Author Topic: Avast Business Anti-Virus not detecting standard EICAR test  (Read 3535 times)

0 Members and 1 Guest are viewing this topic.

Offline Tim457

  • Newbie
  • *
  • Posts: 1
Hi all, I am a sys admin charged with providing a robust AV product for my company. I've had over twenty years experience in sys admin and worked with various products, I only mention that because it is important to know that I am approaching this task with a critical eye for peace of mind. We are hoping to get ourselves ISO27001 accredited and this is my expertise, the AV product we use must be robust and provide details on any incident, whether benign or malicious.
I am really liking Avast's interface, the UI is actually rather great, intuitive and smooth, I have now been using it for 30 days and I am only taking the time here to report my findings because I would really like to follow up with an investment in the product today.  Naturally, an AV product's primary objective is to protect from malicious software, so I have created a series of tests to see how it fares. Now, I know that journalists have been doing this for many years, but having had to deal with various malicious incidents in my years, I need to be reassured that at the very least the product can detect standard malicious identities. The most obvious of these is the EICAR test, yet I was rather worried to see that Avast would not detect it from the off - I then discovered this was because .TXT files are excluded from scanning, so I removed this exclusion and sure enough the EICAR string was detected.  I then generated another text file with the same EICAR string and it was not detected - I then edited the document slightly (adding a line of characters beneath it) and it was detected. I then created the text document again and it was not detected.
This inconsistency worries me.
I would also like to report another flaw in the product. As a sys admin, we should always be alerted to any incident on a machine - especially for ISO27001 - however, the alerting has an either/or feature - you either alert the user in app or send an e-mail to the admin - not both, this to me seems rather odd design - it is always best to notify both the user and the admin to security incidents.
Further, I note that there is no 2FA support for logging into my console and in fact it seems to be forever remained logged in - a serious security flaw in my opinion.
I also had a very bizarre experience where two rogue machines appeared in my console - I reported this to Avast, it is being investigated but 3 weeks on and they have not got back to me.
It is for the above reasons I have reservations about investing in this product. It would be great to hear other opinions on the above.