Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on June 24, 2014, 10:30:38 PM
-
I work for a consulting firm and we've been in a dilemma for awhile now. We really want to recommend Avast Antivirus, but the absence of an "IGNORE" or "ADD FILE TO EXCLUSION LIST" has been an issue with Avast for some time now. We are, also, (given that the rest of the review sites have seemingly sold out) launching a new review site with real and honest reviews by certified technicians that have actually tracked the spotlighted software (that includes... is it doing what it claims and what's it doing in the background, unknown to the user).
Although it's not perfect and we would like to see some minor changes, we still really wanted Avast to be "our #1 choice" for security... but, their refusal to acknowledge a very serious problem with their software (in our attempts to contact Avast, it does not appear that the developers even hear about such things and instead, follow blindly forward oblivious to what would otherwise be valuable data for future choices). If you check the other more popular general forums (Google, Yahoo, etc), you can see that users have been requesting that this be addressed for a fairly long time now and we can only determine from this and our own experiences with Avast staff that this issue will continue to be ignored, wholeheartedly.
As such, we will not even be able to list Avast as a recommended security package, let alone the best... the refusal to acknowledge the possibility of false positives, whether through miss-interpretation of installation advertisements on quality freeware, miss-fires via the heuristics engines on technical software, and etc., is a deal-breaker in our opinions and we will be continuing our search for the best security package.
We do believe that once it becomes common knowledge that Avast has such a serious limitation, their current user base will dwindle dramatically and quickly... we're sorry to see this happen to what is otherwise a seemingly quality product, but if only their employees had just passed the information along and let development decide what's important, rather than assuming they, themselves, know best.
Forcing us to remove software that we trust, because you have no contingency for when your software makes a mistake (like all AVs do) is a profit-killer and how you cannot see or understand this, even from non-technical employees, is certainly beyond our understanding.
-
the refusal to acknowledge the possibility of false positives,
False positives should be reported to avast lab so it can be corrected and benefit all avast users
-
the refusal to acknowledge the possibility of false positives,
False positives should be reported to avast lab so it can be corrected and benefit all avast users
That's ironic, I was actually just hopping in here one last time to try and head you off at the past. But, you were too quick.
As I am well aware of some forum watchers, let me try to square some arguments ahead of time, before those who love to show their prowess by arguing points they either have no working experience in or have used no common sense, before posting.....
Being the ONLY quality AV scanner that does not allow users to handle their own files is not justified by proclaiming that every user of Avast, no matter their schedule or workload, should have to take the time to contact Avast and report such false positives, when if that were such an issue, Avast can and probably already does tally this information via the community participation option within the Avast program.
Second, I know some will interject that this is not issue, as it can be circumvented by simply sending the false detected file/app to the Chest... then, opening the Chest and recovering it... then, adding the file manually to the exclusion list. Even for those of us who have the technical capability to do so, find this process to be needlessly cumbersome and annoying... but, is as yet, being short-sighted as to the typical computer user, who does not have the technical know-how to do this.
This post was to Avast as a last ditch attempt for them to realize a glaring hole in the software, which ALL of their competition have accounted for and it is not intended as a vehicle to argue non-sense with forum jockeys that simply want to argue to demonstrate their own perceived knowledge about a subject in which they are ignorant.
-
the refusal to acknowledge the possibility of false positives,
False positives should be reported to avast lab so it can be corrected and benefit all avast users
It isn't the refusal to acknowledge the possibility of false positives, but to prevent harm to a users computer through accidental use.
The issue is not having a single click option to ignore and allow to run as accidental click could leave the user at risk of infection, when not an FP.
There is nothing to stop the user manually adding the file name and location to the exclusions, so it is a deliberate act (not an accident) to exclude and allow it to run.
-
no matter their schedule or workload, should have to take the time to contact Avast and report such false positives,
if no one takes the time....how will avast lab know, and correct?
if file is moved to chest it is just a right click and send to avast lab .... should take less then a minute
avast! 2014: Using the Virus Chest http://www.avast.com/en-eu/faq.php?article=AVKB21#artTitle
or you can report it here http://www.avast.com/contact-form.php
-
no matter their schedule or workload, should have to take the time to contact Avast and report such false positives,
if no one takes the time....how will avast lab know, and correct?
if file is moved to chest it is just a right click and send to avast lab .... should take less then a minute
avast! 2014: Using the Virus Chest http://www.avast.com/en-eu/faq.php?article=AVKB21#artTitle
or you can report it here http://www.avast.com/contact-form.php
I'm done, you're an idiot... far too stuck on proving you're not. Why don't you check the competition Avast and the other forums that have users requesting this be addressed for a very long time? If you listen to forum jockeys, who only argue on forums, rather than working the field, because they want to "feel smart", you really will shoot yourselves in the foot.
