ANNOYANCE; Sf.bin from Avast! keeps getting notifications.

See here for what it does.

Every time I run Playonline/FFXI, I keep getting a notice on that file, and I keep allowing it. It is getting very annoying. I don’t know how to exclude a directory (if anyone can tell me how, appreciated. It pops up in diff sub-directory every time, but always from the avast folder) but can you guys fix it so it’s trusted/ignored? thanks. I’m running Avast! 5.0.462 as well as comodo firewall, version 4.0. I will be glad to find it on my computer so I can send you a sample if needed.

I’m also getting these sf.bin popups from defence+ every day it’s really annoying, I’ve tried to exclude avast.setup but nothing seems to work.

Same situation here.

SF.bin is an executable related to Avast5’s behavior monitor (heuristics) and is downloaded anew with each definitions update. It’s in the Alwil Software\Avast5\defs\10???\ folder where 10??? is the date code for the update.

I have found no way to move SF.bin in a general way (wildcards, etc) to My Safe Files. Given no expert feedback by anyone in this forum likely means there is no solution to this problem.

If you are running a 32 bit version of Windows and tired of dealing with CIS’s quirks, may I suggest Online Armor Free This is the choice I made for my old XP SP3 system. As for my newer XP x64 system, I’m kind of stuck with CIS 3.14 as OA is 32 bit only. You will find OA is easy to install and configure. Simply tell OA to ignore the offending folder and the problem disappears.

lebob: To move avast.setup to My Safe Files, switch D+ to clean mode and wait for Avast5 to update. Locate avast.setup in My Pending Files and use the Move To button to move the file. This, however, will not solve the problem with SF.bin.

It seems like you can’t use wildcards for My Safe Files, but you can however use wildcards in Defense+. Open CIS and go to Defense+AdvancedComputer Security Policy and select Add…SelectBrowse… Find sf.bin (from what ces5077 said, it should be in Program Files\Alwil Software\Avast5\defs\date:clubs:). Once you’ve added it, change the Application Path to C:\Program Files\Alwil Software\Avast5\defs*\sf.bin (the path C:\Program Files might be something else). The easiest thing is to set it as a trusted application, but you can of course have everything set to ask, and only allow it to interact with the executable for Final Fantasy XI. If there are other occurrences of sf.bin in Computer Security Policy (other than the one you just created), delete them. Make sure to disable all protection settings for the Final Fantasy XI-executable, or else you’ll have to add the path C:\Program Files\Alwil Software\Avast5\defs*\sf.bin as an exception for each protection mechanism (memory access, hooking, termination and messages).

:clubs: Date is any date (e.g. 100408 would be today)

Thanks Ragwing,

That’s a trick I missed. Now, let’s hope it gets the job done.

Do you think the devs will ever make this software self-consistent throughout?

THANK YOU! Now I can use my computer (and game) in peace. If I see any other files from Avast that keep doing that, I’ll do the same just to shut it up.

I hope Comodo can fix this little annoyance in a definition update sooner or later though. ^^

[Edit] that didn’t quite get it but I put in this custom filter by this method. I just backspaced off sf.bin too, then added a wildcard. Let’s see if that helps!

[Second edit] Third time I’ve brought up POL today and…NOTHING :slight_smile: No more sf.bin notifications. If you want to do what I did; first find sf.bin like how the mod said, then click in the url part of the form, backspace it off until it’s just C:\Program Files\Alwil Software\Avast5, then just change it to C:\Program Files\Alwil Software\Avast5* . No more sf.bin notices. Hopefully that fixed it for good. knocks on wood Oh and make sure you hit Save Changes on both or it will not take effect. Duh, but I found that out the hard way.

Not working for me. I tried adding C:\Program Files\Alwil Software\Avast5\defs*\sf.bin but no joy then tried C:\Program Files\Alwil Software\Avast5* but still I get the popups every time I open NewsLeecher.

The actual message is AvastSvc.exe is trying to execute sf.bin. Is there anything else I can try as this is driving me mad.
thanks to those who replied.

When you get the alert that it is executing sfi.bin allow it and set it to remember the answer.

I do allow it and set it to remember the answer but I still get the popup every time I start the program.

Still a problem here also.

I get a notification when I open jv16 Power Tools. After allowing, all is well until the next Avast5 update.

The funny thing here is that this just started within the last week or so despite upgrading to Avast5 sometime last January.

Too bad CIS has no exclusion function like OA Free

Please check Ragwing’s instructions in the above.

Been there, done that!

ces5077 I don’t know if it will work for you but I seem to have stopped the sf.bin alerts by excluding the program triggering the alert (newsleecher in my case) from Avasts file system shield.
I went to expert settings then Exclusions and added newsleecher and set it to only exclude on Execute.
hope this helps.

I think I may have found a way around this…
The issue here is with SF.bin, however the alerts show that AvastSvc.exe is trying to run SF.bin…
So what I did was to go to Computer Security Policy and edit the Custom Policy of AvastSvc.exe, go to Access Rights, then Modify the Run an Executable and add the path C:\Program Files\Alwil Software\Avast5\defs*\Sf.bin. Then click apply to everything…
So far it seems ok…

I’d been putting up with this annoyance and was fully prepared to continue to do so until some registry snooping revealed Comodo was bloating said registry with an entry for every rule I created. That included dozens of entries for sf.bin alone.


Here’s my solution:

And a mighty fine one it is too.

Thanks to tolis14 and OverandOut, I can confirm the efficacy of both solutions.

I’ve moved to OA Free on my 32 bit XP machine and used tolis14’s fix on my 64 bit XP machine. Quite unexpectedly, the tolis14 fix also put an end to the registry bloat problem alluded to by OverandOut.

Too bad OA only supports 32 bit at present; I’d go straight OA if only I could.

I’m getting the sf.bin thing too whenever I start Fallout 3.

I’m a little puzzled as to why this is stored in the registry. ??? I wonder if that has anything to do with my computer booting so slowly lately. I’ve ran MBAM and HijackThis and my machine is clean, so something other than malware is causing my slow booting. I found the registry entries at:
HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy*

Does uninstalling Comodo (v3.14) clear up the registry bloat? If it does, I’d be tempted to uninstall Comodo and see if my machine boots any faster. Anyone recommend a good free registry cleaner that lets you review changes before they are made and gives the option to reverse changes?

hi.i think the best solution to all of those problems would be to totally uninstall avast5 and use the excellent anti-virus that comes with CIS!!!there problem solved. :-La

hi. i thought this was a comodo forum not online armor!!people should not come in here and advocate other prograns.!! :P0l

lebob’s advice works like a champ. My offending app was ThumbsPlus4:

“I seem to have stopped the sf.bin alerts by excluding the program triggering the alert (newsleecher in my case) from Avasts file system shield.
I went to expert settings then Exclusions and added newsleecher and set it to only exclude on Execute.
hope this helps.”