Author Topic: Can anything be done to stop DeepScreen popping up when compiling apps?  (Read 731 times)

0 Members and 2 Guests are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
And I don't mean by excluding the compiling folder, I'm wondering if there could be made through some sort of mechanism that would prevent it wasting 10-15 seconds of my time every time I compile an app for testing? avast! seems to be the only AV that checks apps this way and it gets quite annoying. Or is really the only solution to exclude the compile output folder and that's that? Would appreciate if avast! could have a native mechanism to avoid doing this...
Visit my webpage Angry Sheep Blog

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Re: Can anything be done to stop DeepScreen popping up when compiling apps?
« Reply #1 on: September 04, 2020, 10:47:41 AM »
The (originally called) DeepScreen scan is done on files rarely seen on our userbase... so that's exactly what the newly compiled executables would be.
So I think excluding the output folder is the way to go. (Of course, ideally it would only be excluded for DeepScreen/AutoSandbox, not for regular scanning - which I think the program still supports, but unfortunately that setting is completely gone from the UI).

As for detecting the "developer" scenario automatically... we discussed it a few times in the past, but:
1. There are many possible cases (development tools, compilers)
2. It could probably be abused - a malicious downloader somehow pretending to be a compiler (by whatever features we'd be detecting it, even if it meant including the original compiler binary and changing its behavior by launching a custom thread within the process) and avoiding the scan that way