Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on September 20, 2015, 10:53:54 PM
-
I've managed to download EICAR test file over SSL connection and nothing happened, I can even double click to run it.
-
The same thing is happening to me. All shields are active at my end. I am using PPPOE connection.
The following is the direct download link.
https://secure.eicar.org/eicar.com
-
I downloaded that file and i right-clicked that file and I manually scanned it by Avast.
Do a repair of avast via add/remove. Follow instructions. After repair has been done, do a system restart.
-
My avast can detect a threat when I do a manual scan, but it detects nothing when I download and run it.
-
Ok. I will report this post to admin so an avast member can have a look at it.
-
When I click on the 'eicar.com' file, the avast icon in the system tray does rotate, showing that real-time scanning is working. However, it detects no threat.
-
I tried it on a fresh windows install, but the problem still exists.
-
It seems that the problem does not lie at our end.
-
Before Avast, Kaspersky was installed. Does it help?
-
Before Avast, Kaspersky was installed. Does it help?
The question now is "How was Kaspersky removed" ???
-
I tried it on a fresh windows install, but the problem still exists.
If so, I think the problem has nothing to do with Kaspersky.
-
I tried it on a fresh windows install, but the problem still exists.
If so, I think the problem has nothing to do with Kaspersky.
Unless the fresh install came from the original manufacturers image which included a trial of Kaspersky....
-
I have just installed 360 Total Security, which can detect the threat when I click on the following link: https://secure.eicar.org/eicar.com
Avast is still on my computer but has been disabled.
-
I have just installed 360 Total Security, which can detect the threat when I click on the following link: https://secure.eicar.org/eicar.com (https://secure.eicar.org/eicar.com)
Avast is still on my computer but has been disabled.
My results when I click on your link:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442847370233-39470.png)
-
No, it's on a different HDD, but it's not mine so I can't access it right now. (Actually, I can not be sure it's clean, but there were no antivirus software installed, so i considered it a fresh install. My mistake, sorry.) I removed Kaspersky via add/remove programs, but then the web shield did not work, so I uninstalled everything, used KAV remover, then installed Avast again.
-
(Actually, I can not be sure it's clean, but there were no antivirus software installed, so i considered it a fresh install. My mistake, sorry.)
Then the problem has nothing to do with Kaspersky.
-
(Actually, I can not be sure it's clean, but there were no antivirus software installed, so i considered it a fresh install. My mistake, sorry.)
Then the problem has nothing to do with Kaspersky.
https://forum.avast.com/index.php?topic=176722.msg1253260#msg1253260
-
Last year I removed Microsoft Security Essentials and then installed Avast, which could work properly, so I think a previous AV should not be the cause of the problem.
-
Last night It let me download eicar over HTTPS without detection. But It did get detected upon opening the download folder
-
Last night It let me download eicar over HTTPS without detection. But It did get detected upon opening the download folder
A lot depends on exactly which eicar test you download, .txt files and some multiple zipped/rar archives won't be scanned as they don't present an immediate risk as the eicar.com file would/should.
-
I have just installed 360 Total Security, which can detect the threat when I click on the following link: https://secure.eicar.org/eicar.com (https://secure.eicar.org/eicar.com)
Avast is still on my computer but has been disabled.
My results when I click on your link:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442847370233-39470.png)
Same here, the first time I tried.
The second time, the connection was disconnected.
-
Hi guys, the problem is in us. Will fix it soon.
-
Please notify me as soon as you have fixed the problem.
I will keep using 360 Total Security as a stopgap until your notification.
-
Please notify me as soon as you have fixed the problem.
I will keep using 360 Total Security as a stopgap until your notification.
Sorry but your reply makes not sense.
There's nothing wrong with Avast's protection. The fix has nothing to do with giving you more or less protection.
-
Do you mean the problem has to do only with 'eicar.com' but not with real viruses?
-
Do you mean the problem has to do only with 'eicar.com' but not with real viruses?
That's correct. :)
-
How did you know that?
-
I see the URL is now blacklisted, but is it a correct solution?
-
I see the URL is now blacklisted, but is it a correct solution?
??? what do you mean blacklisted ???
-
The "https://secure.eicar.org/eicar.com" is on a blacklist and immediately blocked by the web shield even the file can not be analyzed right there.
-
The "https://secure.eicar.org/eicar.com (https://secure.eicar.org/eicar.com)" is on a blacklist and immediately blocked by the web shield even the file can not be analyzed right there.
It is a test file designed to test your AV and see if it blocks it. It is not a virus. There is nothing to analyze.
