Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Server Protection => Topic started by: woodfire74 on April 16, 2009, 11:34:37 PM

Title: How To You Allow A File To Not Be Picked Up By On Access Protection?
Post by: woodfire74 on April 16, 2009, 11:34:37 PM
I work for a client that had the most recent Avast Server on a Window 2003 Server machine and they run a networked application for Dental Work called Softdent by Kodak.  There is a program from Softdent called PWServ.exe that controls the registration for the product and runs at startup on the server.  Well today after updating the program and definitions for Avast and running a Windows update and rebooting, Avast is kicking this PWServ.exe file to the Chest with the OnAccess Protection.  We need this file to run for our networked application to function and it is NOT A VIRUS.  It says it is a Trojan Horse.  I found where you can exclude a file or folder when you run a scan but it states this is not for On Access Protection.  I need to find out how to exclude a file or directory from On Access protection because even if I restore the file it just picks it up the next time I execute it and unlike Avast Home or Professional, it does not give you an option, it just automatically moves it to the chest.  I had the same issue on the workstations (WinXP) that have mapped drives to the server and are running Avast Pro, they picked up the same file, but I was able to tell Avast when it picked it up to ignore it and it was fine.  I need to be able to do the same on the server.  HELP!!!!
Title: Re: How To You Allow A File To Not Be Picked Up By On Access Protection?
Post by: DavidR on April 17, 2009, 12:02:06 AM
Whilst that is entirely possible, see below, but the best thing is to a) conform it is a false positive, b) report it, e.g. send the sample to avast, c) avast should confirm it is an FP and correct the signatures.

I don't use the server version for avast but this is the procedure for avast Home/Pro version, presumably there is an equivalent in the server version.

You can add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions (right click the avast ' a ' icon).
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location.

When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Confirmation of detection:
You could check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Title: Re: How To You Allow A File To Not Be Picked Up By On Access Protection?
Post by: woodfire74 on April 17, 2009, 01:20:20 AM
Thanks David, I will try this when I get back to the location.  I have On Access disabled for now so we are ok.  I beleive your instructions to exclude for On Access are accurate, I also found instructions in another post here.

Thanks for your info on sending to Avast to report a FP, I would like to do that also so no one else is affected by this.

Cheers,

Woody
Firewood Tech
Title: Re: How To You Allow A File To Not Be Picked Up By On Access Protection?
Post by: DavidR on April 17, 2009, 01:38:13 AM
No problem, glad I could help.

Welcome to the forums.