This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

File Shield

This Article Applies to:

  • Avast Business Hub

 

File Shield is the main layer of Antivirus active protection. It scans programs and files saved on devices for malicious threats in real-time before allowing them to be opened, run, modified, or saved. If malware is detected, File Shield prevents the program or file from infecting devices.

We strongly recommend you always keep this shield turned on and only make configuration changes if you have an advanced understanding of malware protection principles.

Windows and macOS configuration options are mixed together in the policy settings for the various components.

Note that in Antivirus for macOS, the shields can only be disabled, not uninstalled. Therefore, if you uninstall File Shield from a policy, the service on macOS endpoints will only be disabled.

Scan Behavior Tab

Scan when executing: Select whether to scan programs, scripts, and/or libraries when the files or programs are executed

Scan when opening: Select whether to scan documents, documents with custom extensions (you input), and/or all files when the documents or files are opened

Scan when attaching: Select whether to scan auto-run items and/or diskette boot sectors when removable media is attached

Scan when writing: Select whether to scan files when writing (default extensions, custom extensions, or all files), and also whether or not to scan files on remote shares or removable media when the files are created or modified

Policy (macOS): Select whether to report potentially unwanted programs (PUPs) and quarantine infected files or not.

Actions Tab

Control what actions are taken by Avast when a virus, potentially unwanted program (PUP), unwanted tool, or suspicious file is detected.

Main Action/First action to try: Select the first action you want your Antivirus to take (for example, if it will first attempt to fix or quarantine the threat, or delete it immediately).

If, for whatever reason, Avast cannot complete the main action, it will attempt the action selected under If the action fails, use.

Notification Options: Choose whether to show notifications when File Shield takes action against a detected threat, and/or to perform the selected action upon restart.

Processing of infected archives: Choose whether to only remove the packed file from the archive (and if that fails, do nothing), remove the packed file from the archive (and if that fails, remove the entire archive), or to remove the entire archive.

Packers Tab

Configure which archive (packer) files Antivirus should try to unpack during the scanning process. Unpacked files can be better analyzed for malware by File Shield. Unpacking a file is the same as extracting a file from an archive. Original archives, including the files contained within, remain intact when being processed by your Shield.

You can select All packers, or specific packer files from the extensive list by checking the boxes.

Sensitivity Tab

Adjust the sensitivity of the Antivirus scan for File Shield.

Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware. Code emulations unpack and test suspected malware in an emulated environment where the file cannot cause damage to devices. Use code emulation is enabled by default

Sensitivity: Choose to test whole files, which will cause the scan to be slower but more extensive

PUP and suspicious files: Choose whether or not to scan for Potentially Unwanted Programs (PUPs)

For Antivirus versions 21.5 and newer, you can also choose whether to scan for potentially unwanted tools.

Report File Tab

Customize the content of the shield-specific scan report file, such as which items are included, the file name, and file type. The report is saved in C:\ProgramData\Avast Software\Avast\report (Windows 7 and higher).

Anti-Exploit Monitor

The Anti-Exploit Monitor (called Anti-Exploit Shield in the local client) scans and protects against known exploits (e.g. the "Hafnium Exchange" exploit) in popular software. This feature is part of File Shield and can be enabled both remotely via the Policy settings of the console (see Troubleshooting Features) or locally via the Protection section of the client UI (see Core Shields Settings).

Adding File Shield Exclusions

If needed, you can add exclusions to the File Shield scans through the Antivirus Exclusions settings of a selected policy. This can speed up the scans and prevent false-positive detections.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.