Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: RejZoR on March 08, 2023, 05:46:52 PM
-
The driver blocking component keeps whining about FanControl tool driver and even when I put the driver to exceptions list, it kept on complaining about it. Before this, it kept detecting same driver with signatures. How can you guys not fix this already? I don't get it. It was so annoying I removed Avast 5 minutes after I've installed it because I was test driving a competitor product for a while.
https://getfancontrol.com
This tool has been in use for ages and it's excellent for controlling fans inside computer. Make it work well with Avast.
-
How is adding entire FanControl folder in exclusion not excluding the offending driver when it's literally Avast reporting said driver inside FanControl folder? I don't get the logic behind it. It seems that driver is only dropped in the folder after execution of the executable, but that shouldn't matter.
-
The reason for exclusions not working is that they're not implemented yet. The vulnerable driver blocking is a separate feature, not based on "regular" scans, so exclusions have to be implemented separately (plus a separate UI controls should be added).
It's going to happen... but for now, you can simply disable the vulnerable driver blocking completely - in Troubleshooting, under Enable Self-Defense. (Since you'll already have a popular vulnerable driver running, it doesn't matter much if you exclude just that one or disable the feature completely - the door for malware is wide open anyway.)
-
The reason for exclusions not working is that they're not implemented yet. The vulnerable driver blocking is a separate feature, not based on "regular" scans, so exclusions have to be implemented separately (plus a separate UI controls should be added).
It's going to happen... but for now, you can simply disable the vulnerable driver blocking completely - in Troubleshooting, under Enable Self-Defense. (Since you'll already have a popular vulnerable driver running, it doesn't matter much if you exclude just that one or disable the feature completely - the door for malware is wide open anyway.)
Yeah, I had to disable that since it made my system unusable, but what makes it vulnerable? Do you inspect them and add them yourself or it just blanket blocks them based on some very elementary rules like digital signature or whatever?
-
How exactly they are detected, I'm not sure - but it's definitely not just a generic heuristics, it's targeting specific drivers.
I'm told the WinRing driver (used by FanControl) is a popular driver that allows any non-privileged user arbitrary write access to hardware and physical memory. So this driver allows anybody to do... well, anything, including e.g. disabling the AV.
-
Avast is doing its job: https://nvd.nist.gov/vuln/detail/CVE-2020-14979
-
How exactly they are detected, I'm not sure - but it's definitely not just a generic heuristics, it's targeting specific drivers.
I'm told the WinRing driver (used by FanControl) is a popular driver that allows any non-privileged user arbitrary write access to hardware and physical memory. So this driver allows anybody to do... well, anything, including e.g. disabling the AV.
That's the problem I'm having that made me search these forums to see if there were any answers. Whenever I try to launch FanControl.exe , it creates a temp system file (FanControl.sys) that Avast blocks preventing FanControl from working properly. Only if I turn off vulnerable drivers blocking in settings will it work properly. I've tried making an exception for FanControl.sys to no avail. So I guess for now my options are to either not run FanControl for all my computer's fans or turn off the vulnerable drivers setting. :-\
-
It's your computer. Avast is trying to keep it safe.
If that's not what you want Avast to do, bypass the detection and assume the risk.