Scanning and Resident Shield
How to set up exclusions for Potentially unwanted programs?
If you need to exclude a certain "Potentially unwanted program" from any detection by AVG (for example if you are using an Ad-sponsored program or utility, which could be dangerous, but could also be used with your knowledge), you can exclude it from AVG Resident Shield and AVG scans detection this way:
- Please open the AVG program -> "Tools" menu -> "Advanced settings" -> "PUP exceptions" -> push the "Add exception" button to add a new exception.
- Now find the file you want to exclude from AVG detection. If you are not sure that the file location is static, enable "Any location - do not use full path" function.
- Save the setting using the "Add" button.
These exceptions can be used for "Potentially unwanted programs" only. If you set the exception for a viral file (Trojan horse, I-Worm, Worm, W32...), this file will be still detected by AVG scans and the AVG Resident Shield.
These exceptions are not used for the AVG Email Scanner.
Note: These exceptions can be created for files only, not for folders.
Resident Shield - what is it?
The Resident Shield component gives your computer continuous protection. It scans every single file that is being opened, saved, or copied, and guards the system areas of the computer. Normally, you do not even notice the process, as it runs "in the background", and you only get notified when threats are found; at the same time, the Resident Shield blocks activation of the threat and removes it.
The Resident Shield is loaded in the memory of your computer during startup, and it is vital that you keep it switched on at all times.
What the Resident Shield can do:
- Scan for specific kinds of possible threats
- Scan removable media (flash disk etc.)
- Scan files with specific extensions or without extensions at all
- Allow exceptions from scanning – specific files or folders that should never be scanned
For more information regarding AVG Resident Shield please refer to documentation available here.
Tracking cookies scan is disabled in default settings
Since AVG 9.0 version 716, the tracking cookies are not detected in default settings of AVG. Tracking cookies are not dangerous files and, they are created automatically when accessing webpages. For more information about tracking cookies, please see FAQ 2334.
You can however turn the detection on. To do so, please follow these steps:
1. Resident Shield settings
- open the AVG program
- double-click on the AVG Resident Shield component
- mark the "Scan for Tracking Cookies" option
- press "Save changes" button
2. AVG test settings
- launch the AVG program
- open Computer Scanner
- choose "Change scan settings" under "Scan whole computer" item
- in the newly opened window please mark "Scan for Tracking Cookies"
3. Scheduled test settings
- open the AVG program
- choose "Advance settings" from Tools menu
- extend "Schedules" item and select "Scheduled scan"
- switch to "How to scan" tab
- please mark "Scan for Tracking Cookies" option
How does AVG Cache Server Service improve speed in AVG 9?
To improve scanning speed in AVG, caching of trusted files was implemented.
This service (AVG Cache Server) is indexing files that qualify as trusted based on several criterias (e.g. digital signature from trusted source). Files which are indexed do not require additional scanning, unless they are changed.
Indexing is done through the "avgchsvx.exe" (for 32-bit Windows) or "avgchsva.exe" (for 64-bit Windows). It runs after computer startup for short amount of time as only changes in the indexed files are searched.
Although the disk is active during that time (the control light indicating disk activity on computer is blinking), the impact on system is minimal.
Remove threat as power user
When AVG detects a virus in a file, it attempts to remove such file with the access rights of the user who executed the test, or tried to access the file. In case this is not possible due to limited permissions (e.g. you can open the file but can not modify it or delete it), AVG can attempt to remove the file under different user account with higher permissions.
When you select the option "Remove threat as power user", you are asked to enter Windows user name and password for a different user account. In typical situation, administrator user name and password can be used, however this depends on the user accounts you have available on your computer.
To check under which user account are you logged into Windows and which other accounts are available, you can refer to the FAQ topic 2521.
How to exclude some directory/file from AVG Resident Shield scanning
To exclude a directory from Resident Shield scanning, please proceed as follows:
- Open the AVG program.
- Select the Advanced Settings option from the Tools menu.
- Navigate to the Resident Shield branch -> Directory Excludes.
- Use the Add Path button to choose the directory to be excluded.
- Confirm the changes using the OK button.
