Yesterday Avast has shown me a pop-up saying an application tried to make an improper connection or connect to an illegal address or something of the sort, an illegal network activity.
Well, the scarry part is that the app that tried to do this is VirtualBox, which I use as the ultimate sandbox for web browsing. (And I’m pretty sure it wasn’t VB update.)
Unfortunatelly, I’ve closed that warning pop-up at that time and now I’d like to investigate it further. So my question is:
Where do I find a log of warning pop-ups / threat messages?
I’ve tried the “Show report file” button in all of the Real-Time Shields tabs, but it shows only some generic, unuseful stuff that looks like timestamps of periodic scans.
What I need is at least the path of the app that did the threatening connection (to make sure it was VirtualBox) and the address it tried to access.
If you right click on the Avast tool bar on the bottom of your screen, you will see “Show last pop up message.” However I believe this needs to be done prior to rebooting your machine for this to work…but you can try.
Yes, I’ve found that too, but it is of no use to me right now, as I’ve already received a number of messages since that event (mostly about the virus db being updated). And yes, I did reboot since.
So what I need is a log of those pop-up messages. It would be really unprofessional if Avast didn’t keep track of threats appearing in the system.
Hi axure, i think it might be in program data/ alwil/avast5/reports, but these could be just the startup of each shield, not sure if it record’s blocking action’s.
No, that’s what I’ve already seen in “Show report file” under R-T Shield tabs.
But you’ve put me on the right course. Except, I have to note that I didn’t find it under my user account name (in Documents and Settings), but under All Users. The final destination is the “log” folder and in the nshield.log I’ve found the threat message I’ve been looking for:
`05.09.2010 01:27:14 Network Shield: blocked access to malicious site [ C:\PROGRA~1\Oracle\VIRTUA~1\VirtualBox.exe ( 5440 ) ]`
Also, I no longer think that VirtualBox leaked any kind of threat to the host OS. It’s simply that a browser contained in VB tried to connect to a malicious website and thus VB itself tried to reach it as it serves as an intermediary between the virtual machine and the networking on the host.
Glad to have helped some, you must be on xp are you as me being on windows 7 and i dont have all user’s file so there are a few differences between versions.