At the moment all I have running is the standard shield. I am only scanning executables. Why then does Avast scan such files as .ico, .db, and index.dat to name a few? The .ico are a few favicons in my TIF. The db files are in my AppData. As far as I know these are not executables? I put them on the exclude list to no avail.
You can reduce the protection (and increase performance) a little by disabling the open/created/modified files to be scanned into the Standard Shield settings.
That’s the thing, I am not using any open/modify/creation resident scanning. Strictly executable resident scanning. Yet It scans non executable files. I don’t think it’s all non executables, maybe just particular system stuff like index.dat. I even see it scanning jpegs.
Another ‘weird’ occurrence is that I use Stardock’s objectdock as my program launcher and I have an icon that contains shortcuts to my favorite programs. When I click on the icon the real program executables get scanned when the list of programs appears on a drop down menu. The programs are not being executed at this time. What’s up with this?
Sure seems that even though I do not have anything enabled except executables opens/modifies/creations are being scanned in some cases.
Here’s some files that get scanned. They tend to happen as i exit an application. In this case it was IE7.
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat [+] is OK
C:\Users\Streetwolf\AppData\Roaming\Microsoft\Windows\Cookies\index.dat [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Feeds Cache\index.dat [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008062320080624\index.dat [+] is OK
I get all kinds of files scanned. I did manage to place a few on the exclude list and they do work.
Here are some more files being scanned by the resident scanner:
C:\Windows\System32\catroot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb [+] is OK
C:\Windows\System32\catroot2{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb [+] is OK
C:\Windows\Prefetch\AgAppLaunch.db [+] is OK
C:\Windows\System32\wbem\repository\INDEX.BTR [+] is OK
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx [+] is OK
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx [+] is OK
C:\Windows\System32\wbem\repository\OBJECTS.DATA [+] is OK
C:\Windows\System32\wbem\repository\MAPPING1.MAP [+] is OK
C:\Windows\System32\wbem\repository\MAPPING2.MAP [+] is OK
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx [+] is OK
C:\Windows\System32\winevt\Logs\Security.evtx [+] is OK
C:\Windows\System32\winevt\Logs\System.evtx [+] is OK
C:\Windows\System32\winevt\Logs\Antivirus.evtx [+] is OK
C:\Windows\System32\winevt\Logs\Application.evtx [+] is OK
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx [+] is OK
C:\Windows\System32\winevt\Logs\OSession.evtx [+] is OK
C:\ProgramData\Ad Muncher\Registration.dat [+] is OK
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LDMOTB\weather_data_v2b[1].xml [+] is OK
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx [+] is OK
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore [+] is OK
C:\Users\Streetwolf\AppData\Local\Temp\ppcrlui_3212_2 [+] is OK
C:\Users\Streetwolf\AppData\Roaming\Microsoft\Protect\CREDHIST [+] is OK
C:\Users\Streetwolf\AppData\Local\Temp\Streetwolf.bmp [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db [+] is OK
C:\Users\Streetwolf\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db [+] is OK
You’re right, this is indeed reproducible here… We’ll find out what the problem is, and fix it in the next program update.
BTW I think it will be related to the new scanning mode introduced recently which takes care of scanning of “orphaned” memory-mapped files on close.