Get Information From Avast Boot Scan Log

After that, your task is to push Install specialized definitions and then Run On Next PC Reboot.

Ship logs from Avast

Avast Antivirus is a family of cross-platform internet security applications. This topic describes how to send system logs from your Avast Antivirus platform to Logz.io.

Before you begin, you’ll need:

  • Avast Antivirus installed on your machine
  • An active account with Logz.io
  • Filebeat installed on your machine
  • Root priveleges on your machines

Default configuration

Download the Logz.io public certificate to your credentials server

For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.

sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt 
Configure Filebeat
  1. Paste the following into the inputs section of the Filebeat configuration file:

Filebeat requires a file extension specified for the log input.

 filebeat.inputs: - type: filestream paths: - C:\ProgramData\Avast Software\Avast\report\FileSystemShield.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: type: pattern pattern: '(\d\d/\d\d/\d\d\d\d)' negate: true match: after - type: filestream paths: - C:\ProgramData\Avast Software\Avast\report\Full Virus Scan.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: pattern: '^\* Avast Scan Report' negate: true match: after ignore_older: 3h - type: filestream paths: - C:\ProgramData\Avast Software\Avast\report\aswBoot.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: pattern: '^\d\/\d\/\d \d:\d\nScan of' negate: true match: after ignore_older: 3h - type: filestream paths: - C:\ProgramData\Avast Software\Avast\report\WebShield.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: pattern: '^\*\n\* Avast Real-time Shield Scan Report' negate: true match: after ignore_older: 3h filebeat.registry.path: 'C:\ProgramData\Filebeat' processors: - rename: fields: - from: "agent" to: "beat_agent" ignore_missing: true - rename: fields: - from: "log.file.path" to: "source" ignore_missing: true output: logstash: hosts: [">:5015"] ssl: certificate_authorities: ['C:\ProgramData\Elastic\Beats\filebeat\Logzio.crt'] 

If you’re running Filebeat 7 to 8.1, paste the code block below instead:

 filebeat.inputs: - type: log paths: - C:\ProgramData\Avast Software\Avast\report\FileSystemShield.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: type: pattern pattern: '(\d\d/\d\d/\d\d\d\d)' negate: true match: after - type: log paths: - C:\ProgramData\Avast Software\Avast\report\Full Virus Scan.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: pattern: '^\* Avast Scan Report' negate: true match: after ignore_older: 3h - type: log paths: - C:\ProgramData\Avast Software\Avast\report\aswBoot.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: pattern: '^\d\/\d\/\d \d:\d\nScan of' negate: true match: after ignore_older: 3h - type: log paths: - C:\ProgramData\Avast Software\Avast\report\WebShield.txt fields: logzio_codec: plain token: > type: avast fields_under_root: true encoding: utf-8 ignore_older: 3h multiline: pattern: '^\*\n\* Avast Real-time Shield Scan Report' negate: true match: after ignore_older: 3h filebeat.registry.path: 'C:\ProgramData\Filebeat' processors: - rename: fields: - from: "agent" to: "beat_agent" ignore_missing: true - rename: fields: - from: "log.file.path" to: "source" ignore_missing: true output: logstash: hosts: [">:5015"] ssl: certificate_authorities: ['C:\ProgramData\Elastic\Beats\filebeat\Logzio.crt'] 
  • Your Logz.io log shipping token directs the data securely to your Logz.io Log Management account. The default token is auto-populated in the examples when you’re logged into the Logz.io app as an Admin. Manage your tokens.
  • Use the listener URL specific to the region where your Logz.io account is hosted. Click to look up your listener URL. The required port depends whether HTTP or HTTPS is used: HTTP = 8070, HTTPS = 8071.
  1. Run Filebeat with the new configuration.
Check Logz.io for your logs

Give your logs some time to get from your system to ours, and then open Open Search Dashboards. You can filter for data of type avast to see the incoming Axonius logs.

If you still don’t see your logs, see Filebeat troubleshooting.

Optional configuration with report files

Configure Avast Antivirus to generate report files for your scans

If you want to send data from virus scans together with the logs, you need to enable Avast Antivirus to generate report files for these scans. You do not need to change antything in the Filebeat configuration as it already includes paths to these report files.

  1. Open Avast Antivirus.
  2. Navigate to Menu > Settings > Protection > Virus Scans > Full Virus Scan.
  3. Check the Generate report file checkbox.
  4. Navigate to Targeted Scan.
  5. Check the Generate report file checkbox.
  6. Navigate to Explorer Scan.
  7. Check the Generate report file checkbox.

Get Information From Avast Boot Scan Log

thestarsoftwareshop.com

One of the most important features of Avast Antivirus is the ability to organize Boot-Time Scan in case of suspicion of risk for the OS. As a result, during the launch of your gadget, it will scan for various hazards and, if detected, remove them before starting the OS.

As described above, this function is used if you think there are possible threats in the system. It may take a certain amount of time to start Boot-Time Scan. Not being able to run automatically means that manually scheduling is necessary.

Nevertheless, before start, it’s necessary to familiarize yourself with the specifics of this function and the process of responding to the found threats. The purpose of our article is to disclose these aspects together with the avast boot scan log.

Responding to the Found Issue

To specify the steps that function will take during the detection of threats, it is necessary to allow automatic operations or not. Using these actions, function will automatically apply them to all noticed hazards. At the same time, turning off automatic actions helps to select a specific actions for the detected hazards.

Setting Boot-Time Scan Log organizing requires the following steps:

  • Opening the user interface ▶ Protection ▶ Virus Scans.
  • ▶ Setting.
  • ▶ Boot-Time Scan.
  • ▶ Perform automatic actions. There you can turn off automatic actions, unticking the option, or do opposite steps to enable this.
  • In the second case, your task is to select the automatic action, which includes fixing, moving to the Virus Chest and deleting.

First of all, you should try to choose Fix automatically. This option implies an attempt to save the document. If the latter is unsuccessful, Avast Antivirus moves it to Virus Chest or, as a last resort, deletes.

Virus Chest. The file has no way to damage OS.

Deleting. The program moves the harmful file from your gadget.

During the work of scan, the program’s response to malware is in line with the user’s preferences.

Organizing

When you are done with the specifying of responding phase, proceed to the following.

Firstly, it is necessary to find tab that is called Boot-Time Scan as it was done earlier.

After that, your task is to push Install specialized definitions and then Run On Next PC Reboot.

Restart a computer. During this, you will see the progress.

The specified actions will be applied during the detection of various threats. If automatic actions are allowed, the application will eliminate a malware without requiring user’s participation. Otherwise, you should select actions in accordance with the settings.

In fact, the scanning process often takes some time. However, the latter is influenced by such individual factors as the speed of OS and amount of examined documents.

Viewing Results

The program automatically creates an avast boot scan log. The latter is a repository of information about the scan types, the launch date and of course the results. You can easily find a button called Show Results after the scanning is finished. However, to familiarize with the results of earlier processes, you should access the avast boot scan log using the History window.