Author Topic: Stop detection of jailbreak items  (Read 2623 times)

0 Members and 1 Guest are viewing this topic.

Offline Bob Jones

  • Newbie
  • *
  • Posts: 9
Stop detection of jailbreak items
« on: January 22, 2020, 08:17:29 PM »
Hello. I am an Avast user with a jailbroken iPhone. To clarify, Avast is running on my Mac, not on my phone.

As a user who has a jailbroken phone, I download jailbreak-related files on my Mac to sideload to my iPhone via a charging cable connecting the two. I would like to have Avast quit detecting and putting jailbreak-related files into the virus chest on my Mac.

I was wondering if this is possible (to specifically exclude detecting jailbreak-related files). If not, is there any place I can provide feedback to Avast about this?

Thanks!

(Note: I made a new post based on a recommendation made here: https://forum.avast.com/index.php?topic=231719.0)
« Last Edit: January 22, 2020, 08:19:12 PM by Bob Jones »

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2779
  • Volunteer
Re: Stop detection of jailbreak items
« Reply #1 on: January 22, 2020, 08:29:54 PM »
Hi Bob,

Note: My experience is only with Avast! Windows. However, it should be possible to exclude folders and files.

See this article >> https://support.avast.com/en-ca/article/Antivirus-scan-exclusions

On a side note: Jailbreaking applications are likely detected due to their nature. They designed to bypass restrictions set by the manufacturer. It's worth noting that jail broken applications can lay backdoors, credential stealers and more into your OS; hence the detection for them.

Let us know how you make out.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student.

Offline Bob Jones

  • Newbie
  • *
  • Posts: 9
Re: Stop detection of jailbreak items
« Reply #2 on: January 22, 2020, 08:37:19 PM »
Hi, Michael.

That makes sense. However, one of the applications I use installs jailbreak-related files into the tmp directory temporarily before installing it to my iPhone. Whitelisting the tmp directory would probably not be advisable due to obvious reasons. Also, there isn't really a way to whitelist specific files because the files are downloaded with temporary random names.

Also, I understand the risks that come with a jailbroken device, and I am willing to take the given risk because of the functionality I gain from jailbreaking. Additionally, I am very careful in what I download and run on my device.

So, if there is no way to exclude a "type" of detection, is there some place I can provide feedback to Avast to suggest the addition of this functionality?

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2779
  • Volunteer
Re: Stop detection of jailbreak items
« Reply #3 on: January 22, 2020, 10:58:46 PM »
The functionality likely already exists, just not in your product. What I mean by this is, it's likely an advanced feature in a Business setting where a use case for this might be (more easily) justified. It's worth noting that any such functionality in a Business or Corporate environment would rely on a central management system. Generally, in fact, almost always, it's better business to deal with 100,000 users who want function X, then 1 user who wants function Y. Is there anything in common in the detected files (A common extension for example) that you can use as a way of excluding that?

You can always contact Avast! here (Premium Security) >> https://support.avast.com/en-ca/contact/paid_mac_avast-premium-security-for-mac

or (Avast! Security) https://support.avast.com/en-ca/contact/paid_mac_Avast-Security-for-Mac

Both rely off order IDs. If you're using Mac Free, then I don't know of an easy way to get ahold of them, aside from here.

Edit: Can you post a screenie of the detection, please?
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student.

Offline Bob Jones

  • Newbie
  • *
  • Posts: 9
Re: Stop detection of jailbreak items
« Reply #4 on: January 23, 2020, 08:57:29 AM »
That's a good question. The file types tend to either by .ipa files or .app files (technically directories, I suppose).

Here is a sample screenshot for you:



The async wait exploit is one of the methods unc0ver can use to jailbreak an iPhone.

The threat name can also be MacOS:Jailbreak-E [Trj] sometimes.
« Last Edit: January 23, 2020, 10:03:32 AM by Bob Jones »

Offline Vladimirz

  • Avast team
  • Jr. Member
  • *
  • Posts: 22
Re: Stop detection of jailbreak items
« Reply #5 on: January 23, 2020, 01:05:36 PM »

Offline Bob Jones

  • Newbie
  • *
  • Posts: 9
Re: Stop detection of jailbreak items
« Reply #6 on: January 23, 2020, 05:38:13 PM »
I understand that, Vladimirz. It makes sense that jailbreak files are detected. Nevertheless, I believe my question still stands. You should still be able to exclude what you do not want detected. I am not questioning whether a jailbreak file should be detected for most users.

Just as you can make specific filepath exclusions to detections to Avast when you don't want a file to be detected, I believe this falls under a similar umbrella.

Could someone explain more about whitelisting files by filetype? If I could whitelist .ipa files, that would partially solve my issue.
« Last Edit: January 23, 2020, 05:40:01 PM by Bob Jones »

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2779
  • Volunteer
Re: Stop detection of jailbreak items
« Reply #7 on: January 24, 2020, 06:35:55 PM »
You can always disable shields for the duration of the crack. The use of the crack (and whitelisting the associated files it drops) negates any protection those shields would offer in the first place. This would be the simplest options in this instance. The risk of infection is normally posed by the files and websites you visit. You've already visited the website, and you're disregarding the notices from Avast!.

To my knowledge, the functionality of whitelisting specific file types is not offered in most consumer AVs. It's an option reserved  for Enterprise solutions where you have a dedicated team to handle such security threats.

*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student.

Offline Bob Jones

  • Newbie
  • *
  • Posts: 9
Re: Stop detection of jailbreak items
« Reply #8 on: January 24, 2020, 06:42:00 PM »
Yeah, I suppose disabling the shield while downloading such files is an option. If that is the only way to go about it as a free user, then so be it. Thanks!

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 44139
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Stop detection of jailbreak items
« Reply #9 on: January 24, 2020, 06:57:33 PM »
Yeah, I suppose disabling the shield while downloading such files is an option. If that is the only way to go about it as a free user, then so be it. Thanks!
Avast has already stated that in their opinion, this is malware.
If you want to bypass your protection, you do so at your own peril.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5086
Re: Stop detection of jailbreak items
« Reply #10 on: January 28, 2020, 11:04:40 AM »
In such situation it would likely be necessary to disable the on-access scanning when you use your jailbreak software. Any AV is going to detect software using exploits wither avast or another vendor.
"People who are really serious about software should make their own hardware." - Alan Kay