Author Topic: WebShield: detection issue?  (Read 2773 times)

0 Members and 1 Guest are viewing this topic.

Offline rdsu

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 534
  • ...
WebShield: detection issue?
« on: November 30, 2014, 11:59:32 PM »
Hi,

I have a URL with malware, that isn't blocked by WebShield.
If I scan from Windows Explorer, Avast detect it, so why WebShield doesn't detect it?

hxxp://zhushou.52lishi.com/kuai8bd_14928.exe [no detected by WebShield]

Regards
Avast Free Antivirus: Web Shield & Home Network Security.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: WebShield: detection issue?
« Reply #1 on: December 01, 2014, 12:52:29 AM »
Quote
If I scan from Windows Explorer, Avast detect it, so why WebShield doesn't detect it?
detecting a URL and detecting a file is not the same

just because avast detect a file, it does not necessarily block the URL that the file comes from .... unless that URL is in avast blacklist


https://www.virustotal.com/nb/url/fcf1ca1cacd042a1699612dbd039ffd8edd4f3a1e8f4726a2f67f36563add21c/analysis/1417391178/

old PUP crap  First submission 2014-08-16 00:16:55 UTC ( 3 months, 2 weeks ago )
https://www.virustotal.com/nb/file/2e13816f56e4f2311407e790de789921a136a1cadf873fe981ae5a2e2d21a0b7/analysis/1417391498/



« Last Edit: December 01, 2014, 12:55:42 AM by Pondus »

Offline rdsu

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 534
  • ...
Re: WebShield: detection issue?
« Reply #2 on: December 01, 2014, 01:42:08 AM »
But doesn't the WebShield analyse all the files before it reach the PC? It couldn't be just about the url is on the black list...

I have the WebShield default settings, plus PUP and High Heuristics sensitive...
Avast Free Antivirus: Web Shield & Home Network Security.

Offline KevTech

  • Jr. Member
  • **
  • Posts: 56
Re: WebShield: detection issue?
« Reply #3 on: December 01, 2014, 03:55:50 AM »
I tried the link and had a warning from file shield + web shield which then aborted the connection.

Offline rdsu

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 534
  • ...
Re: WebShield: detection issue?
« Reply #4 on: December 01, 2014, 12:35:06 PM »
I tried the link and had a warning from file shield + web shield which then aborted the connection.
Yep, with File Shield it could be detected, as by Windows Explorer context menu option, but Web Shield should detect it in the first place...
Avast Free Antivirus: Web Shield & Home Network Security.

Offline rdsu

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 534
  • ...
Re: WebShield: detection issue?
« Reply #5 on: December 03, 2014, 12:58:21 AM »
I tried the link and had a warning from file shield + web shield which then aborted the connection.
Yep, with File Shield it could be detected, as by Windows Explorer context menu option, but Web Shield should detect it in the first place...
Some answer from Avast Reps?

Thanks
Avast Free Antivirus: Web Shield & Home Network Security.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: WebShield: detection issue?
« Reply #6 on: December 03, 2014, 01:28:47 AM »
The web shield is detecting it when you try to download it, image1 (don't know why the image turned out this way). Detection is FileRepMalware - which is initially a poor reputation.

Because firefox tries to download it before you actually choose Save it, because the web shield aborts the connection, the file can't be saved. This throws up an error, image2, note the file name has the .part at the end, which is a temporary file awaiting final saving, when the .part at the end is dropped.

Now the File Shield gets in on the act, image3, but this is on the .part file name and not the w081p2ka.exe - which never got fully downloaded and saved. Note that the malware type has also changed to Win32:Adware-gen [Adw]

For me the detection and alert process appears to have worked as expected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security