Running 4.8.1216 but happens on the current release too. Vista x86 with SP1.
Example:
When I click on my Start Menu then click on All Programs then just open up an entry and just point to an executable it is scanned by the Standard Resident Shield.
All I have checked off for this shield is to scan executed programs, nothing else. Obviously just placing my cursor over the entry does not execute it IMO.
Could it be that Superfetch is preparing to pre-load the application when you hover over the the menu shortcut?
My understanding of SF is that the loading takes place when Vista is booted up. Could be all the Start Menu programs are preloaded and avast! interprets things incorrectly, ie the program is being executed when pointing the mouse over one of these programs. Just grasping at straws here.
If you place the pointer over an executable in Explorer no scan is done as far as I’ve seen.
What you don’t mention is what sensitivity setting you have the Standard Shield on (Normal is the default) ?
I don’t see any such activity when having a rummage through the All Programs, though a) I’m not using |Vista and b) the standard shield is on Normal sensitivity.
I have a customized standard shield. Just scanning program executes on the first tab. Not even scanning for DLL’s.
This action might well indeed be Vista related.
Actually all I need to do is open the folder in the All Programs list and avast! will scan all the executables. I don’t need to point to anything in the folder.
I also see this with ObjectDock where I have a folder that contains shortcuts to my different programs. It is a drop down menu and it opens slowly the first time I click on it. Avast! is scanning for executables. However it doesn’t always do the scan after the first time.
I use Rocket Dock, again no scanning, so it looks like you might be right on the Vista issue.
Any folder that contains a shortcut gets scanned when you open the folder. It’s got to be Vista related.
Some time ago I’m sure there was something like this where when you opened folders, exe files were opened so the icon could be extracted and displayed in windows explorer, I don’t know if this could be a possible if it is checking/opening the target.
Though this doesn’t happen for me and XP ???
Even if this is the case I am only telling avast! to scan executed programs not ones that are opened. So either way something isn’t kosher.
I checked and it doesn’t work like that for me (no scanning you describe occurs).
So, what exactly are your Standard Shield settings? Scan files on open - disabled, Scan created/modified - disabled?
Do you have any application installed that might “touch” the files you open from the menu (don’t know, some special skinning, themes stuff… or maybe some other resident security application that might trigger the access)?
Standard Shield has everything disabled except for the scan of executed programs and the 3 items under it. I also have the option enabled to show details on performed actions.
I just installed the demo version of 4.8 pro on a vanilla Vista SP1 system I run under VirtualPC. It behaved just like my ‘real’ machine. The target program in folders with shortcuts are being scanned when the folder is opened.
It seems that once a folder is opened and scanned I can open the same folder without it being scanned for a time. Eventually it gets scanned again.
Keep in mind I am running Vista Ultimate x86 with SP1.
It’s a Vista phenomenon.
Following Streetwolf’s initial post I checked the Standard Shield box “Show detailed info on performed action” on a Vista Home Basic SP1 machine to see what happens. As I clicked on each “folder” in the Start Menu, the full path of each of the shortcuts was listed in the pop-up as having been scanned by Standard Shield. XP does not behave this way even if I set the Standard Shield to scan “All Files”.
I check on Vista, just not with SP1… maybe SP1 phenomenon then?
streetwolf,
please download the fixed driver version:
x86 binary: http://public.avast.com/~kurtin/flt_pub1/i386/aswMonFlt.sys
amd64 binary: http://public.avast.com/~kurtin/flt_pub1/amd64/aswMonFlt.sys
please let me know if it helps, thanks for your cooperation 
Tried the x86 version and it did NOT fix the problem. I placed the file in system32/drivers and rebooted.
If you looked at my other post you will see that many types of files are being scanned even though I specified the ones I wanted to be scanned.
How to test if my links are being scanned into Vista 32bits SP1+?
Just click on one of the folders in your Start Menu under All Programs. Just about all of them have shortcuts. Also make sure you set the option in the Standard Shield to ‘show detail on performed action’ so you will see the popup
streetwolf, I don’t have good news for you :-\
I’ve debugged some Vista system libraries and found out, when shortcut files are read, their EXE files are opened with the same method which is used for execution. In general, it’s not even so easy to identify when a process is going to be launch. Standard Shield doesn’t know it; it only assumes the opened file may be used for execution. Unfortunately, Vista opens those .lnk files (and .exe files) with the same flags which are used for execution. Anyway, these EXE files are scanned just once - rescan will only happen if they are changed.
Tested at Vista and Vista SP1 platforms.
PK
Does this mean that the performance impact of any AV’s on-access scan engine will be amplified in propertion to the scanner’s inefficiency by Vista’s inherent “Linkscanner”-like behaviour?