Author Topic: No Ignore Option (Read 12546 times)

REDACTED · « **on:** November 02, 2014, 07:31:10 AM »

When Avast finds malware, but you think it is a false positive, and want to ignore Avast's popup, there seems to be no option to do so. There are options for Repair, Block, and a few others, but no Ignore. Is clicking the 'X' in the upper-right corner of the popup the way to perform an Ignore Once?

Pondus · « **Reply #1 on:** November 02, 2014, 11:14:26 AM »

If you think it is a false positive, send file to avast lab so they can fix it

Suspicious files can be uploaded and tested here www.virustotal.com / www.metascan-online.com / www.jotti.org

You can report issues to avast here : http://www.avast.com/contact-form.php

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

REDACTED · « **Reply #2 on:** November 02, 2014, 12:52:36 PM »

The virus is reported during the install process; the actual installer is NOT reported to have a virus by Avast. The installer itself checks clean on virustotal.

The 'Report possible false positive' within Avast failed.

But this question is really not about any of that. It's about the lack of an Ignore option, and if clicking on the 'X' in the upper right corner of the 'Virus Alert' window is how you accomplish performing an 'Ignore' action. That's the question posed in this thread.

Pondus · « **Reply #3 on:** November 02, 2014, 01:01:40 PM »

Quote

But this question is really not about any of that. It's about the lack of an Ignore option, and if clicking on the 'X' in the upper right corner of the 'Virus Alert' window is how you accomplish performing an 'Ignore' action. That's the question posed in this thread.

Posted / debated many times ...... use forum search

REDACTED · « **Reply #4 on:** November 02, 2014, 03:24:06 PM »

A lot of discussion on this one in past....I think basic answer was Avast does not give you that option.
I think the prevailing thought is users would hit IGNORE and infect themselves.
If it is a false positive then the process to report and Avast correct is in place.
Basically, Avast wants to make that decision...not allow the user.....I can see both sides of that argument.
Of course, until Avast corrects the user has to deal with the inconvenience but as much as this is a pain all users are benefiting from the size of the community and feedback....thus in a way you are doing your part.

Hope I summarized correctly a ton of threads/posts/arguments on the subject.

REDACTED · « **Reply #5 on:** November 02, 2014, 07:20:18 PM »

Quote from: thekochs on November 02, 2014, 03:24:06 PM

A lot of discussion on this one in past....I think basic answer was Avast does not give you that option.
I think the prevailing thought is users would hit IGNORE and infect themselves.
If it is a false positive then the process to report and Avast correct is in place.
Basically, Avast wants to make that decision...not allow the user.....I can see both sides of that argument.
Of course, until Avast corrects the user has to deal with the inconvenience but as much as this is a pain all users are benefiting from the size of the community and feedback....thus in a way you are doing your part.

Hope I summarized correctly a ton of threads/posts/arguments on the subject.

Thank you, thank you, thank you!

Thank you for the excellent summary.

One comment, and one question:

The comment: The process to report a possible false positive to Avast does not always work. Appears to be a bug in Avast.

The question: Given that the lack of "Ignore Once" is by (questionable) design, does clicking on the "X" in the upper right corner of the Virus Alert act just like an "Ignore" option?

Para-Noid · « **Reply #6 on:** November 02, 2014, 07:31:30 PM »

Quote from: Techknow on November 02, 2014, 07:20:18 PM

The question: Given that the lack of "Ignore" is by (questionable) design, does clicking on the "X" in the upper right corner of the Virus Alert act just like an "Ignore" option?

No, it is that way by design. The lack of an "ignore" button is not "questionable" it is not there
for a very logical reason. Just imagine, if you will, what would happen if there was an "ignore" button?
Many uninformed users would click "ignore" get an infection then come running back here to the forums
complaining about avast "not" protecting them.

The biggest security risk lies between the chair and the keyboard.

REDACTED · « **Reply #7 on:** November 02, 2014, 07:32:16 PM »

Quote from: thekochs on November 02, 2014, 03:24:06 PM

Of course, until Avast corrects the user has to deal with the inconvenience

Not strictly true. You can certainly add the software to the appropriate exclusion list(s).

That takes more effort and the thinking is that upon reflection a user may not choose to do that unless they're very sure it's a false positive.

And no, clicking the [X] does not treat it as "ignore".

