Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Theo Peterbroers on April 18, 2012, 07:18:32 PM
-
Considering this thread https://forum.avast.com/index.php?topic=97343.0
It would be wise for avast to remember that some programs have been running reliably for years (no malware/virus etc.). Yes, I understand that an update to said program could be a reason for distrust. But an update to avast is not a sufficient reason after running said program (unchanged) for a year. Three months? One month?
Regards,
Theo Peterbroers
-
How do you suggest that avast 'remember' what has been running 'reliably' for years ?
The fact that it might not have been infected for years (and the autosandbox isn't saying it is infected), doesn't mean it can't be infected.
So I would suggest reading my reply in that topic, http://forum.avast.com/index.php?topic=97343.msg776809#msg776809 (http://forum.avast.com/index.php?topic=97343.msg776809#msg776809).
-
Hi DavidR, thanks for your reply.
IF a program has not been detected as containing malware for a certain amount of time (one year, three months, one month, whatever) AND did not undergo a recent update or change, THEN avast might consider a new detection in this program as caused by its own update. Recent effect implies recent cause. Programs that are seldom updated do exist.
Of course the program might be recently infected, but this would count as a change. Does avast not remember some hash digit of executables?
Regards,
Theo Peterbroers
-
But as has been said the autosandbox notice (which is what the topic you linked to is all about) isn't one of containing malware.
There is as far as I'm aware no recording of hashes, etc. this would be a very large overhead and would have to be created/maintained and constantly referenced. For any such checks there would be a resulting performance hit.