Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: thisisnotmypassword on May 27, 2020, 04:33:24 AM
-
Hi,
I work in a development environment and upon compiling and attempting to execute a program, a popup was displayed saying that the file had been sent to Avast Threat Labs for analysis. I did not know what had happened the first time, and when I tried to run the executable again, it said something different along the lines of, "we are still working on it and will notify you when we finish our analysis". The program in question is proprietary and so for it to be sent by default without express consent is outrageous.
I ended up unticking the "Upload file to Avast Virus Lab for deep analysis" option and clicked "I trust this file". I was able to run the program then, but was it sent to the Labs anyway? If so, does it remain on Avast! servers or get added to some database after the "analysis" is complete? If so, this would be a significant security concern for us.
I ended up disabling CyberCapture altogether afterwards, but too little too late. Why would Avast! catalogue people's personal files in this way? Is any record of sent files saved at all after analysis has completed?
Thanks
-
Why would Avast! catalogue people's personal files in this way?
All AV programs does this
https://zeltser.com/what-is-cloud-anti-virus/
https://www.kaspersky.com/resource-center/definitions/cloud-antivirus
https://www.usenix.org/legacy/event/hotsec07/tech/full_papers/oberheide/oberheide_html/index.html
-
The system is fully automated meaning chances of human coming across your binary is very unlikely as they get hundreds of thousands of binaries to this system every day. There is a slight chance it might be rejected by the automation and human intervention will be required. I don't know what's their frequency of adjusting the system, but if they'll repeatedly be getting your test builds from compiler and they find them clean, they'll adjust so it'll get rejected automatically and processed by the system correctly to lessen the workload on human workers.
CyberCapture also only collects binaries (EXE) and I think DLL resources too. Doesn't process scripts or other files like MS Office documents or photos.
-
@RejZoR Thanks for the information.
To follow up, I later got an Avast popup stating "Avast Virus Lab says: This file is clean" so the file was evidently sent after all. It is still inexcusable that the default option is not to be prompted yes or no on whether to send the file, but to send it regardless. Enough so that we have disabled it and perhaps will completely uninstall altogether later in favor of some alternative.
Surely, this must be occurring to hundreds, if not thousands, of users daily who work in development environments so I am surprised there are not more complaints concerning it. But, I doubt Avast would care enough to step in and fix this flaw anyway.
If anyone more personally-acquainted with Avast systems can shed light on how long any records or copies of sent files are stored on Avast servers after analysis, please share.