Anyone knows what Avast is scanning at startup on a non-system hard drive?

Every time I boot up my PC, Avast is scanning something for about 10 minutes. I have M.2 SSD where my system is and all installed programs and HDD for my files. I hear and see lots of activity after startup on the HDD done by Avast and I can’t tell why it happens and how to fix that.

Looks like it isn’t Boot-Time scan. That setting is for scanning before the system boots up, right? Anyways, changing that setting doesn’t do anything.

Hi,

You can check the Scan History (Open AV >Protection > Virus Scans > Scan History)
Also, have a look at the Boot-Time scan settings (Open AV >Protection > Virus Scans > Boot-Time Scan > Settings [cogwheel icon] > under Boot-Time tab look at scanned areas )

https://support.avast.com/en-ww/article/Antivirus-Boot-time-Scan/
https://support.avast.com/en-ww/article/Antivirus-scan-settings/

Hi,

Nothing in the history about that, only other scans are showing up - those that I run myself or are scheduled.
Boot scan is for a before system loads, mine problem is about something that happens after system boots up. Besides I had all drives checked and few days ago changed it to just system drive, but nothing has changed.

Hi,

Since there is nothing indicating this 10-minute scan in the history, could you clarify how you came to the conclusion that it is definitely Avast scanning your HDD?
(perhaps a screenshot might help)

I can see it in Task Manager.

I can’t reboot now to make a screenshot, but when I will reboot Ill post the screenshot here as well as from resource manager.

Ok, here are some screenshots.

From resource manager I can see that it scans just exe files. Most of them are program installers (one of them is Avast Free offline installer).

Hi Martin00,
may I ask you to capture procmon boot log and send it to avast ftp server for analysis ?
You can download procmon from https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

1. Start procmon as admin for go to menu Options → Enabled boot logging
2. Restart PC
3. Start procmon again - it will ask you where to save the boot log.
4. Zip the boot log as Martin00_7_2020.zip and upload it to avast ftp (https://support.avast.com/en-eu/article/FTP-file-upload)

Thanks for help

Looks like it does that once a day. I forgot to run the procmon yesterday, so I guess I will have to wait till tomorrow.

Anyways I cannot connect to the FTP. I have:

Could not retrieve directory listing
Error listing directory '/incoming'.

Note in FAQ
NOTE:
Only upload files that have been requested by Support representatives.
Notify us when you upload files to the server.
You cannot see any content on the server, even files you upload.

Well, You cannot connect with WinSCP without reading remote directory.

Timeout detected. (control connection)
Could not retrieve directory listing
Error listing directory '/'.

I used to use the free Cute FTP to upload some time ago and no problem there with anonymous FTP uploads.

At a stretch I think you can also use Windows File Explorer.
https://www.howtogeek.com/272176/how-to-connect-to-ftp-servers-in-windows-without-extra-software/

Ok, I have just uploaded the zip (used Total Commander) @kwiq.

btw, I can still see the directories on that FTP…

Hi Martin00,

Avasts real time component scans a lot of exe files from e: disk. It is strange because none of these exe files were running as processes. It seems that CompatTelRunner.exe service touches those exe files which causes its scan.

Please try to disable this service :
https://recoverit.wondershare.com/partition-tips/compatibility-telemetry-high-cpu-usage.html?gclid=EAIaIQobChMI-NT2grm96gIVjamyCh0PQwBvEAAYASAAEgKGUfD_BwE

I dont know how much compatible is IObit Malware Fighter with Avast but I would encourage you to have only one active AV in you pc.

Let me know if any of these 2 suggestions helped you.
Have a nice day !

I wouldn’t call IObit Malware Fighter an antivirus, but I use it for couple years now with Avast and never really had a problem with them effecting each other.

I have disabled telemetry through GPO and registry. I will let you know in about 2 days if everything is alright.

Thank you.

Looks like disabling telemetry has no effect in this case…

The distinction between malware and virus is very much blurred, true viruses are not so common. Avast covers both malware and viruses, etc.

Even so if there were a distinction, both are active (on-access scanners), their scanners/drivers could come into conflict.

The fact you haven’t had a problem that you won’t, especially as programs change and develop.