-
I'm done, you're an idiot... far too stuck on proving you're not.
Thanks ... i love you to :-*
-
@herschk
This post was to Avast as a last ditch attempt for them to realize a glaring hole in the software
I consider Avast the only company with enough brains to realize that users aren't competent to make that decision.
Not allowing direct decision making as to safe or infected to the user, keeps the system safe.
Avast is very fast with updating their data base should they have made a mistake which doesn't happen very often.
The process to report a program to the virus lab is fairly simple. Even a novice should be able to figure it out. :)
-
no matter their schedule or workload, should have to take the time to contact Avast and report such false positives,
if no one takes the time....how will avast lab know, and correct?
if file is moved to chest it is just a right click and send to avast lab .... should take less then a minute
avast! 2014: Using the Virus Chest http://www.avast.com/en-eu/faq.php?article=AVKB21#artTitle
or you can report it here http://www.avast.com/contact-form.php
I'm done, you're an idiot... far too stuck on proving you're not. Why don't you check the competition Avast and the other forums that have users requesting this be addressed for a very long time? If you listen to forum jockeys, who only argue on forums, rather than working the field, because they want to "feel smart", you really will shoot yourselves in the foot.
??? Really no cause for flaming. As we don't work for avast! but volunteer our help to all. No insults, get free help. I think an apology is in order. :o
-
Wow, now Avast's customers are stupid ?...Avast is now protecting us from our own ignorance. This sounds like the US Government (Obama)......"don't worry we are taking your rights but it is for your own good".....what a bunch of who-ey. ;D
Seriously, it is a good argument on both sides........Avast needs to ensure the feedback, they think they are protecting users.
It really comes down to the files/types it falsely flags.....what if those files are critical to a program or worse the O/S ?....it happens. Perhaps the take-away here is not to change Avast's philosophy (since clearly they have thought this thru and are in different camp than others) but how to implement a more streamlined approach to the average (in Bob's words "in-competant") user ?
Anyway, very interesting topic for sure.
-
(in Bob's words "in-competant") user ?
Nice job of twisting my words. You should have been a politician.... ;)
-
(in Bob's words "in-competant") user ?
Nice job of twisting my words. You should have been a politician.... ;)
All in fun....just ribbing ya. :)
Interesting topic.....never really thought about it much but I can see both sides of argument.
My only true comment is that Avast should come up with a cleaner....easier.....way to allow the use to handle.
Since quarantine is forced perhaps a review (opening) of this section automatically before proceeding.
Not 100% sure.....would have to think on it some.............
-
the refusal to acknowledge the possibility of false positives,
False positives should be reported to avast lab so it can be corrected and benefit all avast users
Then perhaps Avast can add a clickable "report false positive to Avast" right in the software would be good, with an immediately activated update in the local installation so a user stops having unnecessary issues.
I am getting tired of having Avast display repeated warnings because it doesn't have the software that we use in it's database and keeps blaring that it is harmful. It isn't. We've used it safely for years and previous versions of Avast never flagged it. Just the last few months have been an issue.
-
@herschk
This post was to Avast as a last ditch attempt for them to realize a glaring hole in the software
I consider Avast the only company with enough brains to realize that users aren't competent to make that decision.
Not allowing direct decision making as to safe or infected to the user, keeps the system safe.
Avast is very fast with updating their data base should they have made a mistake which doesn't happen very often.
The process to report a program to the virus lab is fairly simple. Even a novice should be able to figure it out. :)
This may be true for an average fiddles around on the internet and does some minimal home record keeping sorts of things type users, but some of us do more extensive and specialized applications.
When programs install they offer the options to install with the most common settings or to do a custom install picking features to install and which to ignore. There is no reason why Avast couldn't have that same option in the settings to allow advanced users more liberty in how and what the software does with results. It would ultimately make it safer for all because it is akin to having a secondary tech team with vast experience helping to pave the way safely for the novices that follow.
