![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 69%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hey guys, today i found after deep scan with avast free this:
C:\ProgramData\Microsoft\Windows Defender\Definition Updates{960E7296-B0DD-49C5-BE4F-9AA0EC444E37}\nisbase.vdm ...and the same path but to file ..nisfull.vdm
< SNIP >
If anyone would simply read exactly what's displayed in front of them:
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\
This is clearly in the program data files folder for the Microsoft Windows Defender - Definition Updates.
The files nisbase.vdm and nisfull.vdm are the base and complete definitions modules for the Network Inspection System (NIS) that's been part of the Microsoft security products since Microsoft Security Essentials 2.0.
So obviously the Avast deep scan is detecting the definitions update packages for Microsoft's NIS as malware, likely the signature fragments contained within these that identify specific network attacks, as if they were actually malware.
This is an inherent problem with any security product's full scan (e.g. deep scan) process, since these scans are always looking at files stored in a file system out of context, so these scans will quite often misidentify such items as malware.
This is also why I recommend against using such full or deep scanning unless malware has already been either detected or suspected on a system, since the high likelihood for false positive detections simply adds to confusion and typically does little to find malware not already detected by either the real-time or quick-scan components of the program, which specifically look for malware in the locations they are known to operate.
Rob