• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Source of file scanning in Windows 10

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
c627627

c627627

c(n*199780) Senior Member
Joined
Feb 18, 2002
I am keeping my Windows 8 retail w/o upgrading it to Windows 10 for my new build before July 2016 free Windows 10 upgrade offer ends. On my current build, my Windows 10 Professional installation is activated based on my previous Microsoft Insider Windows 10 install.

I have switched off automatic updates. The Windows 10 fresh install is from the same place everyone else got theirs but my machine is activated based on my being a Windows Insider.
As you know your activation is stored in the cloud permanently so my Windows 10 activated based on that.


Avira designated a program like ImgBurn as a virus. Well not a virus but
[PluginsDir]/OCSetupHlp.dll]
[DETECTION] Contains patterns of software PUA/OpenCandy.Gen

I complained to Avira and Avira said:
The file 'SetupImgBurn_2580.exe' has been determined to be 'RISK'. Our analysts named the threat PUA/OpenCandy.Gen. This class of detection flags, Potentially Unwanted Applications (PUA), may compromise the user’s privacy and the security of the local system.
These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted.
A PUA classification of an application is the result of software, an advert or a website exhibiting one or more offending behaviors and/or properties. A full PUA list is available at http://www.avira.com/en/potentially-unwanted-applications.
This detection doesn't mean that the file is malicious. However, if the file was installed on the system without the user's knowledge, the user’s privacy or system secur ity might be compromised.
Disabling this detection is only recommended for advanced users that understand the risks and how to use these applications. This file is detected by a special detection routine from the engine module.


So I then asked ImgBurn to do sometthing about it:
http://forum.imgburn.com/index.php?...cially-confirmed-as-a-virus-by-avira-antivir/


a-n-y-w-a-y

The setup file is inside many folders all over my multiple hard drives.
Here's the kicker. Avira is *randomly* finding it and popping up a red virus warning.


But I have set Avira NOT to do any system scans, only Real-Time Protection.
So only if a virus is being interacted with, [by me for example opening a folder containing an infected file] does the Real-Time Protection kick in and display the red virus/malware intercept pop-up.



Well what is scanning the Windows 10 system if

A. Avira is only set to do Real-Time Protection and *not* scan the system on its own, ever.
B. Windows 10 indexing is completely off.
C. Everything else as far as Windows 10 privacy is concerned has been manually turned off by me, I was pretty comprehensive about it:
http://www.overclockers.com/forums/...-installation-How-(not)-to-install-Windows-10


This is a very fresh install, that I continuously reimaged as I edited my Windows 10.
There is not a single program installed on my Windows 10 that I don't have already installed on my Windows 8 and other OS on my multi-boot where nothing like this is going on... My system is clean.


So it has to be Avira scanning the system and then only on Windows 10 even though I specifically turned off any daily/weekly/ever scans.

OR

It is Windows 10, scanning my entire system somehow even though I turned off all Indexing (which is easy to confirm 100%).
I also turned off all hard drive optimization settings.


I just thought I would share this.


With the exception of ability to record a TV signal, Windows 10 is working ok, although I did have to set some exe files in a Compatibility Mode to make them work...
 
Yea. I know how to take care of the stuff, I was posting more about trying to figure out why it got detected in the first place if it was buried deep as an unexecuted setup file on my system

The only way it would get detected is if there was a systematic and complete scan of my system.

How would that come about if indexing is turned off and all privacy settings are turned off and drive optimization is turned off in Windows 10?
 
Most antivirus don't disable features you tell them to disable; this is a common issue I run into at work. I wouldn't be surprised if it was still slowly trolling the system looking for suspicious files in the background. They rightfully assume most people who use their product don't know what they are doing, so they try to protect the user from themselves, which is extremely annoying when you know what you are doing.

The IMGBurn thing is absolutely malicious and they refuse to remove it. Makes sense their install would get flagged. Are you just ripping in disks? If so, I have an alternative program for you which is super small and has no install.

Don't turn off indexing. The system may take a bit of crunching right after an install to index the system, but it does very little work after it finishes. Quick searches and really nice.
 
It very well could be Avira. It never does that on any of my other OS that I have noticed, and because I have a situation of multiple identical installs from Windows XP to Windows 10, I could tell about those things. It very well could be... It could be that my license is one of a Windows Insider, giving Microsoft green light to scan whatever they want and collect whatever info they want (even though I turned ALL that off).... It could be Windows 10.

Before July 2016 I will build a new system and get my store bought Windows 8 Pro converted to Windows 10 on it. I will then be able to tell if this stops happening if it was the type of Windows 10 license that caused this... until then it's just speculation.