-
Interesting topic.....never really thought about it much but I can see both sides of argument.
My only true comment is that Avast should come up with a cleaner....easier.....way to allow the use to handle.
Since quarantine is forced perhaps a review (opening) of this section automatically before proceeding.
Not 100% sure.....would have to think on it some.............
An additional button could be for those who think something is safe, but are unsure and then Avast can look into it further. There are many who fall somewhere between novice and advanced, then again between advanced and expert.
-
It would ultimately make it safer for all because it is akin to having a secondary tech team with vast experience helping to pave the way safely for the novices that follow.
This is the action you institute by submitting what you presume to be a false positive to the guys in the virus lab.
Once confirmed, that item will then no longer be tagged as an unsafe item.
The ultimate decision still rests with those you've hired to keep you safe.
-
Then perhaps Avast can add a clickable "report false positive to Avast" right in the software would be good, with an immediately activated update in the local installation so a user stops having unnecessary issues.
A link to report false positive is right in the detection popup, isn't it?
Most solved false positive are distributed (also) via reputation services... i.e. basically instantly. So once the false positive is solved avast! stops detecting the file.
-
It's by design so people don't go and exclude every thing avast! pops up about. I've seen that so (too) many times...
-
I have been seeing way too many Win32: Evo:gen [Susp] reports - all false positives - lately.
Yep, I've submitted them all.
Yep, they're still happening after the latest update/reboot.
They happen on trusted tools that have been on my system for YEARS, and which have been passing Avast's own scans every day.
It's a "[Susp]" report! Not an "OMG, it's the instant-death-parasite virus in all it's glory" report!
I would appreciate being given the opportunity to ponder a "[Susp]" report on a file I recognize and make the final decision to "push through" anyway, instead of being FORCED to blow up whatever job is running, however complex or important. And also to be able to directly configure the sensitivity of the heuristic that's clearly broken, so I can fix the root cause until the fix comes out.
How about an "ignore rule until next update" capability with regard to "[Susp]" reports?
How about a secret "user is in charge" registry tweak that's geeky to apply and which at least makes it possible for an expert user to take control?
Thing is, Avast really doesn't know better than I do about every single file on my computer. I've been a software engineer for a few years shy of 4 decades. I actually do know a thing or two about what I'm doing and the files on my computer. I don't appreciate a product so dumbed down that I can't override its bad decisions with better ones, resulting in lost time and lost work.
EITHER Avast needs to work out their false-positives and get it right 100% of the time, or they need to provide the user the opportunity to recover from Avast's mistakes. I don't think the first is possible. It's arrogant to think the second is not needed.
-Noel
-
@ NoelC,
I guess you didn't like Avast"s answer which was posted by igor.
In ten years of use, I haven't yet run into a situation were the current policy of Avast made use of my computer impossible. :)
-
We all get false positives, they seem to be a fact of AV life. I can remember them from w95 days, and they were much harder to deal with then.
In Avast!? Easy. Just turn off the Heuristics. Simple. Avast! used to pick up my Lotus files regularly, not to mention various other legacy software. Switch off heuristics and Problem Solvered! (stolen from a popular Aussie paint ad ;D )
Ah yes. I did submit many FPs to the Virus Lab, and it was generally painless, but much easier to do as an email attachment.
Gordon.
-
No, I do not think the present approach is right, no matter what Igor has said.
I have expressed my opinion. It's a learned opinion, and I'm not going to debate it with those of you who don't do with your computers what I do or have the same knowledge. I expressed it here in the fond hope that people who make a difference might see it and realize that not every thinking person is in agreement with the "Avast always knows better" school of thought.
Don't worry, I'm not going to "stomp off ranting and switch to the competitor's product" over this. :)
-Noel
-
I would prefer to be part of the Avast Knows Best crowd than your alternative
which appears to be the NoelC Knows Best crowd. :)
-
Bit hard to understand why something so obvious causes mudslinging here.
All we need is simple things so that unknown programs can run
1. description of interaction between deep screen, hardened mode and reputation
2. make exclusions work and all in one place
3. add IGNORE or ALLOW when an alert comes up, as it was in version 8.
Refusing to believe or understand that some users may have programs unknown to Avast team, or programs changing frequently, that submitting as FP is impractical is not helpful.
Not all of us are complete idiots.
-
Not all of us are complete idiots.
Well said.
Let me postulate something...