-Noel

REDACTED · « **Reply #8 on:** November 03, 2014, 03:46:38 AM »

Quote from: NoelC on November 02, 2014, 07:32:16 PM

And no, clicking the [X] does not treat it as "ignore".

What does clicking the [X] actually do? How is it different than Ignore Once?

mchain · « **Reply #9 on:** November 03, 2014, 08:53:42 AM »

Clicking the red X closes the pop-up. That's all it does.

In order to ignore a detection, an option to click 'ignore' in the menu must be present. Other options would be:

Repair/Clean
Quarantine
Delete

Avast does not provide an ignore option, so clicking the red X cannot be an ignore operation.

Put another way, only the people who know and understand malware are the people who create it and the people who defend against it. Most people don't belong to either one.

BTW, choosing Ignore would prevent the antivirus from ever scanning/detecting a specific file again, even if it became malicious later on.
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

REDACTED · « **Reply #10 on:** November 03, 2014, 09:38:12 AM »

Um, it sounds like we are talking in circles a bit.

It sounds like maybe the result of clicking the 'X' in the upper right corner is like an Ignore Once option.

bob3160 · « **Reply #11 on:** November 03, 2014, 01:48:31 PM »

Quote from: Techknow on November 03, 2014, 09:38:12 AM

Um, it sounds like we are talking in circles a bit.

It sounds like maybe the result of clicking the 'X' in the upper right corner is like an Ignore Once option.

It isn't an ignore option but another way to close the notification box. Nothing more, nothing less.
Avast has already informed you of it's findings.
As you've already found out from your other thread, it doesn't take long for Avast to correct a problem if
it's indeed a false positive.

DavidR · « **Reply #12 on:** November 03, 2014, 04:21:46 PM »

Quote from: Techknow on November 03, 2014, 09:38:12 AM

Um, it sounds like we are talking in circles a bit.

It sounds like maybe the result of clicking the 'X' in the upper right corner is like an Ignore Once option.

It does as the windows default action closes the window - nothing else.

You can set up the automated actions of the File Shield in many ways for first action, 2nd action and 3rd action.

The No Action, just has avast take no action, e.g. don't proceed with any of the listed actions. But what it won't do is allow a file it considers infected (for whatever reason) to run. Avast a long time ago took the decision not to have a one click action to allow an infected file to run - this to avoid accidental running of malware.

That is why the user has make a deliberate action to exclude the file and there is no avast allowed malware to infect my system discussion.

Whilst this is more hassle for those who consider themselves more than capable to make the decision to allow a 'suspect' file to run. Avast has to cater for the majority of 200 million plus users who may not be as experienced as you.

By excluding and submitting a file as a possible FP you are not only resolving something on your system, but through the submission/CommunityIQ function helping all other avast users with the same file.

REDACTED · « **Reply #13 on:** November 03, 2014, 06:32:58 PM »

Quote from: DavidR on November 03, 2014, 04:21:46 PM

Quote from: Techknow on November 03, 2014, 09:38:12 AM
Um, it sounds like we are talking in circles a bit.

It sounds like maybe the result of clicking the 'X' in the upper right corner is like an Ignore Once option.

It does as the windows default action closes the window - nothing else.

You can set up the automated actions of the File Shield in many ways for first action, 2nd action and 3rd action.

The No Action, just has avast take no action, e.g. don't proceed with any of the listed actions. But what it won't do is allow a file it considers infected (for whatever reason) to run. Avast a long time ago took the decision not to have a one click action to allow an infected file to run - this to avoid accidental running of malware.

Interestingly, the 'No Action' option was not available. Odd. When set to ask, is pressing the 'X' in the upper right corner the same as "ignore this one time only?". If not, what does it do? I understand that it closes the window, but what else happens?

bob3160 · « **Reply #14 on:** November 03, 2014, 06:35:45 PM »

Nothing.

Author Topic: No Ignore Option (Read 12546 times)

REDACTED

No Ignore Option

Pondus

Re: No Ignore Option

REDACTED

Re: No Ignore Option

Pondus

Re: No Ignore Option

REDACTED

Re: No Ignore Option

REDACTED

Re: No Ignore Option

Para-Noid

Re: No Ignore Option

REDACTED

Re: No Ignore Option

REDACTED

Re: No Ignore Option

mchain

Re: No Ignore Option

REDACTED

Re: No Ignore Option

bob3160

Re: No Ignore Option

DavidR

Re: No Ignore Option

REDACTED

Re: No Ignore Option

bob3160

Re: No Ignore Option