Author Topic: Avast ignores exceptions. Also keeps removing exceptions.  (Read 12916 times)

0 Members and 1 Guest are viewing this topic.

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #45 on: October 04, 2022, 10:32:46 AM »
What do you mean exactly?

I'm running the latest version of the software and definitions. Should I re-enable those two shields and see if the exceptions are respected, or do you mean that the exceptions should no longer be needed at all for mining executables?

I don't trust that the behaviour will be consistent from update to update, so I've opted to keep anti-rootkit and anti-exploit disabled.

At this point I'm not 100% sure if an update re-enables the disabled shields, or it is the cycle of disable and enable (via task bar) needed to install new versions of miner software, doing that. The problem remains the same: I can't even download the installer without it getting blocked/quarantined. So I have to disable shields for a moment. Same for installation. When I the go to re-enable it also enables those two shields because there is no option to just re-enable the shields I already had running.

I get that mining software can be problematic and Avast has to be cautious. But users who want to mine should be able to tell Avast to not freak out when downloading an installer or trying to install and run said software. So that we can use mining software without having to disable anything, even for a few minutes.

Avast removing exceptions though is just not right.

If your virus definitions are up to date and you enabled anti-rootkit and anti-exploit, LolMiner.exe should no longer be detected.
To investigate the issue with exceptions, we would need at least this file: arpot.log
C:\ProgramData\Avast Software\Avast\log\arpot.log

Offline Rundvleeskroket

  • Poster
  • *
  • Posts: 508
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #46 on: October 04, 2022, 07:54:11 PM »
Lolminer should no longer be detected by those shields with or without exceptions in place?
What about NBminer.exe? That's the other executable that kept getting deleted.

If it was false positives, then what is to stop Avast from quarantining the next version of the executables?

I've looked at arpot.log and it is mostly fine, but it does contain identifiers I would rather not share, such as mining-addresses. Is the log still of use to you if I were to substitute those? And where would I then send it?

Thanks.

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #47 on: October 05, 2022, 11:22:58 AM »
Lolminer should no longer be detected by those shields with or without exceptions in place?
What about NBminer.exe? That's the other executable that kept getting deleted.

If it was false positives, then what is to stop Avast from quarantining the next version of the executables?

I've looked at arpot.log and it is mostly fine, but it does contain identifiers I would rather not share, such as mining-addresses. Is the log still of use to you if I were to substitute those? And where would I then send it?

Thanks.

Both miners, irrespective of exceptions.
Please upload the log to the Avast FTP server: https://support.avast.com/article/FTP-file-upload

Offline Rundvleeskroket

  • Poster
  • *
  • Posts: 508
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #48 on: October 05, 2022, 09:33:49 PM »
Hi.

I've removed all my exceptions for miners, and reactivated rootkit shield and anti-exploit shield.

When I tried to start NiceHash the main Nicehashminer.exe got blocked!

Then I added an exception with a wildcard to exclude everything in the Nicehash folder, which includes the subfolders with the miners.

Sadly, lolminer.exe, despite having an exception for all the subfolders containing the mining executables, also still gets blocked and quarantined!

Anti-rootkit / Anti-exploit still straight up ignore exceptions. Only with those shields de-activated can I run the software.

To add to that: I have set all shields to ASK before deleting or quarantining. That too gets ignored. Avast quarantines regardless!

So, to recap; anti-exploit and anti-rootkit shield both still detect lolminer.exe, and even with exceptions quarantine it, ignoring both exceptions and my preferences to ask what to do when finding 'malware'.

That means we're back to where we started; Avast says one thing, but does another :/
« Last Edit: October 05, 2022, 10:02:39 PM by Rundvleeskroket »

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #49 on: October 06, 2022, 08:45:40 AM »
@Rundvleeskroket,

Please provide the log.

Offline Rundvleeskroket

  • Poster
  • *
  • Posts: 508
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #50 on: October 06, 2022, 09:37:38 AM »
I've uploaded a zip of arpot.log to ftp.avast.com/incoming

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #51 on: October 07, 2022, 03:32:18 PM »
I've uploaded a zip of arpot.log to ftp.avast.com/incoming

Hi,

Some improvements have been made for exclusions.  Please update your virus definitions (update VPS #221007) and see if there is still an issue with exclusions for you.

Offline Rundvleeskroket

  • Poster
  • *
  • Posts: 508
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #52 on: October 07, 2022, 08:22:35 PM »
I updated definitions to VPS 221007-8

After enabling anti-exploit and anti-rootkit shield and running Nicehash, lolminer.exe was immediately quarantined. Details state it was anti-exploit shield that did it. Exact same popup as posted above.

This is still with exclusions in place, and all shields set to ASK. Both get ignored!

The main Nicehashminer.exe and nbminer.exe were allowed to run, but I dare not try without exclusions set. Those exclusions that supposedly shouldn't even be necessary.
« Last Edit: October 08, 2022, 02:42:08 AM by Rundvleeskroket »

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #53 on: October 13, 2022, 09:48:43 AM »
I updated definitions to VPS 221007-8

After enabling anti-exploit and anti-rootkit shield and running Nicehash, lolminer.exe was immediately quarantined. Details state it was anti-exploit shield that did it. Exact same popup as posted above.

This is still with exclusions in place, and all shields set to ASK. Both get ignored!

The main Nicehashminer.exe and nbminer.exe were allowed to run, but I dare not try without exclusions set. Those exclusions that supposedly shouldn't even be necessary.

Hi,

Another update for exclusions was released yesterday.  Please update your virus definitions.

Offline Rundvleeskroket

  • Poster
  • *
  • Posts: 508
Re: Avast ignores exceptions. Also keeps removing exceptions.
« Reply #54 on: October 13, 2022, 12:55:48 PM »
Hi.

VPS 221012-6

I enabled anti-rootkit shield and anti-exploit shield, and ran Nicehash. Now both nbminer and lolminer can run.

I then deleted the exception for C:\Users\Username\AppData\Local\Programs\NiceHash Miner\* and Avast blocked and threw an alert for every single executable and DLL in the folder. Literally dozens of popups!

At least it asked, so that's progress. But the exception for the folder and subfolders is still very much required.

So; I'll have to keep the exception in place despite being told here it wouldn't be necessary. It absolutely is!

I'll keep anti-rootkit shield and anti-exploit shield enabled for now and see what happens.