To exclude a file from Resident Shield scanning please proceed as follows:
- Open the AVG program.
- Select the Advanced Settings option from the Tools menu.
- Navigate to the Resident Shield branch -> Excluded Files.
- Use the Add button to choose the file to be excluded.
- Confirm the changes using the OK button.
How can I manually run the complete scan of whole computer?
The whole computer scan may be launched in diverse ways. Please select the more pleasant one:
1. Launch the complete test by clicking on the "Computer scanner" button
- Please open the AVG program.
- Click on the Computer scanner button from navigation panel located on the left hand side.
- Then please click on the Scan whole computer option.
- Now the complete test of your computer is running.
2. Launch the complete test from "Tools" menu
- Please open the AVG program.
- Click on the Tools menu located at the top of window.
- Select the Scan computer option from the menu.
- The complete scan of your computer will start immediately.
Note:
Automatic daily test plan is part of default AVG configuration. It is therefore usually not necessary to run the test manually, unless you disabled the default test plan. To check whether the automatic daily test is enabled, please proceed as follows:
- Open the AVG program.
- Click on the Computer scanner in the left part of the window.
- Click on the Manage Scheduled Scans option.
- In the list of Scheduled scans, there will be displayed the time of the next scan.
- In case the Scheduled scan is set to Disabled, double-click on it and tick the option Enable this task.
Adware detection in AVG
A ablVG ise to detect applications from the Adware category as special part of Potentially Unwanted Applications detection.
Adware software can display and/or download advertisement and may be considered privacy-invasive. Adware applications are however not harmfull and their detection is disabled by default in AVG.
To enable resident Adware detection follow these steps:
- Open the AVG program (Start -> Programs -> AVG 9.0 -> AVG user interface).
- From the Tools menu, select Advanced Settings.
- In the left tree, click on Resident Shield branch.
- On the right side of window, check the Report enhanced set of Potentially Unwanted Programs option
- Click OK to save changes.
To enable Adware detection through a scheduled scan follow these steps:
- Open the AVG program (Start -> Programs -> AVG 9.0 -> AVG user interface).
- From the Tools menu, select Advanced Settings.
- In the left tree, open the Schedules branch.
- There is a list of planned actions, click on Sheduled scan (or any other scan schedule you created).
- On the right side of window, switch to the How to scan tab.
- Check the Report enhanced set of Potentially Unwanted Programs option.
- Click OK to save changes.
Please note that some adware may be associated with different application. Deleting them might cause issues with that application or be against license agreement of that application.
Removable device scan
Settings of the item Removable device scan are available in the Advanced settings of AVG, under the Scans item.
When you choose the Removable device scan item the dialog allows you to specify parameters for scan of removable devices. It is needed to check the "Enable removable device scan" checkbox to activate this feature. If you do this, upon every connection of any removable device to your computer (for example USB flash drive) this device will be automatically scanned for viruses and/or spyware. If you disconnect the removable device during the scan, the scan will be interrupted (and will start again after next connection of the removable device).
Crash caused by old Starforce driver after start of Anti-Rootkit scan
Older StarForce sfdrv01.sys driver (copy protection application) can cause crash when AVG starts the Anti-Rootkit scan. This will display the so called BSOD (blue fullscreen error message). You will then need to force restart the PC. Please note that this issue is not caused by AVG.
It can be fixed by updating the StarForce protection driver. To do that, please follow the steps on the following web page (belonging to vendor of this application):
http://www.star-force.com/support/drivers/
If you are unsure whether StarForce protection is installed, you can check this way:
On Windows 2000, Windows XP:
- Right click on the My computer icon on your Desktop or in Start menu.
- Select the Properties option.
- In opened window switch to the Hardware tab.
- Click on the Device Manager button.
- In the Device Manager, select the Show hidden devices option from the View menu.
- Now check under the Non-plug and play drivers tree for any record with Starforce in the name.
On Windows Vista, Windows 7 and newer:
- Right click on the Computer icon on your Desktop or in Start menu.
- Select the Properties option.
- Click on the Device Manager link in top-left corner.
- In the Device Manager, select the Show hidden devices option from the View menu.