-
There is a huge difference between blocking an URL or downloading the file, analyzing it, and recognizing that this is the test file what is supposed to be marked as an infected one and handle it that way, while the user is also warned about it.
-
There is a huge difference between blocking an URL or downloading the file, analyzing it, and recognizing that this is the test file what is supposed to be marked as an infected one and handle it that way, while the user is also warned about it.
This certainly isn't blocking the URL:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442847370233-39470.png)
-
Thank you, but on MY system, only the web shield blocked it.
-
The "https://secure.eicar.org/eicar.com" is on a blacklist and immediately blocked by the web shield even the file can not be analyzed right there.
The site isn't blocked or on a black list, clicking on the link you gave is essentially downloading the file. The web shield is scanning the file as it is downloaded to your system and alerts on it as it should and aborts the connection.
If you went to the eicar.org site first and it was on a blacklist or blocked then you wouldn't even get there to manually download the file.
-
Today afternoon the http://www.eicar.org/85-0-Download.html address was available, but clicking on the https://secure.eicar.org/eicar.com was blocked immediately by the web shield. Now, I had to uninstall Avast, but gave it a try on another system where the business suite is installed, and the result is the same:
The test file can not be downloaded for analysis because it's blocked. (I restarted the system after update.)
I can still double click on the previously downloaded file and nothing will happen.
I know it should be in the business product section, but the problem is the same, please move it if neccessary.
-
Exactly the same is happening at my end, gj_sp.
If I turn on 'Block malware URLs' in 'Web Shield', the following screenshot will pop up and the website will be blocked, i.e. the URL has been blacklisted.
If I turn off 'Block malware URLs' in 'Web Shield', Avast will do nothing to stop it, i.e. 'eicar.com' can be successfully downloaded, saved and run.
My worry is that, if a real virus is on a site whose URL has not been blacklisted, will Avast allow downloading it when 'Block malware URLs' has been turned off?
By the way, gj_sp, can you change your user interface language to English, so that we can understand your screenshots? I have changed mine from Chinese into English.
-
Yes, it's my concern too. Of course I can change it, but I hope the important part of the screenshot is understandable.
-
I don't understand your second screenshot.
-
Oh, sorry, I double clicked on eicar.com, and Windows asked me whether I want to run it or not. Just wanted to show that Avast did nothing.
-
I am worrying that Avast will still do nothing when it is a real virus.
-
Me too.
-
What operating system do you have - 32bit or 64bit?
-
The link posted goes direct to the eicar.com file so it will be blocked by webshield
The main Eicar page can be accessed but the minute you try to download any of the files you get blocked as is to be expected
-
Eicar website http://www.eicar.org/ (should not be blocked)
Eicar website with files info http://www.eicar.org/85-0-Download.html (should not be blocked)
Direct download links using the standard protocol http
eicar.com http://www.eicar.org/download/eicar.com
eicar.com.txt http://www.eicar.org/download/eicar.com.txt
eicar_com.zip http://www.eicar.org/download/eicar_com.zip
eicarcom2.zip http://www.eicar.org/download/eicarcom2.zip
Direct download links using the secure, SSL enabled protocol https
eicar.com https://secure.eicar.org/eicar.com
eicar.com.txt https://secure.eicar.org/eicar.com.txt
eicar_com.zip https://secure.eicar.org/eicar_com.zip
eicarcom2.zip https://secure.eicar.org/eicarcom2.zip
-
What operating system do you have - 32bit or 64bit?
Mine is 64bit.
When I have turned off 'Block malware URLs' in 'Web Shield', 'File System Shield' will do nothing to block 'eicar.com', which can thus be downloaded, saved and run.
Is it acceptable?
-
after you have saved it ... if you right click on it and scan, what happens then?
-
It can detect a threat. See https://forum.avast.com/index.php?topic=176722.msg1253178#msg1253178
-
i think that is correct as it is just a txt string, i dont think .com file (MS-DOS) run on Win10
will see when Igor is back with a reply
-
Yes, Eicar isn't detected "on execution" (i.e. when you doubleclick on it) on 64bit operating systems because it's a DOS COM file and there isn't any 16bit subsystem on 64bit Windows that would be able to execute it. So there is no execution being started, Avast isn't called to scan the file and the file isn't detected (Windows just gives you an error that the file cannot be started).
That's as expected and it's nothing to worry about. It would be detected on 32bit operating systems (because it can be started there), and it doesn't mean that Avast isn't scanning for viruses (those that actually can be started).
