Author Topic: avast! Home Edition refuses to let me delete exclusions  (Read 19076 times)

0 Members and 1 Guest are viewing this topic.

solcroft

  • Guest
avast! Home Edition refuses to let me delete exclusions
« on: May 17, 2007, 03:01:42 AM »
Hi,

I'm currently trying to completely wipe clean the exclusions list of the Standard Shield for testing purposes. However, the Standard Shield apparently refuses to let me do that - it re-adds some exclusions back to the list automatically every time I remove them all.

Is there some way to get around this problem? Thanks in advance.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #1 on: May 17, 2007, 03:14:31 AM »
There are default exclusions as far I know.
Can you check if into avast4.ini file they're listed there (Exclude value into [Common] section): http://forum.avast.com/index.php?topic=1647.msg10256#msg10256
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #2 on: May 17, 2007, 04:35:33 AM »
I believe that Tech is absolutely right ... there are certain files that the avast team know it is pointless to scan and that scanning of them can never be of any value to anyone. 

Given their expert knowledge - and the experience of the industry in general - I doubt if they have provided a work around.   

solcroft

  • Guest
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #3 on: May 17, 2007, 06:00:57 AM »
I believe that Tech is absolutely right ... there are certain files that the avast team know it is pointless to scan and that scanning of them can never be of any value to anyone. 
Oh please. ::)

Turn off avast!'s resident shields and download a malware file. Scan it with avast! to make sure avast! really can detect it. Now rename the file extension to something avast! excludes, I'll use 1.ini here as an example, and save it. Turn the resident shields back on. Open the command prompt, and type "start 1.ini".

Never, you say? ::)

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #4 on: May 17, 2007, 06:43:59 AM »
I'm sure the average user must do this all the time - not. 

But you ask me to deactivate avast before doing this - why would I be so foolish as to deactivate part of avast's protection to indulge in a way you believe the protection of avast can be circumvented?

If you will (oh) please explain to me how this malware can be downloaded to my system and activated with avast's protection active and in a way an avarage user might employ then I will be more than happy to comply with your scenario.
 
     
« Last Edit: May 17, 2007, 07:16:23 AM by alanrf »

solcroft

  • Guest
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #5 on: May 17, 2007, 07:15:46 AM »
I'm sure the average user must do this all the time - not. 

But you ask me to deactivate avast before doing this - why would I be so foolish as to deactivate part of avast's protection to indulge in a way you believe the protection of avast can be circumvented?
Of course average users don't do this. It's the black hat hackers who do.

If you have a piece of malware already renamed to .ini, then you don't even need to disable avast!'s Standard Shield to see it fail spectacularly. The whole point of turning it off in the first place was so you could rename the malware in peace without being interrupted by avast!, because AFAIK most malware don't come in .ini files yet (keyword is 'most', some Hupigon variants HAVE been using the .ini extension to camouflage themselves lately). So you could say that this is largely a theoretical weakness at the moment, but it's only theoretical, not because it's impossible to exploit, but because it's not (very) widespread ATM.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #6 on: May 17, 2007, 07:20:39 AM »
I modified my post about the same time as you replied.

I will acknowledge the possibility of your suggestion for a first time user where the system has already been infected.

Please re-read my edited post.  With avast on - I will allow you no other gotchas - I offer you my system as a test.   

Please show me what you want me to do to test out your theory.
   


solcroft

  • Guest
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #7 on: May 17, 2007, 08:01:17 AM »
I modified my post about the same time as you replied.

I will acknowledge the possibility of your suggestion for a first time user where the system has already been infected.

Please re-read my edited post.  With avast on - I will allow you no other gotchas - I offer you my system as a test.   

Please show me what you want me to do to test out your theory.
If you acknowledge "the possibility of your suggestion for a first time user where the system has already been infected", then by extension you are also acknowledging that any file with the extensions listed in the Standard Shield exclusions have no problem slipping past it. That was my whole point; what else do you want me to prove?

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #8 on: May 17, 2007, 09:13:17 AM »
Ah, you are not that slippery you can sneak past. 

If you are so sure, show me how this this infection gets in with avast active and then activated in the way you describe.

Anything might happen in an already infected system without avast.

Let's assume it is infected before installing avast.  Show us how the activation occurs. 

All I am asking is for you not to weasel your way round this in words ... infect my system and prove yourself.

