the future.

Well, for the shields that have an accessible settings menu in the Avast GUI, I can disable ‘Generate report file’ if I so please. For Virus Scans I have actually done so, because those logs get pretty big otherwise.

I agree that the log file size won’t be an issue, especially if Safe Browser is not installed, but I still think it’s not ideal that there are components of Avast running that really don’t need to be because they are ancillary to other optional components. Effectively the part that is waiting for input from Safe Browser is just sitting there eating system memory, doing nothing ever. In that case it should not even be running. It seems a weird design choice.

No, it doesn’t work like that. It’s just a potential code path through the program with a specific “ID” saying “Safe Browser” (the code is already there, used by other shields for their scanning)… i.e. it doesn’t “sit there eating memory”.

That’s good to hear.

But if we don’t have a Safe Browser/Secure Browser (are the two names interchangeable?) installed, a report file shouldn’t be generating. Simple as. The fact that this didn’t start until July, likely with whatever program update came during that month, for the people who have noticed it, suggests that something changed. Why is this happening now but wasn’t happening before? What did Avast change on their end?

Does it do this with other shields? If I didn’t have, say, the Ransomware Shield installed, would a Ransomware Shield report file still be generating?

It is what is commonly called a ‘Place Holder’, it is ready for use should you have the Avast Safe Browser installed.

a symbol used in a logical or mathematical expression to represent another term or quantity that is not yet specified but may occupy that place later

I mentioned that before - “only now it’s become a tiny bit separated to avoid weird conditions in code”. There was some refactoring to make the underlying code simpler, easier to read/understand - and subsequently less error-prone and easier to expand in the future.

Actually, that’s something we’re doing all the time - making the code more reliable, efficient, ready for new features (possibly planned long into the future), plus of course there are changes related to the ecosystem (changes in recent malware, changes in new OSes). When I see the change log for a new version (which often doesn’t have too many new features), I’m wondering… whoever reads this, they must be thinking we’re just sitting here doing (almost) nothing. Truth is that every new version includes a lot of changes in the source code… just that it’s not something you can see in the program UI, or even something you can really describe (unless you want to put some generic “a lot of code improvements” in every version).

Most likely not - but Ransomware Shield is a bigger feature that you can configure in the UI, you can stop it etc. Sure, we could do the same even for this shield - but I don’t think it would make sense, neither from the user experience point of view (most users - and most users don’t really check the report folder :wink: - would be confused what the new shield is), nor from the efficiency point of view (code to handle all that would be bigger than the feature it’s controlling).

Ok fair enough.

Something like this really should be announced and explained, particularly if it’s a deliberate change. Otherwise it causes confusion and panic amongst people.