On a completely different and separate topic, ImgBurn.
I have it all over my system as a setup file because it has to be used in conjunction with Clown_BD BD Copier, which helps get rid of trailors from Blue-rays that I own.

I am interested in talking to you about the ImgBurn issue, I thought it was only part of the installer - that if you uncheck/decline to install additional stuff that you don't get bogged down in that? It's nothing part of the main program, correct?


I've been turning off Indexing for 15-20 years because of how noisy the hard drives used to be. Nowadays I index once, and turn it off. I add little new to my system so it is a personal preference...

The hard drives are so fast that the search time is acceptably ok.

A *much* bigger problem is the absolutely unreliable Windows search engine. I have been rebooting into Windows XP to do a reliable search to this day. I have screenshots to prove it is broken. I catch it not finding files that exist all the time. The issue is not reliably reproducible, sometimes I get a hit the other times not, but Windows Search has been reliably screwing me over ever since they got rid of the Windows XP search engine and replaced it with something with no GUI that you need a certification to be able to use.

I am forced to use third party solutions like
http://mythicsoft.com/page.aspx?page=download&type=agentransack
 
I haven't had an issue with indexing, either grinding away constantly or not finding files I know exist. :shrug:

Even if you can skip the malware install during setup, I find it incredibly reckless to include. They know they are including malware with their software and they know most people will install it because they don't know better. It is common to hide the option behind "ADVANCED INSTALL WARNING: ONLY ADVANCED USERS" scare tactics. In addition, what happens if they ask the user but install anyway, either on purpose or by accident. Now your system is infected with who knows what. I simply won't take the chance if a program has the "option".

I use LCISOCreater to rip in disks, and it is a no BS solution.
 
It only takes one pink zebra to prove there are pink zebras in the world.
There are no cases of Windows XP search engine missing hits on any system ever.
There are cases of the engine that replaced it missing hits all the way up to Windows 10. Next time it happens on my system, I will take a screenshot and bump my old thread about this.


I am against the inclusion of malware but when someone says it's free... and you have a choice not to install malware part of it, I don't know what to say back...
I have a lot of freeware installed that is exactly like that, I have to carefully read the custom install and UNCHECK toolbars etc.

But I understand why Avira marked it as malware, this is between ImgBurn and Antivirus companies frankly.
I only care about if malware can be UNCHECKED at time of installation or not.


The main part of this thread however is what is background scanning every file on my system. Avira antivirus despite the setting for system scans being turned off.
Or Windows 10 itself, despite all the settings about this in Windows 10 that I know off being turned off.
 
c627627 said:
I am against the inclusion of malware but when someone says it's free... and you have a choice not to install malware part of it, I don't know what to say back...
I have a lot of freeware installed that is exactly like that, I have to carefully read the custom install and UNCHECK toolbars etc.
Click to expand...
Except in cases where the authors are malicious and disregard what you unchecked, are specifically designed to make you accidentally install them, or through programmer mistake install it anyway. The installer doesn't have the honor your request.
 
...or when the installer places a temporary file which sends info in/out of your system so the installer is clean but that temporary file is the one doing the damage...

I have experienced everything you say and such installers pose an inherent risks, absolutely.
I try to use Comodo Firewall to intercept any such behavior but I completely agree with you about how risky it is from the get go.
 
If you are able to find the ip address that the file is "phoning home" to, you could edit your host file to a loop back address, 127.0.0.1
 
It's probably picking up on the Windows 10 file scanning as it get hashes for everything on your system to later upload to MS servers.
 
Yes. I simply UNCHECK all additional installation options and simply block ANY file that tries to phone home after it is intercepted by Comodo Firewall.
The firewall permanently blocks it thereafter, but editing the HOSTS file would too, absolutely!
 
Last edited:
You must log in or register to reply here.

Similar threads

EarthDog
Windows Fax and Scan - Did it disappear in the latest W11 update???
Replies
7
Views
245
EarthDog
EarthDog
Kenrou
You'll soon see ads for apps in the Windows 11 Start menu
Replies
4
Views
160
Ulkranfas
U
c627627
What is the LONGEST you can disable downloading Windows 10/11 updates and how?
Replies
12
Views
697
Janus67
Janus67
fabulouscoops
Windows update thinks my computer is not Win 11 ready, but it is.
Replies
3
Views
572
fabulouscoops
fabulouscoops
Kenrou
Set Your Calendars: Windows 12 is Coming in June 2024 with Arm Support and AI Features
2
Replies
21
Views
1K
mackerel
mackerel
Back