what Avast is critically missing...

[Randissimo]

Hello polonus,

NoelC has already given a clear example why the current situation disrupts legit workflow and you keep on restricting
the message to cracks and other illegal stuff even though it has never been a subject in this thread nor in the other threads
I've linked as examples? Way to talk about prejudices!
As if that wasn't enough, you even picture anyone who is for an "exclude in dialog" feature as people who have
some issues? If you're going on like that, I'll stop taking you seriously, however I'll still give you a chance to behave more respectfully
(and no, greetings alone without direct assaults don't necessarily mean respectful behavior), so let's go on with the main topic:

I've already moved to another AV, so there is no reason for a rant in the first place, which you've suspected. Instead, I've only wanted to
share my opinion as to why I've decided to leave Avast to help the developers improve with the feedback I've been giving as a small thank you for doing a good job in the past and because I feel that I'm not alone with that point of view.

There is also a difference between a permanent and a temporary whitelistening. In my opinion, a permanent whitelistening should only
be the last means of effect in case a program or system file is detected and it should only be done if nothing else helps while a temporary whitelistening should be the first thing to do to prevent the program or the system from breaking, because it allows you to check for yourself (for example on VT and/or with other on-demand scanners) before a crisis begins. A temporary whitelistening also doesn't interrupt the current workflow and guarantees that the files and/or the system is safe in case of false positives.
With the current way, people need to know beforehand which files are triggered and it is absolutely impossible to evaluate that, because in the next hour some file could get detected in a streaming update while you've already made a full scan with no detection.

Your biggest argument was that leaving this option out would increase security, however that is a very wrong assumption. Let's go back to the example NoelC made. Any user working in the productive sector would need to exclude whole folders in their work, but what if a malware would spread to the excluded folder without any fear of being detected forever? Wouldn't it be better to have alerts every time to double check the suspicious files first and then to exclude them file by file if they're harmless?
Of course, you could also exclude them in advanced settings, but that's not the same as excluding them on demand and it wastes time and therefore money, even in the best case, that the chest would be working without any issues and that the programs/and or the system wouldn't get affected which would mean more time spent to fix a potential mess an anti-virus caused.
Reporting false positives might be nice for the developers, but not everyone has the time and inclination to do so, especially when we've been talking about an extreme increase of the FP rate since the last couple of months.

So far, I hope you and others might understand the quintessence of this topic.

Best regards,
Randissimo


edit:

There is no way that even a complete nitwit is going to send a "vital" OS file to the chest.
avast will always ask before sending a vital file to the chest.

The problem is, there is no option to exclude this vital file or to postpone the decision even when you're asked.

[NoelC]

Randissimo, well said.  I think we're both here to try to genuinely help improve the product, based on experience and sensible thinking.

Do you get a sense of being marginalized for trying to do so?

-Noel

[Randissimo]

Thanks for the praise. I do get a little bit the exact impression you've mentioned, but if others with a similar mindset on this topic
would come to add their opinion just like you did, I wouldn't feel cornered by Avast's fanboys and -girls at all.
By the way: What does the "watched symbol" mean? I don't hope that it means you've been marked as a "bad guy", because from what I've read in your other postings aside from this topic, you simply stated your opinions with clear arguments even if it meant going against the "everything's o.k." - policy.

If this thread will get me "watched" too, then I'm sorry to bother even though I've already switched to another AV.

[propheticus]

I'll reply just to show my support. Being critical is not the same as flaming or being hostile. Not taking for granted but seeing room for improvement and providing feedback is valuable and should be seen as such.After FP's causing enormous troubles in the past, for example when AVG marked a core windows system32 dll as virus and it automatically removing it left many thousands of people unable to boot their pc, I'm all for an option to whitelist a file. It should not be an easy -click away the annoyance- button, but if an advanced user goes as far to choose 'ask' instead of automatic he/she should be able to determine NOT to quarentine or delete a file when asked what to do.

[polonus]

Well propheticus,

I addressed that situation. It is a worst case scenario for any av solution and alas not only avast! and AVG experienced such incidents. Because of the impact it sometimes makes headlines in newspapers - someone in development twisted the handles and the error has spilled out to users and will be cured with a next streaming update. In such cases I also would hope there was an in-between solution, sometimes the next streaming update is not good enough,

polonus

[propheticus]

The next streaming update is too late when the file has already been removed and rendered a machine unbootable. And if a fix was to go as far as downloading an original dll appropriate for the user's system and placing it in the system32/syswow64 folder, this had to be done rather quick. At least before the next shutdown, otherwise not being able to boot means unable to update and fix anything.

[Randissimo]

Wow, another supporter, thanks, I'm delighted now. ^^

It should not be an easy -click away the annoyance- button, but if an advanced user goes as far to choose 'ask' instead of automatic he/she should be able to determine NOT to quarentine or delete a file when asked what to do.

That's exactly what the browsers do in case you try to visit a site that might have been contaminated, however only was triggered as false positive. You have to take your time to actually look at the message before being able to proceed and and it would be almost impossible to accidentally proceed, because there's always a second message asking for confirmation of the decision you yourself have made.

I've feared that Avast might do the same thing you've mentioned with AVG, so I've switched before it could come to that to another one which get's lower scores but guarantees me, that the AV won't screw up my computer.

In such cases I also would hope there was an in-between solution[...]

