Author Topic: Avast Missing Lots Of Infected Files During Data Transfers  (Read 4625 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
I was transferring about 106GB of files from an external HDD to a laptop which had a fresh install of windows and Avast.
During the data transfer Avast was very busy blocking infected files, seemed like Avast was doing it's job well.

The problems started after I had finished transferring the files.

Out of the blue Avast started to detect files which had already been filtered in the data transfer as infected.

My question is how is it that loads of files that should had been scanned during the bulk data transfer where allowed though from the external HDD to the laptop.

 >:( >:( >:( >:( >:( 



 
« Last Edit: April 01, 2016, 02:36:03 AM by grahamjohnson10 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Avast Missing Lots Of Infected Files During Data Transfers
« Reply #1 on: April 01, 2016, 02:37:22 AM »
What type of files?

what malware name was given by avast?

was file moved to chest, if so post a screenshot


REDACTED

  • Guest
Re: Avast Missing Lots Of Infected Files During Data Transfers
« Reply #2 on: April 01, 2016, 02:53:47 AM »
Pondus I had copied all the contents of the Users folder on a laptop that needed a fresh install of Windows 10 64 to an external HDD so as to save all user data, so there where loads for different file extensions involved.

At the end of the scan there are about 455 infected files, so I have moved them all to chest.

https://goo.gl/photos/hbJ6hkkohE9YPsDF7

 

REDACTED

  • Guest
Re: Avast Missing Lots Of Infected Files During Data Transfers
« Reply #3 on: April 01, 2016, 03:41:12 AM »
I have now rescanned the folder and there are Zero infected files.

So to sum up what I have found is simply that Avast cannot be relied on to catch files during data transfer.



 

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Avast Missing Lots Of Infected Files During Data Transfers
« Reply #4 on: April 01, 2016, 08:38:45 AM »
Quote
So to sum up what I have found is simply that Avast cannot be relied on to catch files during data transfer.
It may be related to what settings in what shield vs what settings in on demand scan, like what to scan >  packers/archives to open or not open and scan


Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Avast Missing Lots Of Infected Files During Data Transfers
« Reply #5 on: April 01, 2016, 09:12:18 AM »
How exactly did you transfer the files? (What tool did you use, were they packed in some kind of archive, or just plain?)

REDACTED

  • Guest
Re: Avast Missing Lots Of Infected Files During Data Transfers
« Reply #6 on: April 01, 2016, 11:06:31 AM »
Avast was installed using default settings.

I was copying the files with unstopable copier.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Avast Missing Lots Of Infected Files During Data Transfers
« Reply #7 on: April 01, 2016, 11:38:31 AM »
OK, so we're talking about File System Shield only.
File System Shield does have only a limited set of unpackers enabled (because unpacking big archives like ZIP or RAR on access can easily kill your system - blocking it for tens of seconds when you touch a file). So yes, an on-demand scan with all unpackers active can certainly detect more (but to run a packed file, it has to be unpacked somewhere first - and that's when File System Shield would detect it).
To make things a bit more complicated, some (only a few) file types are scanned "on open" (i.e. on the source side of the copying process), more file types are scanned "on write" (i.e. the destination of the copy). Furthermore, the scanning on the destination side may even be delayed (i.e. the file doesn't get scanned right away, but there may be some delay - unless you open the file in between, it can be scanned in a few second instead of right away; when you're copying a huge number of files, the queue may get longer and delay bigger).

So the conclusion is - yes, copying a set of files from one location to another is not a good way to clean/disinfect that group of files; an on-demand scan is certainly better for that.
The shields sensitivity/scanning/actions are optimized to avoid unnecessary scanning and avoid slowing down the system during common operations; they should block infected files before they're actually used, but they are not trying to scan everything right away.