Few requests for improvements

[cooby]

1. Scan needs two options (1) to scan internal SDcard, (2) external SDcard. I happen to have tons of harmless content (pictures, music ported over from Windows. No point rescanning all that stuff). I realize that some applications might end up there, or even malware directed at Windows. Still it would be nice to be able to schedule your life for a quick or a long scan.

2. If there is malware detected, we do need ignore option. I love to keep my Trojans around

3. Firewall log disappears too soon. Please make it persistent. Often one wants to look at the log much later than at the time of some website trouble. By the time one investigates the device, the router, the LAN, maybe googles for info, the log is gone.

4. Please, please, please, start logging of installing applications, name of the .apk file, its description (title user sees), date and time.. It can't be that difficult. Many on this forum, especially in Beta were asking for it, and I still do.

5. Detect during installation that an app will push something like AirPush ads. This too was discussed several times.

[svehlak]

ad 1/ We do scan both SD cards - you experienced different behavior? Please report :-)
ad 2/ Will propose
ad 3/ Firewall log is saving itself until the firewall is set off (reset iptables rules) or loggin is set off. I can try to make a proposal about saving the log again.
ad 4/ Could you describe more deeply? I do afraid that such logging will take some battery capacity and off course you can still have the log from adb logcat.
ad 5/ AirPush is now in discussion.

[cooby]

1/ see my proposal, scanSettings picture below

2/ great. Possibly ask Ignore? and add "might be dangerous, are you sure?" or stick in quarantine.

3/ I don't understand what you wrote. I don't set anything off, I don't reset iptables, I don't set logging off. I think a running log  of URLs, especially blocked ones, would be good to have. It could be small, say keep a day or two, but not minutes, or roll over the text putting newest stuff at the end. Perfect example of the need is in the recent thread http://forum.avast.com/index.php?topic=112217.0

4/ See picture below,  AppUpdateLog as an excellent example. No impact on battery, believe me even with Avast running at the same time. I don't know what adb logcat is. Tell me details please. (The only thing I know about adb is something in Windows I had to use to root. It was ADB drivers and some instructions to send commands to Thrive.)

5/ See picture below, AirPush - also shows update and new a app installation log entry.


6/ Jan, do you still have a Thrive tablet? When we were doing the first beta, you mentioned you had one or were familiar with it.

[svehlak]

ad 1/ see your point, will propose
ad 2/ Ignore for now is may be better - it will show the item in next scan
ad 3/ Logging is active when a/firewall is running and b/logging is set to on. Immediately when the rules are changed or firewall is turned off, log is deleted. I tried to propose it before and I will try again :-)
ad 4/ adb is android debug bridge and it is basic development tool from SDK; adb logcat is logging tool for things installed inside (you can find free apps on Play using it). I do not think that the implementation in avast will be done (of  apps update), but may be on portal...
ad 5/ AirPush could be detected, but may be we will use another solution.

Sorry, I do not have the Thrive any more :-(

[svehlak]

May be for 4/ is application management usable?

[igor]

If there's any ignore option, it should be "well hidden" - otherwise many inexperienced users get infected.

[Lisandro]

2. If there is malware detected, we do need ignore option. I love to keep my Trojans around

-1, like Igor said.

5. Detect during installation that an app will push something like AirPush ads. This too was discussed several times.

+1

[cooby]

If there's any ignore option, it should be "well hidden" - otherwise many inexperienced users get infected.

I agree 100%. Not only will get infected, but will blame Avast for no protection
The point is, it maybe eicar testing in various locations, or, more important, it maybe false positive of an important application. So it is usefull even though I completely understand the danger.

[reinhardholzner]

regarding firewall log: additionally the log is cleared after some time as the data amount will get too large. persisting it would quickly fill your device storage + it will slow down performance because of writes.

[cooby]

@reinhardholzner,
Your concern for slowdown due to writes is valid.
But filling the storage space can be overcome by rolling the log - remove early entries, append newest ones. A limit on number of entries could be set. Repeating entries could be collapsed into one line.

Just yesterday something was blocked and I wanted to check in Windows few IPs on DNSstuff or some other such, and by the time I got back on the Thrive to grab the next IP, the few logged items were gone and I even failed to catch what application got blocked.
So the log just isn't very useful when one needs to figure out why something didn't work.

Alternative design feature - ASK the user : Application xxxxxxx wants to connect to xxx.xxx.xxx.xxx, resolved IP, Allow?Deny.