Defense+ keeps asking the same question on AV process

Jabbit · February 23, 2011, 9:39pm

Hello,
I’m Using Comodo CIS (but without the antivirus), and for AV I use Avast.

   The problem is every now and then, Defense+ says AvastSvc.exe (safe signed app, part of Avast) is trying to run Sf.bin (which is part of Avast too), and ask me what to do. I tell it to allow it, and to remember my answer, but latter, it asks the same again.

   Finally, I told Defense+ it is a Windows System app, but I'm not sure if that was the right answer.

   As far as I know, Sf.bin is a component of Avast used for some kind of virtualization (but I don't really know how does it work).

   Best Regards

Boris_3 · February 23, 2011, 10:39pm

Hi Jabbit,

if you still receive popups for sf.bin, try predefined policy installer/updater.

Boris

Jabbit · February 25, 2011, 10:12pm

It seems it was solved after I maked it as Windows System App. Still, it is strange Defense+ didn’t remember my “allow” answer.

Boris_3 · February 26, 2011, 8:11am

I think something is changed in sf.bin each time avast updates the virus database so for Def+ it is a new application.

Valentinchen · February 26, 2011, 10:01am

Hey and warm welcome to comodo forums Jabbit!

I sugget you add the complete avast folder here CIS —> Defense+ —> Defense+ Settings —> Execution control Settings —> Detect shellcode injections (i.e. Buffer overflow protection) —> Exclusions —> Add —> Browse…

Tell me if this helps

Regards,
Valentin N

Jabbit · February 27, 2011, 1:23am

I was thinking maybe each time Def+ updates “forgets” sf.bin, but it’s easy to check it… I’ll compare hash values of sf.bin after a couple of updates