Now Scanning every application launched

[REDACTED]

In the last day or so, Avast has suddenly started scanning applications that are launched, despite being present on my computer for a considerable amount of time.

Invariably, the scan causes the application to crash as a result of the scan, but having the application suffer a 30 second delay while being launched, scanned, terminated then launched again is a little inconvenient.

Is this a new "feature" for Avast?

[Milos]

Hello,
what do you mean by "scanning applications" and how do you observed it? Is Avast running application in sandbox? Are the files digitally signed with valid digital signature? Can you post some screenshot of the mentioned behavior?

Milos

[REDACTED]

When some applications are launched, you get application starts, then a pop-up dialogue appears stating that a "Deepscan" is analysing the file.

Over the last day, I have noticed that it is not scanning everything, I would have noticed if Microsoft Office applications were being hit for instance.

And once scanned, it does not appear to want to do it again, at least not so far in the current time frame since I did the first post. So I cannot determine the criteria for being targeted. None of the applications are new installs, they have been on my computer since installation.

The screen shot shows a typical response to being scanned, I would suspect in a "sandbox" as the application abends due to not being able to reach the database.

I haven't seen this behaviour in Avast before, and I am wondering why or what is triggering it.
I was not surprised to see it happening on application executables resulting from the C compiler, but am on established applications.

[RejZoR]

If that all of a sudden happens on all EXE files, it could be an undetected virus (the actual file infector). Since it changes file hashes and makes them unique, DeepScreen will scan them all again. But since it's undetected one,y ou don't get any detection alerts... Seems the most plausible scenario imo...

[REDACTED]

If it is a change in hash value that has 'changed', but the executables do not have any known infection (all scans thus far have indicated such), it could also indicate that Avast has lost part of its hash value database, maybe via corruption.

I'll schedule an extensive scan for downtime. Hopefully that will 'rebuild' that hash database.

Thanks for the advice RejZor. Didn't know about the hash db.

[RejZoR]

I mean, the DeepScreen is relying on a feedback from the cloud together with local databases. Maybe your system is failing to connect to avast! cloud.

Go to Settongs -> Updates and check if you're connected to the cloud (Steaming updates).

That could be one of the reasons why avast! is alerting you on all executables.

[Milos]

Hello,
can you send us some of the files, which were executed on DeepScreen to analyze? Use https://support.avast.com/ -> Avast Virus Lab and reason "False positive".

Milos

[REDACTED]

I have done the "False Positive" secure email, although the success of which is indeterminate.

After pressing 'submit', the flashing bars graphic appeared for a while, and afterwards, the attachments were removed, but otherwise, the screen did not change. I would have expected redirection to a 'success' page  or a acknowledgement message, but there was none.