Author Topic: New beta version 22.6.6017  (Read 5939 times)

0 Members and 1 Guest are viewing this topic.

Offline petr.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 252
Re: New beta version 22.6.6017
« Reply #15 on: June 15, 2022, 11:38:33 PM »
Hello ccm582, let me also thank you again for taking your time and provide valuable feedback.

1/ Hide Folders 5 - we are going to retest this scenario but now via updating older version (before 6016) to the actual one to see what happens and let you know here.

2a/ I just retested this with Strict mode on and it works on my machine. There must be something bad with the export. Did you restart the computer after settings import? Do you remember when did you do the settings export?

2b/ I created a requirement to have checkboxes next to the folders you want to add into the Ransomware protection and I belive it will be coded and available in some of the next versions.

2c/ OK  ;)

3/ Well, the problem with UI can be caused by the fact the UI needs to load some stuff out of the AV itself in order to work so that it could be slower as the system is due to this. Interesting is the information regarding Avast One being better in this than the AV.

4/ File scanned again by our AV (although added to persistent cache last time) could be caused by e.g. updating the virus database. The first time we scanned the file and reported it as clean may change as we could add detection of it to the latest virus database. In other words, we cannot simply skip testing already tested files just because of past results.

I prefer to use FS 'Scan all files' as a friend told me he had malware hiding in his PC simply by using an innocent extension like .jpg or .txt or .mp4 (can't remember which).
Well, if there is an infected file with such extension, it would not cause any damage to your computer until renamed back to the original extension to be interpreted by the system based on its origin or until there is some way in the application that will run it (work with the file) as e.g. jpg file to take advantage of some vulnerability in it.

The "Files with recommended extensions" is I would say safe enough to work with the computer on daily basis and if I would like to be super-sure there nothing on your computer (although just stored there) I would schedule full scan with Scan all files option to eventually remove anything left on the device while having good performance of the system itself and still be protected very well (saying very well based on scoring in e.g. last AV comparatives tests: https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2022/ where default settings is used).

BTW: thank you for sharing your hw configuration with us.

Petr

Offline ccm582

  • Jr. Member
  • **
  • Posts: 96
Re: New beta version 22.6.6017
« Reply #16 on: June 16, 2022, 09:00:52 AM »
Thank you, petr, again for responding so quickly.

I forgot to mention earlier that I'm using a SSD in my laptop and a HDD external hard disk for data so that I don't lose data in case my Windows crash which it did in the past due to Windows Updates.

1/  I may not be using Hide Folders 5 after its trial is over. But this may be important for those who bought it and will use it permanently.

2a/  I did restart after Import as Avast prompted me too. If I didn't, my Settings will not be imported. I did last Export of settings during Beta 6015. I remember doing an Export of same settings in Beta 6017 to test whether it would solve the RS problem.

3/  I feel that Avast One feels lighter than Avast Free because I think the latter has more settings and features. Even with FS set to 'scan recommended extensions', Avast Free's UI tends to hang a lot after adding, deletion or changing of Firewall Rules.

4/  As you're the expert, I will take your advice that FS scanning recommended extensions is enough and the next time I reinstall Avast, I will do that. As I used Avast Free to scan all files, I can use Avast One as it won't be necessary to scan all files and there won't be a UI problem. But Avast One doesn't have a Dark Mode/Themes and anti-fingerprinting.

It is a good idea to do Full Scan to make sure the system is clean. In Avast Free Exceptions, we can add a folder/file to prevent File/Behaviour Shield from scanning it but allow other scans such as Full Scan. But in Avast One Exceptions, there is no such choice and so the folder/file will not be scanned by File, Behaviour and other Scans. Can you either have Avast One have the same option as Avast Free, OR have a sliding button next to each item to activate/deactivate the Exception without having to delete the item and then adding it again just to scan it.

BTW, I hope you can answer some concerns raised in this Forum:

5.  There are YouTube test videos, raised in this Forum, that Behaviour Shield and Ransomware Shield are not as good as other AVs in protecting against zero-day ransomware/malware. Avast is only good if there are virus definitions. Your thoughts?

6.  I tried two other AV programs with the simple Eicar test virus. When detected, they take a long time to delete it because they have to 'disinfect' the system first to find out whether the virus caused damage. Avast will block and send to Quarantine the Eicar test virus almost immediately. Without 'disinfection', can any malware cause damage or does Avast block them from acting immediately? What about malware that acts during PC startup?

7. Windows 10's Firewall has option to block all incoming connections. If in Avast Firewall, I set my network to Untrusted which is supposed to block all incoming connections, why did I get a pop-up asking whether I will allow 'System' incoming connection?

« Last Edit: June 16, 2022, 09:25:51 AM by ccm582 »

Offline guy.rouillier

  • Newbie
  • *
  • Posts: 11
Re: New beta version 22.6.6017
« Reply #17 on: June 16, 2022, 12:03:56 PM »
Copying from your previous post about beta 6016.

I've been an AVAST user for 10+ years.  Worked flawlessly until  recently.  I have been struggling for the last 1-2 weeks with constant virtual machine errors when running VirtualBox.  Google searches only found many articles saying to turn off Hardware-Assisted Virtualization, but this setting was unchecked on my system. The only way I could run a virtual machine was to temporarily disable all shields, which is obviously not a good solution.

I installed this beta, and initially I was able to start up multiple VMs without error, both running different versions of Linux.  Unfortunately, when I attempted to update the software in one of the VMs, I again got the popup error with title "VirtualBox - Guru Meditation", with text beginning "A critical error has occurred while running the virtual machine and the virtual machine has been stopped."  In the log file, the error recorded is VERR_VMM_SET_JMP_ABORTED_RESUME.