- Now check under the Non-plug and play drivers tree for any record with Starforce in the name.
High utilization of CPU on ThinkPad laptops
If you have AVG 9.0 installed on IBM/Lenovo Thinkpad laptop, you can encounter high CPU utilization in some cases. This is caused by combination of ThinkPad AccessConnections suite and AVG.
The mentioned software is constantly accessing one file (AccConnAdvanced.html) to save information about network traffic. As the file is opened/closed and changed constantly, AVG must scan it for malware. This of course requires resources. You can disable scanning of this one file in AVG and thus prevent this issue.
To prevent AVG from scanning the file, follow these steps:
- Open AVG (Start -> Programs -> AVG 9.0 -> AVG User Interface).
- Double click Resident shield.
- Click Manage exceptions.
- In opened window select Excluded files in the tree on the left.
- Click Add.
- New window will open, allowing you to find a file to be excluded. First select All files (*) from the Files of type dropdown menu.
- Now browse the files and find the following file:
C:\Program Files\ThinkPad\ConnectUtilities\AccConnAdvanced.html - Select it and click Open.
- Confirm the exlusions by clicking OK.
This will disable on-access scaning of this file. It will still be checked by a planned scan. This however will not slowdown the computer as it happens less often.
Exclusions for AVG needed for proper Hyper-V virtual machines functionality
When using the Hyper-V virtual machines on Windows Server 2008-based computers, it is necessary to exclude some folders from AVG scanning. This will make sure that the virtual machines run properly. Following erorrs may be reported otherwise:
- The requested operation cannot be performed on a file with a user-mapped section open. (0x800704C8)
- VMName’ Microsoft Synthetic Ethernet Port (Instance ID{7E0DA81A-A7B4-4DFD-869F-37002C36D816}): Failed to Power On with Error 'The specified network resource or device is no longer available.' (0x80070037).
- The I/O operation has been aborted because of either a thread exit or an application request. (0x800703E3)
To prevent these errors, set AVG this way:
- Open the AVG program.
- Select the Advanced Settings option from the Tools menu.
- Navigate to the Resident Shield branch -> Directory Excludes.
- Use the Add Pathbutton to choose the directory to be excluded. Add these directories:
- Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
- Custom virtual machine configuration directories
- Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
- Custom virtual hard disk drive directories
- Snapshot directories
- C:\Clusterstorage (if Live Migration is used together with Cluster Shared Volumes)
- Navigate to the Resident Shield branch -> Excluded Files.
- Use the Add button to choose the file to be excluded. Add these files:
- Vmms.exe
- Vmwp.exe
- Confirm the changes using the OK button.
For more information, see following Microsoft Knowledge Base topic:
http://support.microsoft.com/kb/961804/
Setting scan process priority
The priority of the scan process defines how fast will the scan run, and how much system resources will it use. In other words, you can set the scan to run as fast as possible while slowing down your computer noticeably, or you can choose that you wish the test to run using as little system resources as possible, while prolonging its run time.
There are three options for the test priority in AVG:
- Fast scan = shortest scan time, highest usage of system resources
The Fast scan does not leave any time gaps between reading files on the computer, and the scanning runs in multiple threads to utilize even multi-core processors. The Fast scan is recommended when the computer is not used or no other demanding application is running at the same time. - Slow scan = longest scan time, lowest usage of system resources
The Slow scan leaves time gaps between reading individual files, so that other applications can access the data on the computer with minimal delay. The scanning itself also runs with lower priority, in single thread, and with lower memory demands. - Automatic scan = both scan time and generated system load depend on current computer load
In the Automatic mode, AVG is adjusting the scan priority and gaps between files based on current system load, thus minimizing the impact of the test on the system, while finishing the test in shortest possible time.
The scan priority can be set for both running and scheduled test:
- Running test
Please adjust the slider in the window of currently running test (open the AVG program -> Computer scanner -> running scan). - Scheduled test
Open AVG User Interface -> Computer scanner, please click on the Manage Scheduled Scans option and double-click the desired scheduled scan. In the scan settings please switch to the tab How to scan. After setting the priority, please click the Save button to store the configuration.
