I'm trying to get an understanding of what should happen when I run a suspicious program (i.e. one that avast is not aware of or it thinks it is suspicious for other reasons).
The program in question is a freeware app to show USB connected devices -
http://www.nirsoft.net/utils/usb_devices_view.html and I'm running the latest (2.45) version on Windows Server 2003 R2.
I have hardened mode set to aggressive, I'm not checking for PUPs and the program has not been excluded in any AVAST exclude lists.
When I run it I get an AVAST pop-up which says "AVAST hardened mode prevented a program from starting". It then goes on to say if I want to run the program I should add an exclusion by clicking the link below and the program will run. So far so good.
If I leave the AVAST pop-up to time out or click X or click close (i.e. I don't click to add an exclusion), the pop-up disappears.
Now what happens next varies....
1) Occasionally the program will not actually run
2) More often than not the program will run as normal
Now, having not added an exception for the program I would have expected 1) to happen every time I try to run it, but I almost always get 2) to happen. I don't know why 1) only happens sometimes
Is my understanding of the action AVAST takes correct in that not adding an exception means the program will not be allowed to run. If so, then something is clearly wrong either in my config or in the AVAST program itself.
Or if I do nothing it is allowed to run anyway - which seems to contradict the comments in the AVAST pop-up box?
Or AVAST does some additional checks after the pop-up is gone and decides the prog is ok to run anyway?
- Peter
