Pixum (Photo album software): Ransomware-Protection

[pustekuchencake]

Dear Avast-Team,

I hope it's the correct way to inform you:

Since yesterday I get a ransomware warning while using a well-known German photo-album software, called Pixum Fotowelt by Cewe.
As I'm using it very often during the last weeks, I can tell, that it didn't happen using it last weekend. Yesterday I wanted to go on modifying my photo album and here it happend for the first time. I did some signature updates yesterday and today - but it didn't help.

As I haven't changed anything in the last days/weeks, I assume that the culprit is a signature update during the last days or week. At first sight it looks like a false-positive.

The ransomware warning appears in a special circumstance: I modify a picture with the included photo-editor (change brightness or sth. else). Afterwards the software asks me if I want to apply the changes. If I acknowlege this, the following ransomware warning appears:
(image isn't shown although I inserted one )



My environment:

• Win 7 x64 (latest Microsoft ESU updates/January 2021)
• Avast Free Antivirus 20.10.2442 (installed in the beginning of January)
• Pixum Fotowelt (by CEWE): latest version, 7.0.4 (installed also in the beginning of January)

[Asyn]

-> https://support.avast.com/en-ww/article/298/ (Blocked & Allowed apps)

[pustekuchencake]

I know how to stop the message. But that can't be the solution. It's like telling: uninstall Avast and it won't appear anymore 
It's obviously a bad signature update that causes this behaviour - at least I hope so. Or a hijacked application!

[Asyn]

I know how to stop the message. But that can't be the solution. It's like telling: uninstall Avast and it won't appear anymore 

Not at all, it's adding an app to the white list.

[RejZoR]

Ransomware Shield automatically allows whitelisted apps to access protected folders. It seems this app is not yet whitelisted. If you trust the app, you can just allow it and only this app will be allowed to access protected files in those folders while all others unsafe will still be blocked.

[pustekuchencake]

Common, guys. I know I can whitelist it. I can also whitelist a virus  That's not the topic.

The question is: why does it happen suddenly? The application wasn't whitelisted before and it worked like a charm. So something has happend (my guess: signature update) and the question is what happend. I hoped to find someone of Avast telling me: "Hey, give me your log files or some other details so that we can reproduce it in our Avast labs to fix it".

[Asyn]

Sorry, but you're chasing ghosts. As said, if you trust the app, allow it - else don't.

[RejZoR]

Common, guys. I know I can whitelist it. I can also whitelist a virus  That's not the topic.

The question is: why does it happen suddenly? The application wasn't whitelisted before and it worked like a charm. So something has happend (my guess: signature update) and the question is what happend. I hoped to find someone of Avast telling me: "Hey, give me your log files or some other details so that we can reproduce it in our Avast labs to fix it".

avast! automatically adds folders to Ransomware Shield if it thinks given folder is worth protecting based on its content. This usually happens during on-demand scans. Which would explain why it didn't notify before but does now. Open Ransomware Shield and see what folders are protected and you know you didn't add those by hand.

[Leo3487]

Users can remove folders from that list?

[Asyn]

Users can remove folders from that list?

Yes.

[pustekuchencake]

The files are placed on my Desktop. I didn't add any custom folder to Ransomware protection.
I think the user folder (where also the Destkop folder resides in) is protected by default, isn't it?