I am constantly being asked by my firewall (Online Armor) that sf.bin wants to run. I check allow and install, but apparently, the program does not want to install. Is this some kind of glitch, or did I do something wrong? ANY help would be appreciated. Thanks
same here, with comodo. sometimes d+ pops up (its in verbose) telling me bout the sf.bin is doing smthng.
it happens sometimes, not every time avast makes updates, so my (not so) wild guess: it’s related 2 the avast vps updates.
any more info on what it exactly does in avast is highly appreciated!
asyn
edit: @qball263: u can allow it, it won’t do any harm.
http://forum.avast.com/index.php?topic=50550.0
http://support.tallemu.com/vbforum/showthread.php?p=117332
http://www.pc1news.com/virus/file-sf-bin-379059.html
many thanx 4 the info, pondus!!
asyn
Thx guys. Read the links Pondus posted and they somewhat helped. Since I know barely enuff to get myself in DEEP trouble, how do I keep OA from popping up this request?
permanently allow it or exclude it in oa, if possible.
Hiya
I am having some worrying issues with the Sf.bin binary as well. A couple of days back ZA notified me that Sf.bin wanted access to Internet (239.255.255.250) and I have tried to raise that with Alwil but no response yet. I tried to create a MD5 checksum (according to Pondus posting) with a MD5 Hash toll in it failed this validation, but the tool itself is a bit flaky…
Avast free 5.0.462 and 100403-0
Vista Home Premium SP2
Any suggestions?
That’s what whois says on 239.255.255.250…
No whois server is known for this kind of object.
Sorry, have no more to add.
asyn
Yeah, what I’m asking here is it expected behaviour for Sf.bin to try to connect to Internet?
That is the “Simple Service Discovery Protocol (SSDP)” via UDP on port 1900 searching the network for Universal-P&P-devices. Doesn’t have anything to do with Avast IMHO. Disable Universal Plug and Play, and it will stop.
8)
Ok, but ZA explicitly said that Sf.bin tried to connect to that address…
Oh, I see. Has something to do with code emulation… and yes, it is in the vps updates.
I guess it is ok to connect, but I don’t know why it does so and what happens there.
Need a dev to explain, I suppose.
ok thanks the quest goes on… anyone?
Same problem with Outpost firewall. Keeps asking for permission to allow sf.bin to run. I keep trying to permanently allow it but no luck.
I note that this thread is about a month old and that four different firewalls are reporting that sf.bin keeps wanting to run. Permanently allowing it to do so does not seem to work for me on Outpost firewall. Can this not be resolved somehow?
PLEASE it is the file that have the cache info for files not related to services or anything else"avast related"
ask igor or vlk or just run a scan and see how it will pop up an alert
http://blog.avast.com/2010/04/25/how-to-make-the-full-system-scan-6x-faster-in-10-days/
I’m sorry to say that I actually switched product for this reason. I have posted this as a support ticket as well without any response in the same time.
Well, I don’t see what we can do about it.
Sf.bin is part of avast! antivirus engine… and it’s executed e.g. when a suspicious file is detected (to perform some emulation).
If Outpost, or any other products, are unable to obey the rules you set for them… that certainly should be fixed by their makers. I guess it might be slightly tricky to set such a rule (the folder of the virus database keeps changing, and the file itself changes as well) - but still, there’s nothing to do on our side.
I posted a query if this was expected behaviour - that Sf.bin wants access to Internet - and now finally I had a reply. Thanks.
Well, what I’m saying is that executing Sf.bin is normal, the content of Sf.bin changing often (thus making it harder to create a rule for a 3rd party HIPS) is also normal.
Sf.bin connecting to Internet… is not, as far as I know.