Hello,
I am running Windows 7, Windows 64-bit, Avast 11.1.2241, ready to update to 11.1.2245 when I reboot, which I haven't done yet.
Issue:
1) Avast suspected a utility I have under "C:\Program Files\" was Win64:Evo-gen. It automatically removed the executable from its folder and into the Virus Chest (these were pdflatex, bibtex, and latex, in "Miktex\bin\x64" My environment had issues because it was no longer able to call those problems.
I had them scanned and sent to VirusTotal, and 0/55 report them negatively.
So I tried to restore them from the Virus Chest, but the executables were not restored to their original location. Ultimately, I had to extract them to a different directory in my user area, and then copy them to their original location. In doing so, Windows stated I didn't have the proper permissions.
Here's my theory on what happens:
- Avast sees a suspicious program and removes it to Virus Chest (with elevated permissions)
- User tries to restore the program to its original location
- Avast (as the user) is unable to write to the folder, despite asking for elevated permissions, so it silently ignores the failure
You can recreate this by putting a known trigger into a folder, give the user read/execute access but not write access for the folder itself. Try to run the trigger. Avast will catch the trigger, remove the file. When you go to virus chest and try to restore it, that will fail to put it back in the original area.
Not likely to be noticed by many people, but still a small annoyance ("I restored everything, so why wasn't it all restored???").
