File System Shield - Settings

Manage these settings from: Settings ▸ Components ▸ File System Shield ▸ Customize

File System Shield is the main layer of active protection in Avast Antivirus. It scans programs and files saved on your PC for malicious threats in real-time before allowing them to be opened, run, modified, or saved. If malware is detected, File System Shield prevents the program or file from infecting your PC.

By default, File System Shield is configured to provide optimal protection when switched on. We therefore strongly recommend you keep this Shield turned on at all times and only make configuration changes if you have an advanced understanding of malware protection principles.

Use the tabs on the left-side of the window to manage different aspects of File System Shield behavior. After making any changes, click OK to save File System Shield settings.

Scan when executing

Indicate whether you want File System Shield to scan programs, scripts, or libraries each time they are run. By default, all of the following options are enabled:

  • Scan programs when executing: scans any executable program or application files with extensions such as .exe, .com, .bat .
  • Scan scripts when executing: scans script files, such as .js, .asp, .php, that are stored on your hard drive when they are launched. These files are usually executed along with programs and applications, or while you browse on the web.
  • Scan libraries (DLLs) when loading: scans any dynamic-link library files, such as .dll, .ocs, .drv, loaded as dependency modules when launching programs and applications.

Note: We recommend you keep all settings enabled to ensure your full security.

Scan when opening

Specify which file types you want File System Shield to scan each time the files are opened:

  • Scan documents when opening: scans all document files, such as .doc, .xls, .ppt, when they are opened in a productivity software, such as Microsoft Office. This option is ticked by default.
  • Scan files with custom extensions: scans files with extensions that you specify. Tick this option, and type the file extension into the text box. To add another extension to the list, click Add. To remove an extension, click the relevant row, then click Delete.
  • Scan all files: scans every file as it's opened. Ticking this option provides a more thorough scan, but may slow down your PC.

Note: File extensions can include wildcard characters * or ?. The asterisk replaces zero or more characters, whereas the question mark replaces a single character. For example:

  • To scan all HTML file types, type htm* into the text box.
  • To scan all file types with two characters in a file extension, type ?? into the text box.

Scan when writing

Specify the file types you want File System Shield to scan while the files are being created or modified:

  • Scan files when writing: scans files as they are saved to your PC. This option is ticked by default.
  • Scan files with default extensions: scans file types with specific extensions determined by Avast as potential risks. This setting is ticked by default to maintain the optimal performance of your PC while ensuring your security.
  • Scan files with custom extensions: scans files with extensions you specify. Tick this option, and type the file extension into the text box. To add another extension to the list, click Add. To remove an extension, click the relevant row, then click Delete.
  • Scan all files: scans every file as it's created or modified. Ticking this option provides a more thorough scan, but may slow down your PC.
  • Do not scan files on remote shares: excludes files that are stored on a shared network from being scanned. This option is ticked by default.
  • Do not scan files on removable media: excludes files that are stored on removable media devices (such as USBs) from being scanned.

Note: File extensions can include wildcard characters * or ?. The asterisk replaces zero or more characters, whereas the question mark replaces a single character. For example:

  • To scan all HTML file types, type htm* into the text box.
  • To scan all file types with two characters in a file extension, type ?? into the text box.

Scan when attaching

Specify the file types you want File System Shield to scan on removable media devices (such as USBs or DVDs). By default, both of the following options are enabled:

  • Scan auto-run items when removable media is attached: scans applications that launch automatically when you insert a USB or other removable device into your PC. Scans of removable media, such as DVDs, may take a long time due to speed limitations.
  • Scan diskette boot sectors on access: scans for malware that may be copied to a loading section of your floppy disk. This setting prevents malware from being loaded onto your PC when you insert the floppy disk.

Exclusions

Specify files or folders that you want File System Shield to ignore. Follow these steps:

  1. To add a new file or folder, type its location manually into the text box or click Browse, tick the relevant folder, then click OK.
  2. Tick the appropriate boxes (R, W, X) to indicate when you want the file or location to be excluded (all boxes are ticked by default):
    • R: to exclude the item while it is being read.
    • W: to exclude the item while it is being written.
    • X: to exclude the item while it is being executed.
  3. Click OK.

To add another location to the list, click Add. To remove a location, click the relevant row, then click Delete.

File and folder locations can include wildcard characters ? and *. The asterisk replaces zero or more characters, and the question mark replaces a single character. For example:

  • To exclude all HTML files, type *.htm* into the text box.
  • To exclude a folder and its sub-folders, add \* to the end of the folder name, for instance C:\example\* .
  • To exclude all files labeled in a certain way on any of your hard drives, include ?:\ in front of the path, for instance ?:\example.exe .

Note: Exclusions that you specify on this screen only apply to File System Shield and do not affect any other scans or Shields. If you want to exclude a location from all Avast Antivirus scans, go to Settings ▸ General ▸ Exclusions to specify the location.