I have publicly given you permission - I will not sue you - go ahead and show how it works.
« Last Edit: May 17, 2007, 09:32:45 AM by alanrf »

solcroft

  • Guest
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #9 on: May 17, 2007, 09:36:48 AM »
Well, apparently it seems that your aim here is to win the debate. ::)

Tell your friend to find a piece of malware. Rename it to any of the extensions excluded by the Standard Shield. Now write two files: 1) an autorun.inf file, pointing to a batch file
Code: [Select]
[autorun]
open=insert_name_here.bat
and 2) the batch file itself, which uses the "start" command to launch the malware, which had been previously renamed.

Next tell him to copy the 3 files (the inf and bat file, and the malware) to a USB drive. And, assuming you have autorun enabled on your computer, plug the USB drive into your computer.

I don't know of any malicious drive-by downloads which use this method yet, so you'll have to do it by USB. Theoretically, though, I don't see what's stopping a malicious website from similarly downloading an .exe renamed to .tmp or .ini or something similar, then using cmd.exe to invoke it.

Go ahead. Give it a try. I'm looking to answers to questions here, so hopefully this will keep you busy and away for a while.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #10 on: May 17, 2007, 09:43:35 AM »
Whatever happens next, whether you infect my system or not I suspect that you do have a valid point point for consideration and that I hope the avast team will respond to it. 

While avast tries to be as efficient as possible in its regular scanning, which I applaud, I have long felt that on first installing avast there should be the option of an intense scan that would scan all files on the system.  I have almost a terabyte of disk space on my system, I'm sure many have much more.  I can imagine the reluctance of many to have the time taken up by such a scan. 

Unless you can make a very clear case for the potential pathway for the infection you describe I doubt that many would go for more lengthy scans, especially on a more regular basis and unless your story is a lot more convincing than so far made.     

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #11 on: May 17, 2007, 09:49:24 AM »
I am looking for answers to questions too ... the questions I have put to you.  I am not trying to win a debate or prove a point.  It, is after all, you who initiated this as a fault you believe you have detected in avast - I am simply asking you to demonstrate it rather than ask anyone to infect a system to prove your point. 

You are asking that malware be deliberately inserted on the system without avast having any chance to detect it. 

Please tell me how you imagine that, in normal use, that malware gets onto the system in the first place.

Oh, and I'm not planning to go away anytime soon.

solcroft

  • Guest
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #12 on: May 17, 2007, 09:54:42 AM »
Whatever happens next, whether you infect my system or not I suspect that you do have a valid point point for consideration and that I hope the avast team will respond to it. 

While avast tries to be as efficient as possible in its regular scanning, which I applaud, I have long felt that on first installing avast there should be the option of an intense scan that would scan all files on the system.  I have almost a terabyte of disk space on my system, I'm sure many have much more.  I can imagine the reluctance of many to have the time taken up by such a scan. 

Unless you can make a very clear case for the potential pathway for the infection you describe I doubt that many would go for more lengthy scans, especially on a more regular basis and unless your story is a lot more convincing than so far made.     
Well, you could always, you know, walk the walk and actually TRY it, and then see what happens You're welcome to ask if you don't know how to write the files. Obviously, by asking me to prove to you how this could take place in an everyday scenario, you apparently have no idea how non-P2P worms typically spread. This IS an everyday scenario.

And just FYI, this flaw doesn't exist with manual scans, because you can wipe the exclusions list clean so that avast! scans all files. It's the Standard Shield that insists on not letting users delete some exclusions AND scanning files based on extensions rather than content type, that actually causes this loophole.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #13 on: May 17, 2007, 09:56:48 AM »
I admit I had not considered the option of USB drive - for which I certainly would not consider the option of autorun.  I will have to defer to the avast team on that one for those foolish enough to do so.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: avast! Home Edition refuses to let me delete exclusions
« Reply #14 on: May 17, 2007, 10:00:05 AM »
solcroft,

I do walk the talk. I have offered my system.  Tell me a web site to visit, I will provide you with an email address to send me an infected email.  I do not use P2P. 

Let me know how I might help you prove the point. You are not depending solely on the 'on acess' scanner to make your case are you?

And you do know that the exclusion lists are not effective in the P2P file scanning?
« Last Edit: May 17, 2007, 10:03:04 AM by alanrf »