I fired up the Avast AV GUI and went to the SCAN COMPUTER tab, Scan Now subtab. I tried to square off what I saw with what I found in “c:/Documents and Settings/All Users/Application Data/Alwil Software/Avast5/log”. I’m having a hard time seeing the relationship. In the GUI, all the entries are several weeks old. On the other hand, in the above log directory,
I also noticed that aswAr.log says:
avast! Antirootkit, version 1.0
Scan started: Saturday, February 26, 2011 3:14:18 PM
The specified date/time matches the timestamp of the file, but I didn’t initiate a scan at that time today (I was away). I’m not aware of a scheduled scan of any kind set up at that time (I have a quick scan Windows Scheduled Task for some time in the night).
The file aswAr1.log has similar content, but it specifies a date/time that matches its own file timestamp. All the other files contain either binary data, are empty, or are just plain indecipherable to me.
Could someone please enlighten me on:
why the difference between the log file dates/time in the GUI versus the external directory above?
how a scan could be logged when there is nothing to initiate it?
You can’t square a circle, these files have nothing to do with your standard scans, they are in the c:/Documents and Settings/All Users/Application Data/Alwil Software/Avast5/report folder. The quick scan.txt and Full system scan.txt files being the most relevant.
Don’t fall into the trap of trying to over analyse anything, these .log files are more for debugging/fault finding. So if you aren’t having any problems these .log files will be of little use rto a user more for the developers.
The anti-rootkit scan is an integral part of avast, starts 8 minutes after boot and on on-demand scans, to varying degrees of sensitivity.
Thanks for setting me straight on the distinction of the log files versus the text file reports. Funny, my “report” folder doesn’t contain a “quick scan.txt” nor a “full system scan.txt”. Here is what it contains:
The whole reason why I’m looking at logs is not so much to troubleshoot Avast as it is to confirm that my scheduled scan ran as expected. I want to rule out an improperly set up Scheduled task. I know that a scheduled task can appear to have run at the scheduled time, but errors can occur as a result of how the tasks’s command is formulated, causing it not to run as expected. The fact that neither “quick scan.txt” nor “full system scan.txt” exists gives me cause to look into this possibility further.
Someone advised me to set up scheduled scans using the Avast AV GUI, but I want to get to that incremental steps. For several weeks now, I have had a Windows Scheduled Task to launch an AshQuick.exe scan, seemingly successfully according to the Scheduled Task folder. I thought it would be prudent to first confirm that this is working by checking the log files, then change-over to the advised method of using the Avast AV GUI to schedule scans. I would confirm the proper operation of the change-over by comparing log files before and after the change-over. From what I learned today, it would be the log files in the “report” folder that I’d be comparing. Based on the missing files, it looks like my schedules scans aren’t working even before the change-over.
Everything is timestamped shortly after 3pm 26 Feb 2011 when I was out, just as the anti-rootkit log file is in the “log” folder. I’m not sure why this would be, since I wasn’t even in at that time. The computer should have been on Standby.
It will only contain it if a) you have set the create report file and b)_ have actually run the scan at least once.
The avast scheduled scan built into the program doesn’t use the regular scheduled tasks so you won’t see an entry there to run it.
So using ashQuick.exe is a pointless exercise (as the old free avast version used to have to do) when the built in one does work even in the free version, but you have to have set up the internal scheduled scan settings.
I can’t comment on the apparent inaccuracies of the windows task scheduler.
Yeah, I was thinking the same about bypassing the step to make ashQuick run properly from Windows Scheduled Task. The command behaviour is not documented in the help, and the command line parameters are not even documented for generating a report, so it might be running fine. The command line parameters are documented for ashCmd.exe, which is only available for the Pro version.
Thanks for the screens snapshots of how to set the report generation options from the GUI…
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Leave avast files as they are, firstly the self-defence module should seek to protect them, if you disable that the removal of a file could have an adverse impact on avast. That file isn’t one that the user should interfere with.
Why would you do such things like messing with the logs manually? There’s already a setting to limit the logs size if space is your concern. Also you can set how long should be scan logs kept.