Some of us have setups where Avast does NOT actually regularly detect malware, because we have set up other things and follow practices that make it almost unnecessary to have Avast in the first place. It's just there as a safety net that really doesn't get used.
I suspect those who are anti-choice may be those who find Avast blocks infections all the time. Those who find Avast saves their bacon on a regular basis quite likely would have a completely different outlook than those who never see Avast alerts except for false positives on files that have already been on the system for years.
I don't believe Avast has actually blocked any malware on my system since some time in mid-2013, when it alerted on a web site that couldn't actually have delivered the malware anyway, because I have ActiveX turned off and scripting severely limited.
I don't need the safety net jumping up and getting in the way of the adept trapeze artist. ;D
-Noel
-
Please, in last 11 years here I've seen the asking for changing the policy, please, no, do NOT change the false positive policy. It's the best we can offer to +220 million users.
-
I agree :)
The security of so many is more important to me than the ( temporary ! ) irritation of a few.
Greetz, Red.
-
@herschk,,, I agree with you completely. they have gotten too big for their britches
to listen to us - I just finished a grueling task to erase every last of their items from
my pc. ver 9 :-p ... would rather go without for a while (tried avg - nope)
and its sad cause they seemed to have ""been"" the best,, but they are going the way
of the do-do bird.
-
I know I mostly ghost these forums and glean information I need to solve problems, sometimes my own but decided I'm going to comment here.
In the 20 some years that I've worked on computers, most of which was removal of virus and malware, the number one reason can be summed up in the response I typically get from clients I ask why something was installed which was 'I thought it was wrong when it said it was a virus so I pressed ignore'. The average user in my experience of over 20 years has been that of someone that needs their hand held when it comes to the security of their computer. It isn't that they are dumb, ignorant, or a slew of other twists to what I am saying it is often simply in too much of a hurry to really read what the warning is saying on the screen or simply lacking experience with what or where things can be trusted. Now, if you have a client that you 'teach' how to slow down, read, and understand what is safe and what is not... that is different and then also teach them where and how with Avast! you can safely ignore the warning. In my opinion from my experience, Avast! has the right thinking that the needs of the many out weigh the needs of the few who have the knowledge to know the difference between the false positive and the real deal.
For those of us who have the knowledge and experience to correctly tell Avast! 'Ignore this' and 'ignore that', the aggravation that we get from jumping through the exclusion loops is far less than the hundred of thousand common users who would simply press 'ignore' then spout off how Avast! failed them and let viruses/malware into their computer that they said it's ok and just ignore to. Not to mention the sudden increase in costs of repair to remove said viruses and malware. Avast! is thinking on a saving resources globally level not just the ease of use level and what is best for the average user.
I will say, it would be nice (nothing that I would demand on the Avast! Team but ask politely, being I'm only a customer as well and I DO understand their point of view and agree with it) to have a hidden option or a buried one that is hard to find (even if its a registry key to change) that would allow for an 'ignore' button on the suspected threat warning before it goes to quarantine that automatically submits it to Avast! for review as well as a second hidden option to 'submit' the false positive with ignoring or not to for those of us who are flooded by too many false positives due to unique or antiquated software being run that appears iffy to Avast!.
Additionally, for those slinging mud and making the stand that they are far superior of an intellect and know far more than an entire forum of geeks and Avast! Team Members (of which I'm in the Geek crowd) I do hope that one day you can see that no one is superior to another, that each of us have a strength of one area or another that the other person doesn't. In basic, we are all on the same ground footing and simply see a problem from different points of expertise, experience, and views. Putting ALL 3 of these areas together from everyone and you then see the broader picture that Avast! is viewing by a cliental base of over 200 million and hearing all three of these areas from many of them.
Lastly, over the many years I have been with Avast! I've seen them go from having an easily accessed IGNORE option to what it is today. I've seen their 'GEEK' UI that it use to be which was hard sometimes even for a geek to understand go to the now streamlined one that the most novice of users today can figure out very easily. Again, in my opinion, they have over the years made the Avast! program into something designed for the many average users at the price of some frustrations for the few of us users who are ubber geeks. The current design with the hard to reach ignore/exception has reduced my numbers of 'repairs' considerably because most of my cliental now are those using other antivirus software before I switch them to Avast!. The remainder is hardware / non-malware problems.