Advanced

File System Shield is configured to exclude clean files from scanning which maintains the optimal speed of your PC while ensuring the security of your system. These files include operating system files, files signed by trusted publishers, or other whitelisted files. The following settings are ticked by default and should only be changed for advanced purposes:

  • Do not scan verified system DLLs: excludes verified system library files (.dll) from scanning.
  • Use transient caching: files which have been previously scanned and temporarily verified as clean are not scanned again until the next system restart or virus definitions update.
  • Use persistent caching: trusted files which are verified as safe are not scanned again, even after a system restart or virus definitions update.

Actions

The Actions screen allows you to configure automatic responses to any threats detected by File System Shield.

Follow these steps:

  1. Select a detection type (Virus, PUP or Suspicious), then select a primary action and a secondary action in case the first action fails:
    Note: You can specify different action combinations for each detection type.
    • Fix automatically (default): attempts to repair the file. If unsuccessful, moves the file to the Virus Chest or deletes the file if neither action is successful.
    • Move to Chest: sends the file to the Virus Chest where the file cannot harm your system.
    • Repair: removes malicious code if the file is only partially infected. This action is not possible if the entire code is malware.
    • Ask: notifies you of detected threats and asks you to decide which action to take.
    • Delete: permanently removes the file from your PC.
    • No action: makes no changes to the contents or location of the file (not recommended as an automatic action).
  2. Tick or untick the following options (both are ticked by default):
    • Show a notification window when action is taken: notifies you each time an action is applied by the Shield.
    • If necessary, perform the selected action at the next system restart: enables actions to be delayed until the next time you restart your PC, if the action requires it.
  3. Specify the action you want to take if the Shield detects a malicious or suspicious file or program contained in an archive (specified in Packers):
    • Try to remove only the packed file from the archive; if it fails, do nothing (default): attempts to remove the contained file or program but does not delete the entire archive.
    • Try to remove only the packed file from the archive; if it fails, remove the whole containing archive: deletes the entire archive if unable to remove the file or program contained within.
    • Always remove the whole archive: deletes the entire archive.
  4. Click OK.

Packers

The Packers screen allows you to indicate the compressed file types that you want File System Shield to unpack when checking for malware. For example, .zip, and .rar. The Shield is better able to analyze files for malware when files are unpacked. To unpack a file is the same as to extract a file from an archive. Original archives, including the files contained within, remain intact when being processed by the Shield.

By default, Self-extracting archives, Droppers and NTFS streams are ticked. Other archive types do not need to be checked because unless they are extracted, they cannot harm your PC. If you tick All packers, the Shield analyzes all archive files.

Note: For more information about a specific file type, tick the file type and refer to the information under Packer description at the bottom of the screen.

Sensitivity

The Sensitivity screen allows you to define the following settings for File System Shield:

  • Heuristics: heuristics enable Avast to detect unknown malware by analyzing code for commands which may indicate malicious intent. Specify your preferences for the following options:
    • Use the orange bars to indicate your preferred level of heuristic sensitivity. The default setting is Normal (three bars). With higher sensitivity, Avast is more likely to detect malware, but also more likely to make false-positive detections (incorrectly identify files as malware).
    • Tick Use Code Emulation to unpack and test any suspected malware in an emulated environment where the file cannot cause damage to your PC. This option is ticked by default.
  • Sensitivity: tick Test whole files if you want the scan to analyze entire files rather than only the parts typically affected by malicious code. When this option is ticked, the scan is slower but more thorough.
  • PUP and suspicious files: tick Scan for potentially unwanted programs (PUPs) if you want the scan to look for programs that are stealthily downloaded with other programs and typically perform unwanted activity.

Note: The more options you tick and the higher the sensitivity you set, the more thoroughly the Shield scans your PC. With higher sensitivity, false-positive detections are more likely and more resources are consumed on your PC.

Report file

The Report file screen allows you to specify whether you want File System Shield to produce reports of scan results. When troubleshooting issues with Avast Support representatives, you may be requested to provide a report file.

To generate automatic scan reports, follow these steps:

  1. Tick Generate report file. This option is ticked by default.
  2. Manage the following settings:
    • File name: provide a name for the report file.
    • File type: select the format of the report file - plain text ANSI, plain text Unicode, or XML.
    • If file exists: select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report.
  3. Define the contents of the report:
    • Infected items: files and areas of the scanned environment which are identified as containing malware. This option is ticked by default.
    • Hard errors: unexpected errors which require further investigation. This option is ticked by default.
    • Soft errors: minor errors such as a file being unable to be scanned because it was in use.
    • OK items: files and areas which were identified as being clean. Ticking this option results in very long reports.
    • Skipped items: files and areas which the Shield did not check because of the scan settings.
  4. Click OK.

Report files are saved in one of the following locations:

  • Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista: C:\ProgramData\Avast Software\Avast\report
  • Windows XP: C:\Documents and Settings\All Users\Application Data\Avast Software\Avast\report