Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: danny96 on April 04, 2011, 08:40:50 PM
-
Attention!
There's a bug since avast! 5 release when web shield block a threat too late (when is already on system), after that is of-course detected by filesystem shield but avast! says Action: (WTF?) then. It says that no action is required but the virus is still on it's place and active. So It must be deleted by boot-time scan then (If it's active threat). Can you please fix this problem as soon as possible? Thanks
Example 1
http://www.youtube.com/watch?v=dTJBf_A5mhA&feature=player_detailpage#t=192s
-
happened to me once - recently! that avast blocked a site because it was a worm threat, after few days he found a rootkit trying to run in my system from another site, and since then i only surf via sandboxie, you are 100% protected.
looks like web shield can't stop all the threats before the computer load them, never surf without sandboxie!
-
Regardless of whether Avast should have prevented the malwared file from executing or not in looking at the video the file is being run before being saved and checked.
This is bad security practice.
1. All files that are downloaded should be viewed before being downloaded. In other words the browser should be set to bring the file up on the screen before you download it. Then if you still want to download it, download it to a safe place and save it without executing it.
2. Then run a scan of the downloaded file before executing it.
3. Downloaded files should be scanned both by Avast and Malwarebytes and/or SAS. If it is clean only then should it be executed.
4. If you participate in the Avast community suspicious files will be automatically uploaded or
5. If Avast misses a malwared file that MBM and/or SAS catch or if all three fail to identify a file as malwared that you still think may be malware then you should password protect the file and email it to Avast at virus@avast.com with an explanation.
-
Similar to this:
http://forum.avast.com/index.php?topic=72393.msg606295#msg606295
-
Similar to this:
http://forum.avast.com/index.php?topic=72393.msg606295#msg606295
HTTPS does not protect against the transmission of infected files. It protects against eaves-dropping and man-in-the-middle attacks. HTTPS is a privacy protection protocol.
Avast will scan packers if you instruct it to. If you don't it won't unpack the file and scan it. I set all my scans---"Packers" to "All Packers" If you don't do that then if you have a packer that is not checked off under "Packers" Avast won't attempt to unpack it to scan it.
I also set my "Actions" to Repair----Move to VC----Delete.
I also set under "Actions" ---"Processing of infected archives" to the middle "radio button". The bottom one would be more secure. I think leaving it at the default which is the top radio button and says "Try to remove only the packed file from the archive, if it fails, do nothing" is a bit risky. I am not sure why that would be the default.
I have not had any problems with infected files getting into my system with these setting and using the procedures I described above.
Using these settings AIS has caught some infected archives/files while they were seeding at the end of a P2P download and then promptly sent the file to the VC or deleted it with no further incident. I always followed up on these files when something like this happened by checking the download location and verifying that the file had indeed been moved.
The I clean my system's temporary files before doing anything else. This procedure seems to have kept my system pretty secure so far. :)
-
Attention!
There's a bug since avast! 5 release when web shield block a threat too late (when is already on system), after that is of-course detected by filesystem shield but avast! says Action: (WTF?) then. It says that no action is required but the virus is still on it's place and active. So It must be deleted by boot-time scan then (If it's active threat). Can you please fix this problem as soon as possible? Thanks
Example 1
http://www.youtube.com/watch?v=dTJBf_A5mhA&feature=player_detailpage#t=192s
That video is in Spanish. What is it saying? The title sounds like they are talking about version 6 protection, not version 5.
Jack
-
4. If you participate in the Avast community suspicious files will be automatically uploaded or
5. If Avast misses a malwared file that MBM and/or SAS catch or if all three fail to identify a file as malwared that you still think may be malware then you should password protect the file and email it to Avast at virus@avast.com with an explanation.
Avast Internet Security missed a file which MBAM detected, its now stored in the MBAM quarantine and I want Avast! AV to add it to their virus list and include in a definition update in the future, but since the file is already in quarantine and I dont want to risk restoring it, how can I submit it to the virus lab? I'm guessing a screen-shot won't help :-\ Also it missed a virus in the registry, again same story - I dont want to restore from quarantine.. How can I inform them and make sure they include it in an update in the future? (Not all users use MBAM/ SAS and this would help them greatly and its good for Avast! also)
-
Attached a screenshot of the viruses that didnt get detected by AIS - full scan or boot-time scan. Hope this helps..
-
update in the future, but since the file is already in quarantine and I dont want to risk restoring it, how can I submit it to the virus lab?
Right-click and submit.
P.S. Wrt the original post, will not watch yet another lame Youtube AV "review" (and no, HTTPS of course will not be scanned, if that is what the "expert" did. ::))
-
update in the future, but since the file is already in quarantine and I dont want to risk restoring it, how can I submit it to the virus lab?
Right-click and submit.
Like I said its in the MBAM quarantine :P dont want to restore it as it might risk my computer getting infected. I only have this screenshot.
-
Like I said its in the MBAM quarantine :P dont want to restore it as it might risk my computer getting infected. I only have this screenshot.
Shrug; add it to Avast chest from there if MBAM lets you. If not, well not really much help for you. Noone will transfer it to Avast in self-contained sealed box. :P
-
Like I said its in the MBAM quarantine :P dont want to restore it as it might risk my computer getting infected. I only have this screenshot.
Shrug; add it to Avast chest from there if MBAM lets you. If not, well not really much help for you. Noone will transfer it to Avast in self-contained sealed box. :P
lol :D ok I will try doing that :P by the way how can I add the second virus which was in the registry?
-
Registry keys cannot be added. (Well, you can export the key and add it, but why? It is just a manifestation of the infection, not the infection itself.) Once the key was deleted/values reset to default, there is no more action left.
-
Ok thanks, I restored the file and added it to the virus chest and submitted but when I goto that folder the infected file is still there!!
-
Hmmm? You did restore it, so it is there... Just delete it.
-
hmm ok manually deleted it. I thought that once I add it to the virus chest it will get moved to the chest. Anyway hope it wont come back :)
-
Manually adding to the chest does not really move things. They would be moved automatically there if avast! detected them. For manual, no...
-
Oh, I did not know that ;D Thanks for the info :) submitted the file !
Cheers!
-
avast! didn't really miss anything or detect it "too late". There is no such thing really. However it sometimes does happen that parts of the file do fall through Web Sheild and hit the HDD where Filesystem Shiled detects it because browser already cached parts of that file. But in such cases they are just remnants of the actual file. And even if they are in fact a full file which was initially detected, there is no way of it getting run anytime later. In worst case it will just be on a HDD and will not do anything. What avast! found out later was probably just one such file inside browser cache that File shild got hands on while browser wanted to purge that file from the browser cache sometime later.