How to exclude folder from AVG test
To exclude some folder from one AVG test or from a test schedule, please proceed as follows:
- To edit excludes in one test:
- Open the AVG program by double-click on AVG icon on your desktop or in the tray notification area.
- Click on Computer scanner -> Scan specific files or folders.
- To edit excludes in test schedule:
- Open the AVG program by double-click on AVG icon on your desktop or in the tray notification area.
- Click on Computer scanner -> select Scheduled scan -> button Edit scan schedule.
- Switch to tab What to scan -> select Scan specific files or folders.
- Tick all drives you wish to be scanned.
- To exclude e.g. folder "C:\Program Files", please expand drive C:\ (using the + button, or by double-click on its icon) and un-tick the folder "Program Files".
- Alternatively, you can leave all drives and folders selected and add into the text box above the selection tree:
- ![path];
e.g. !C:\Program Files; will disable scanning of the Program Files folder.
- ![path];
- In case you wish to disable recursion in some folders (so that the contents of that folder are scanned, but not subfolders), please type the following:
- -[path];
e.g. -C:\Windows\System32; will scan all files in the System32 folder, but not its subfolders. All other folders in C:\Windows will be scanned completely.
- -[path];
Information in a test result
AVG scan is able to detect files which may not be infected, but are suspicious. These files are reported either as Warning (described in FAQ 2344), or as Information. The severity Information can be reported for one of the following reasons:
- Run-time packed
The file was packed with one of less common run-time packers, which may indicate an attempt to prevent scanning of such file. However, not every report of such file indicates a virus. - Run-time packed recursive
Similar to above, however less frequent amongst common software. Such files are suspicious and their removal or submission for analysis should be considered. - Password protected archive or document
Password protected files can not be scanned by AVG (or generally any other Anti-Malware program). For more information, see FAQ 2333. - Document with macros
The reported document contains macros, which may be malicious. - Hidden extension
Files with hidden extension may appear to be e.g. pictures, but in fact they are executable files (e.g. picture.jpg.exe). The second extension is not visible in Windows by default, and AVG reports such files to prevent their accidental opening. - Improper file path
If some important system file is running from other than default path (e.g. winlogon.exe running from other than Windows folder), AVG reports this discrepancy. In some cases, viruses use names of standard system processes to make their presence less apparent in the system. - Locked file
The reported file is locked, thus cannot be scanned by AVG. This usually means that some file is constantly being used by the system (e.g. swap file). - The file is signed with a broken digital signature
The reported file was signed with a digital certificate ensuring its integrity. However due to changes to it, the certificate no longer corresponds with the content. This might happen when file is infected but also when it was incorrectly updated, broken due to some error or when the digital signature expired.
If you wish, you can adjust the AVG test settings in such way, that only the information you are interested in are reported:
- Open AVG User Interface.
- Click on Computer scanner.
- Click Change scan settings.
- Alternatively, you can change these settings in menu Tools -> Advanced settings.
How can I set programs such as GetRight or WinRAR to scan the files they use?
You can use AVG scanner within the 3rd party program scanning options. There is a difference based on your system architecture. In case you use 32 bit system
(x86) you need to use avgscanx.exe file for the scanning. In case of 64bit system (x64) you should use avgscana.exe file.
Usually it is necessary to use the /scan parameter with path to file location. We also recommend to use other parameters, e.g.:
- /HEUR - Use heuristic analysis
- /ARC - Scan archives
- /CLEAN - Clean automatically
You can get the whole list of parameters by starting the avgscan?.exe with the /HELP parameter or in FAQ 2707.