-
Well now works on https eicar as always, he was wrong not perhaps some correcion of virus databases. ;D ;D ;D
tested on my 2 pc with Avast Free 10/04/2233
-
Is there a test virus that can run on 64-bit Windows, which is becoming common nowadays?
-
I'm not aware of any.
-
Mine is 64 bit too.
-
Yes, Eicar isn't detected "on execution" (i.e. when you doubleclick on it) on 64bit operating systems because it's a DOS COM file and there isn't any 16bit subsystem on 64bit Windows that would be able to execute it. So there is no execution being started, Avast isn't called to scan the file and the file isn't detected (Windows just gives you an error that the file cannot be started).
That's as expected and it's nothing to worry about. It would be detected on 32bit operating systems (because it can be started there), and it doesn't mean that Avast isn't scanning for viruses (those that actually can be started).
What if Eicar.com is run in dosbox on a 64bit Windows?
-
Yes, Eicar isn't detected "on execution" (i.e. when you doubleclick on it) on 64bit operating systems because it's a DOS COM file and there isn't any 16bit subsystem on 64bit Windows that would be able to execute it. So there is no execution being started, Avast isn't called to scan the file and the file isn't detected (Windows just gives you an error that the file cannot be started).
That's as expected and it's nothing to worry about. It would be detected on 32bit operating systems (because it can be started there), and it doesn't mean that Avast isn't scanning for viruses (those that actually can be started).
What if Eicar.com is run in dosbox on a 64bit Windows?
You're the curious one so why don't you try it.
I think this topic has beaten itself to death. Time to end it.
All the questions on something that only required one answer have already been answered. :)
-
bob3160 is using 64-bit Windows, and his File System Shield blocks eicar.com.
I am also using 64-bit Windows, but my File System Shield does not block eicar.com.
Why?
-
Yes, Eicar isn't detected "on execution" (i.e. when you doubleclick on it) on 64bit operating systems because it's a DOS COM file and there isn't any 16bit subsystem on 64bit Windows that would be able to execute it. So there is no execution being started, Avast isn't called to scan the file and the file isn't detected (Windows just gives you an error that the file cannot be started).
That's as expected and it's nothing to worry about. It would be detected on 32bit operating systems (because it can be started there), and it doesn't mean that Avast isn't scanning for viruses (those that actually can be started).
What if Eicar.com is run in dosbox on a 64bit Windows?
You're the curious one so why don't you try it.
[...]
Because... I was posting at 12:26:37 AM :D
Now I've just tried, and Avast did not detect Eicar.com execution in Dosbox on my 64bit Windows.
I guess such behavior is expected, is that right Igor?
EDIT:
After a while I've noticed "Virus Found ... Process PID 4292", see screenshot below.
Perhaps, Avast does not detect execution but it detects the Dosbox process using the file anyway.
And, Avast DOES detect eicar.com when I download it.
Bob, I don't care about Eicar.com as such, but I am curious because I have some old DOS and WIN 16bit programs which I might execute in virtual boxes sometimes.
-
The issue is fixed now.
-
bob3160 is using 64-bit Windows, and his File System Shield blocks eicar.com.
I am also using 64-bit Windows, but my File System Shield does not block eicar.com.
The blocking on Bob's machine was caused by the file being written to / created - that works. Just the execution doesn't as the file cannot actually be started.
-
The issue is fixed now.
Now, on my 64-bit Windows, eicar.com will be blocked only by Web Shield but not by File System Shield. Can it be fixed too?
-
https://forum.avast.com/index.php?topic=176722.msg1253934#msg1253934
-
https://forum.avast.com/index.php?topic=176722.msg1253934#msg1253934
Surely, I have read the above post.
But File System Shield could block eicar.com when bob3160 clicked on https://secure.eicar.org/eicar.com
He just clicked on it but not wrote or created anything, see https://forum.avast.com/index.php?topic=176722.msg1253260#msg1253260
My File System Shield does not do the same at my end.
-
The screenshot itself shows that the file was detected when created or modified - so it wasn't detected when clicked on.
-
https://forum.avast.com/index.php?topic=176722.msg1253260#msg1253260
bob3160, according to your above post, did you just click on the eicar link before the file was detected? Or did you do something else to create or modify the eicar file?
-
https://forum.avast.com/index.php?topic=176722.msg1253260#msg1253260 (https://forum.avast.com/index.php?topic=176722.msg1253260#msg1253260)
bob3160, according to your above post, did you just click on the eicar link before the file was detected? Or did you do something else to create or modify the eicar file?
I think my reply was pretty clear. I clicked on the link and posted a screenshot of the message I received from Avast.