-David
-
Perhaps a setting buried in Avast! GUI to permanently turn on the ability to exclude for the scenarios mentioned above would do for geeks (of course disabled by default).
I do agree with the reasoning of the current loops required for users by Avast to exclude files for such cases. However, I believe the approach I suggest would be a good compromise as if the user actually manages to find the hidden setting which I mentioned, nothing is going to stop the user from excluding the files he requires. The current situation of inconvenience would only making him extremely irritated.
That said, it is definitely preferable to submit false positives when one has the opportunity to do so.
-
Perhaps a setting buried in Avast! GUI to permanently turn on the ability to exclude for the scenarios mentioned above would do for geeks (of course disabled by default).
I do agree with the reasoning of the current loops required for users by Avast to exclude files for such cases. However, I believe the approach I suggest would be a good compromise as if the user actually manages to find the hidden setting which I mentioned, nothing is going to stop the user from excluding the files he requires. The current situation of inconvenience would only making him extremely irritated.
That said, it is definitely preferable to submit false positives when one has the opportunity to do so.
As soon as you make such an option available, it will be used and cause infected computers.
Nothing wrong with the current policy of having to submit the program to Avast.
The process is painless and has saved many a computer from winding up in the repair shop.
For the "experts" who seem to have a problem with this policy, you have alternatives. :)
-
You can still exclude it by hand through settings. You don't encounter 10 false positives every day, i've only had like 3 in 10 years of being with avast!. So, doing it through settings is not really an issue. Essentially, you want to get the FP solved properly and permanently anyway...
-
If they happened to allow the avast default action on detection, Send to Chest - then they can open the chest and elect to Restore and add to exclusions.
A copy remains in the chest (in case there is a problem with restore) you can use that to send to the virus labs as an FP if that is what you think.
-
In the past couple of weeks I have been getting the "Win32: Evo:gen [Susp]" reports just way too much. It's ridiculous, and HAS MADE MY COMPUTER DIFFICULT TO USE. I am a power user, avast isn't necessary for myself but this is a shared computer where I don't trust the other users not to mess up, and avast has been great for this and I've been recommending avast to family and friends since the avast 4.7 days.
I have the heuristics set to LOW. I can't imagine what it's like for people with it at Normal, let alone HIGH.
It is ridiculous that you can't add a little checkbox akin to the "dummy mode" for "power-user mode", which allows for things such as "Add to exceptions" "Ignore" etc. to the action dropdown box when something is detected. I understand the reason for the current default of NOT having that in said dropdown box, and it's sensible, however there needs to be some choice for users who DO understand the risk of something like that to be able to have it.
Let me give you a list of what's been going on here:
After updating my AMD GPU drivers, multiple DLLs for Catalyst Control Center were being detected as a "virus omg oh no" (suspicious, nothing actually detected), making it incapable of running and not even allowing for the GPU to be functioning properly. Video games have been out of the question. Each time I've just had to hit "Block" and "Report File (or whatever that's called)".
"Well just add stuff to exceptions!" <-- No, the UI has become uninhabitable for me and to add an exception you have to add an entire folder which includes all its sub-folders. For some of my things I'd have to except just about the entire drive. THAT isn't secure and defeats the entire purpose (AND MORE!) of not having an "Ignore" option!
After about A WEEK, those DLLs were finally quiet and everything for them worked alright.
Now, I'm getting Nightly (nightly builds of Firefox, 64-bit, hey I'm a power-user) detected as "virus omg oh no" (suspicious, nothing actually detected) all the time too, and since it updates every day the problem just isn't getting fixed. I was forced to whitelist my internet browser and anything in its folder. Great. That's yet another security problem. Heuristics is just completely broken here once again.
At this point I'm going to have to stop recommending avast and try to find something else. There goes about a hundred avast customers, maybe more.
-
I could never understand why someone thinks that threats will make someone yield
to something that only needs changing in the eyes of a very few. ???
-
You can still exclude it by hand through settings. You don't encounter 10 false positives every day, i've only had like 3 in 10 years of being with avast!. So, doing it through settings is not really an issue. Essentially, you want to get the FP solved properly and permanently anyway...
I have maybe 1 in a months time. I usually submit it to the labs for testing and also let the developers of what is hitting the false know about the false positive as well.
I could never understand why someone thinks that threats will make someone yield
to something that only needs changing in the eyes of a very few. ???
I agree and don't even try to figure it out.