What is sf.bin file?

Hello, since upgrade to version 5.0.889, sf.bin file from avast is very often detected by comodo D+ and anti-exe from faronics? What is sf.bin file and whether it’s function in avast?

quote DavidR

The SF.bin is the code emulation part of the avast and is downloaded or updated on virus definitions updates.

Thank you very much guys.

1 There is an absolutely wonderful freebee named Process Explorer which puts Windows Task Manager to shame for the comprehensive information it provides. Download Version 14.01 of the app from:
http://technet.microsoft.com/en-us/sysinternals/bb896653

2 99% of the time sf.bin is triggered by a specific .exe app being executed. Avast sees the app as a threat and issues an sf.bin, which Comodo and other firewalls respond to with their own warnings. Most of the time this sequence is triggered by a completely benign and trusted .exe being executed which most likely is designed as a Packed Image. Malware, including viruses, spyware, and adware is often stored in a Packed Image encrypted form on disk in order to attempt to hide the code it contains from antispyware and antivirus, hence the reason for the Avast sf.bin alert, EVEN THOUGH the .exe may be COMPLETELY BENIGN.

3 Process Explorer will show you the moment Avast issues the sf.bin process, it’s source app trigger, and when the source app is running, whether or not it is in Packed Image format.

4 The simple trick here is to PREVENT the sf.bin from being triggered in the first place using lebob’s elegant, simple solution – After identifying the app triggering the sf.bin in Avast –

5 Open Avast’s Real Time Shields > FILE SYSTEM SHIELD TAB, and click on the EXPERT SETTINGS button; select the EXCLUSIONS option; click the ADD button; browse to the target app .exe pathname; CHECK the X field to EXCLUDE SCAN ON EXECUTION; click OK and you’re done. No more sf.bin appearances.

And no more protection should that file become infected as limited as that risk might be, there is still a risk.

Thanks, now I understand what’s going on.
However, I’m using Zonealarm, and eventually I
end up with a large number of sf.bin files in
my alerts log. Can I safely delete all but the
latest alerts without any danger?

Hi, I somehow fixed Sf.bin continually popping out in the in Windows Task Manager Processes Tab, making your computer Super Slow. This Fix works with Avast! PRO Antivirus.

Disable the Avast! Shields Control, select Disable until computer is restarted this will make your computer speed back to normal. Then go to Control Panel, Add-Remove programs, select Avast! PRO Antivirus, Click Change\Remove. When the Avast! Setup Screen Appears go to Repair and click Next, wait until the repairing process is finished, then restart your computer, this will help Fix the Sf.bin.