It's called temporary allowing/whitelistening files.
Also, it would be interesting to know to which degree Avast would be hold responsible in a worst case scenario if they refused to make a temporary whitelistening/postponing decision feature and if a crash meant a loss of working hours and therefore money.

edit:

The next streaming update is too late when the file has already been removed and rendered a machine unbootable.

+1

[NoelC]

By the way: What does the "watched symbol" mean?

I don't know, but the exclamation point gives me the impression I'm somehow "treading on thin ice" with my postings.  I understand that I haven't put in the years here to earn the respect of others, and have been pretty forward with my opinions.

I've always felt that if a person finds a product they feel is valuable, that they can and should try to contribute to its improvement and to help others in the community.  The world is what we make of it.  But perhaps I should just move on.  I do actually have other things to do.

I hope my suggestions haven't fallen on deaf ears.  Adding user control is a great way to differentiate a paid product from a free one.

Anyway, my recent Avast problems are solved - by uninstalling and reinstalling the product then deconfiguring update notices.  I suppose I'll be back here if I have another problem.

A sincere thanks to those who have helped me.

Happy holidays to all!

-Noel

[polonus]

Hi propheticus,

In hopefully rare cases where the next streaming update would be overdue and there is a real threat the OS would be rendered nonbootable a safety mechanism should be brought in - a restore point to be created with every update, so user could enable a complete rollback to the previous update (what actually also happens in a streaming update whenever something critically goes wrong). In how far such an emergency mode should be implemented is up to avast development. Are there av solutions that have such a restore to the previous update function? SpywareBlaster for instance has such an inbuilt mechanism for restore points.
One should understand it is not only this situation that could render a machine not bootable. It could also be due to a nasty malware infestation of critical files. A mechanism should be brought in to strictly discriminate between these situations,

polonus

[kodl]

"Don't shy away from criticism, because it's healthy and it makes you better at what you do."

Avast is ignoring this common sense tough for years. Fanboys are defending Avast, no matter what. So bad......

[Para-Noid]

The one question nobody has asked is, "when do these alerts/pop-ups appear"?
IOW, "when does it happen when avast would/could automatically delete/quarantine the file"?

Is it during a scan? 
Full system scan? 
Quick scan? 
Boot scan? 

@ kodl  "Fanboy" or not being rational, logical and mature is more important than ranting. 

[bob3160]

Fanboys are defending Avast

From what I've read in this topic, a "Fanboy" is anyone who doesn't agree with your agenda. 

[propheticus]

You don't help along a proper discussion by either calling someone a ranter nor calling the other fanboy. Both are detrimental to the overall tone (hostile). If all you reply to is the part where someone calls others that shoot down any criticism a fanboy you don't really bring anything to the conversation yourself, Bob. You could just have ignored it, this might be the wiser move.
I won't mix myself in calling people ranter or fanboys, but I don't get the feeling anyone is ranting (yet). No swearing and no all caps or other mindless rambling. Only one person stating clearly he has lost trust in Avast, but that's his prerogative (or loss, if you see it as such). On the other hand no real fanboyism is going on in this particular topic either, bar the last couple of posts I see a discussion with supporters and non-supporters bringing forward argument for or against. However I do get the feeling there's a group of 'regulars' supporting and re-enforcing primarily each other (sometimes posting nothing of worth, just "well said <x>!")  and shooting down anything that does not fall within their mantra/standpoint. 

...
@ kodl  "Fanboy" or not being rational, logical and mature is more important than ranting. 

Are you passive aggressively calling him irrational, illogical and immature? Not helping along the discussion either.


--

On-topic:
These pop-ups would be most prevalent when real-time shield detect them while working on software project when a lot of false positives tend to occur.
When a full system scan is performed " take no action" is already an option.


Some related questions:
- How wide a scope of folders do you add to ignored folders to prevent detection of project files without setting this so wide that it becomes a security risk?
- Is manually adding excluded folder a real option for these users (software developers/testers/etc) as they often use many (extruded) code from various (remote) sources.
- Does a deeply hidden (advanced) option that enables an advanced user to whitelist a file from the pop-up actions list really pose such a big risk to average users? Will they really go through the effort to go deep into the setting to enable this? I believe not.

[Randissimo]

The one question nobody has asked is, "when do these alerts/pop-ups appear"?
IOW, "when does it happen when avast would/could automatically delete/quarantine the file"?

It's when the file system is detecting a threat when it's set to ask, there's even a screenshot of the message in the very first posting.
You (usually) won't see those messages as long as you don't have set the first action to ask instead of the default settings to move everything in quarantine in the file system (real-time protection) settings.
The main problem is, there is no ignore this file for once feature, so the only real options are to either delete or to quarantine the files.

"Fanboy" or not being rational, logical and mature is more important than ranting.

From what I've read in this topic, a "Fanboy" is anyone who doesn't agree with your agenda. 

Fanboys (and fangirls) are people who will defend their idols (= Avast in this case) no matter what. I don't have anything against fanboys (or fangirls) at all, however I'd prefer if they gave at least some good arguments as to why there shouldn't be an option to exclude files on demand from the real-time protection.
Having said that, Merry Christmas to everyone reading this.

[Para-Noid]

If you are working on a software project logic dictates you will get detections.
The files you are working with have not been added nor sent out via a vps update.

I am not a "fanboy", I am an "avast evangelist" dedicated to assisting others with their usage of avast.
Just because someone disagrees with you or can't make what you want happen does not make them a fanboy.
It does not indicate they are for your idea nor does it indicate they are against tour idea.

Please use common sense, logic and some sense of maturity.
Please show some level of decency and don't take things out of context.