These are examples of the AVG scanner configuration in some popular applications:
- GetRight
Tools -> GetRight Configuration -> Advanced -> When Done
Virus Scanner program to use:
"C:\Program Files\AVG\AVG9\avgscanx.exe" /heur /clean /arc /scan="%FILE%"<br>(on 64 bit system, use folder Program FIles(x86) and avgscana.exe instead)</li><li><span style="FONT-WEIGHT: bold">WinRAR<br /><span style="font-style: italic;">Tools -> Scan archive for viruses
Virus scanner name:
C:\Program Files\AVG\AVG9\avgscanx.exe
(on 64 bit system, use folder Program FIles(x86) and avgscana.exe instead)
Virus scanner parameters:
/scan=%f /ext=* /arc /clean - Miranda IM
Options -> Events -> File Transfer
Command line:
"C:\Program Files\AVG\AVG9\avgscanx.exe" /scan=%f /ext=* /arc /clean
(on 64 bit system, use folder Program FIles(x86) and avgscana.exe instead) - Windows Live Messenger
Due to the Windows Live Messenger feature, the above mentioned parameters cannot be used. However your computer is still protected by residential parts of AVG.
Note:
In case you installed AVG into other than default folder, it is needed to change the path to the file avgscan?.exe. Please bear in mind that the specific parameters depend on the given application. In this case you should ask the provider of that software for needed information.
Options when scheduling scan or program update
When scheduling scans or program update the following additional options are available:
- Open the AVG program.
- Choose the Advanced Settings option from the Tools menu.
- Navigate to the Schedules branch.
Run at specific time interval
The following options are available:
- Every day
Scheduled task will run every day at a specified time. - Selected days
In this case it is possible to check/uncheck one or more days in the week. Then the scheduled task will run on checked days at a specified time. - Every selected day in month
If this is set, then it is possible to select on which exact day of month will the schedule run. Same as the previous options, the scheduled task will run on the selected day at a specified time.
Run on computer startup if task has been missed
If
you schedule the scan to run at a specific time, you can check this
option to ensure that the scan will be performed subsequently in case
the computer is turned off at the scheduled time.
Run even if computer is in low power mode
Check this option to specify that the scan should be performed even if the computer is running on battery at the scheduled time.
How to shedule AVG scan of network devices?
Scheduled AVG scans are normally started under the SYSTEM account. This means, that sheduled AVG scan cannot scan network drives (shared folders) as the SYSTEM account does not have permission to access them.
Note: Manually started AVG scan has access to all places the user who started it has.
If you want to run a scheduled AVG scan that will be able to scan also shared folders, you can use the Windows Scheduler to start it. To do that, please follow these steps:
- Windows XP
- Open Control Panel (you can click Start -> Settings -> Control Panel).
- Double click on the Scheduled tasks option (depending on the selected view, you may first need to select the Performance and Maintenance option).
- Double clik on the Add scheduled task option.
- Follow the opened wizard. When selecting application to run, click the Browse
button and find avgscanx.exe or avgscana.exe in the following folder
(only one of the file will be present; this is the default folder for
installation):
c:\Program Files\AVG\AVG9\ - In the wizard, select when and how often the task (AVG scan) should run.
- Specify your username and password. This will make sure, that the scan runs with your priviledges and will be able to scan shared folders.
- In the last dialog of wizard check the Open advanced properties of this task when I click finish and then click the Finish button.
- Advanced properties of the task will be opened (if not, open them by double clicking the new task in the list of tasks).
- on the Task tab, edit the Run field:
- Add parameters to specify settings for the scan. Parameters should be added at the end of the line.
e.g. C:\program files\avg\avg9\avgscan.exe /scan=C:;D
(this will set avg to scan drives C and D) - You can get full list of parameters by running the avgscana.exe/avgscanx.exe with parameter /help in commandline or you can see the list of commands in FAQ 2707.
- Add parameters to specify settings for the scan. Parameters should be added at the end of the line.
- Confirm all the settings.
- Windows XP
- Open Control Panel (you can click Start -> Settings -> Control Panel).
- Open the Administrative tools option (depending on the selected view, you may first need to select the System and Maintanence option).
- Select the Task scheduler option.
- In the opened window right click on the Task scheduler (local) option in the tree on the left side.
- Select the Create Basic Task option.
- In the wizard fill in some name for this plan and click Next.
- Select how often should the task start and then click Next.
- Select Start a program as an action for the task.
- Click the Browse
button and find avgscanx.exe or avgscana.exe in the following folder
(only one of the file will be present; this is the default folder for
installation):
c:\Program Files\AVG\AVG9\ - In the Add arguments field type parameter for the scan
- e.g. /scan=C:;D
(this will set avg to scan drives C and D) - You can get full list of parameters by running the avgscana.exe/avgscanx.exe with parameter /help in commandline or you can see the list of commands in FAQ 2707.
- e.g. /scan=C:;D
- Click Next and in the last dialog check the Open the Properties dialog for this task when I click finish option. Then Click Finish.
- Advanced properties of the task will be opened (if not, open them by double clicking the new task in the list of tasks under Task Scheduler Library).
- On the General tab, check the Run whether user is logged on or not option.
- Click OK and when asked, fill in your password and confirm it.
The scan should be now started according to the plan with permissions of user who created it.
Usage and return codes of avgscan*.exe
The AVG command line scanner avgscan*.exe (available in AVG program folder, where * can be 'x' for 32bit operating systems or 'a' for 64bit operating systems) allows scanning of the whole computer or specified files using a batch file or Scheduled Tasks in Windows. The parameters of the command line scan are available in the AVG documentation or using parameter /? (e.g. avgscanx.exe /?).
Apart from the full test report that is provided once the scan is finished, it is also possible to check the return code of the finished scan. This code can be used to trigger specified actions in case e.g. a virus was found.
The return code of the last finished command line scan is stored in a system variable %ERRORLEVEL% (to check its value for the last AVG scan manually, type "echo %ERRORLEVEL%" in the command line). Possible values and their meanings are:
- 0 (RETURNCODE_OK)
everything is OK - 1 (RETURNCODE_USERSTOP)
user interrupted the scan - 2 (RETURNCODE_ERROR)
error during the scan (e.g. when an incorrect parameter is used) - 3 (RETURNCODE_WARNING)
warning during the scan - 4 (RETURNCODE_PUPDETECTED)
Potentially Unwanted Program detected - 5 (RETURNCODE_VIRUSDETECTED)
virus detected - 6 (RETURNCODE_PWDARCHIVE)
password-protected archive found
List of AVG commandline scan parameters
AVG scan can be also started from the commandline (both in Windows and DOS environment) without user interface. This can be used to call and execute the scan from other applications (e.g. Windows Scheduler, Winrar, ...).
AVG scan executable file is located in the installation folder under name avgscana.exe or avgscanx.exe (Default installation folder is C:\Program Files\AVG\AVG9). The avgscan?.exe needs to be started with parameters to specify setting for the scan. You can get list of all parameters by starting it with the /Help parameter or see the following list:
- /SCAN - starts a can. you need to specify path to be scanned. e.g. /SCAN=path;path/
- /COMP - starts scan of the whole computer
- /HEUR - toggles use of heuristic analysis
- /EXCLUDE - will exclude path or files from scan e.g. /EXLUDE=path;path/
- /@ - specifies path to text file that contains parameters for scan
- /EXT - specifies extensions to be scanned e.g /EXT=EXE,DLL/
- /NOEXT - exludes extensions from scan e.g. /NOEXT=JPG/
- /ARC - toggles archives scanning
- /CLEAN - toggles automatic healing
- /TRASH - move infected files to the Virus Vault
- /QT - starts only Quick test
- /MACROW - toggles macros reportiong
- /PWDW - toggles password-protected files reporting
- /ARCBOMBSW - toggles archive bombs (repeatedly compressed archives) reporting
- /IGNLOCKED - Ignores locked files
- /REPORT - saves report to a file specified file
- /REPAPPEND - append to the report file
- /REPOK - report uninfected files as OK
- /NOBREAK - do not allow CTRL-BREAK to abort
- /BOOT - enables MBR/BOOT check
- /PROC - toggles active processes scanning
- /PUP - toggles "Potentially unwanted programs" reporting
- /REG - toggles registry scan
- /COO - toggles Tracking Cookies scan
- /? - displays help on this topic
- /HELP - displays help on this topic
- /PRIORITY - sets scan priority - Low, Auto or High
- /SHUTDOWN - shutdowns computer upon scan completion
- /FORCESHUTDOWN - forces computer shutdown upon scan completion
- /ADS - toggles scan of Alternate Data Streams (NTFS only)