So for me, at least, this beta does not completely fix the issue.  Please let me know if I can provide any further diagnostic assistance.  My system is running Windows 7 Professional 64-bit, and my hardware is dual AMD Opteron 4324.  Avast is reporting its version as 22.6.6017.

Offline petr.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 252
Re: New beta version 22.6.6017
« Reply #18 on: June 16, 2022, 01:57:28 PM »
Copying from your previous post about beta 6016.

I've been an AVAST user for 10+ years.  Worked flawlessly until  recently.  I have been struggling for the last 1-2 weeks with constant virtual machine errors when running VirtualBox.  Google searches only found many articles saying to turn off Hardware-Assisted Virtualization, but this setting was unchecked on my system. The only way I could run a virtual machine was to temporarily disable all shields, which is obviously not a good solution.

I installed this beta, and initially I was able to start up multiple VMs without error, both running different versions of Linux.  Unfortunately, when I attempted to update the software in one of the VMs, I again got the popup error with title "VirtualBox - Guru Meditation", with text beginning "A critical error has occurred while running the virtual machine and the virtual machine has been stopped."  In the log file, the error recorded is VERR_VMM_SET_JMP_ABORTED_RESUME.

So for me, at least, this beta does not completely fix the issue.  Please let me know if I can provide any further diagnostic assistance.  My system is running Windows 7 Professional 64-bit, and my hardware is dual AMD Opteron 4324.  Avast is reporting its version as 22.6.6017.

Hi guy.rouillier, if you would be so kind, could you please isolate which of the shields in AV are enough to disable in order to solve the problem so we at least know which one is causing it + send us support package (with log files, etc.) by executing "c:\Program Files\Avast Software\Avast\SupportTool.exe". Thank you very much for your cooperation. Petr

Offline petr.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 252
Re: New beta version 22.6.6017
« Reply #19 on: June 16, 2022, 02:59:11 PM »
Hi ccm582, let me inform you that I successfully induced the issue with the Hide Folders 5 application and created a ticket for devs to check/fix it. Will keep you informed about it ;) I will also respond to your recent post later today. Have a nice day! Petr

Offline guy.rouillier

  • Newbie
  • *
  • Posts: 11
Re: New beta version 22.6.6017
« Reply #20 on: June 17, 2022, 06:20:57 AM »

Hi guy.rouillier, if you would be so kind, could you please isolate which of the shields in AV are enough to disable in order to solve the problem so we at least know which one is causing it + send us support package (with log files, etc.) by executing "c:\Program Files\Avast Software\Avast\SupportTool.exe". Thank you very much for your cooperation. Petr

Here is what I've been able to isolate to the best of my abilities, not knowing the inner workings of Avast.  First, I have to reboot and before starting any apps, disable all shields via the notification area icon.  If I start any apps that would activate the shields (like my browser - Web Shield - or my email client - Mail Shield), then the problem always occurs.  I'm guessing that starting an app that would cause a particular shield to be activated, like the email client activating the Mail Shield, causes all the shields to be activated.

After disabling all shields, then my VMs run without error.

I then enable Web Shield and Mail Shield; again the VMs run without error.  In addition, Avast adds 5 Notifications for the following shields being disabled:
  • Ransomware Shield
  • Behavior Shield
  • File Shield
  • Anti-Rootkit Shield
  • Anti-Exploit Shield

I next enabled Ransomware, Behavior and File Shields; again the VMs run without error.  Finally, I enabled Anti-Rootkit, and the problem occurs.  In another series of tests, I tried enabling Anti-Exploit, but that also enabled Anti-Rootkit.  The problem occurs, but I believe that is because of Anti-Rootkit, not Anti-Exploit.  So Anti-Rootkit appears to be cause of this issue.

I generated the support file as instructed.  I included a screenshot of the error message that pops up when the problem occurs; I'll also attach that screenshot here.  SupportTool prompted me for a ticket number which I don't have, so I left that blank.  I hope this helps.  Let me know if I can do anything else to help isolate this problem. 

[EDIT 6/20/22] Since posting this, I discovered how to turn on and off the Anti-Rootkit Shield and Anti-Exploit Shield through the Avast UI: Menu -> Settings -> Protection -> Core Shields -> Enable Anti-Rootkit Shield / Enable Anti-Exploit Shield.  Using that, I was able to enable the Anti-Rootkit Shield but leave the Anti-Exploit Shield disabled.   My VMs continued to run without error.  When I enabled Anti-Exploit Shield, the VMs failed as described.  So, I now believe the real source of the problem is the Anti-Exploit Shield.
« Last Edit: June 21, 2022, 05:03:32 AM by guy.rouillier »

Offline petr.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 252
Re: New beta version 22.6.6017
« Reply #21 on: June 17, 2022, 09:13:38 AM »
Hi ccm582, let me inform you that I successfully induced the issue with the Hide Folders 5 application and created a ticket for devs to check/fix it. Will keep you informed about it ;) I will also respond to your recent post later today. Have a nice day! Petr

Hello everybody. Please let us inform you about an issue with starting hf5.exe process from Hide Folders 5 application we discovered based on report from one of our BETA users (https://forum.avast.com/index.php?topic=319869.msg1688960#msg1688960).

After analysis we belive the issue is with checking event of created user session by Hide Folder application service fsproflt2 (SERVICE_CONTROL_SESSIONCHANGE) which may be affected after the Windows Avast Antivirus installation (changing boot timing). In other words, it may happen after installation of any other application (not only Avast Antivirus) too and therefore needs to be addressed in the Hide Folders code.

Also note that on Windows 10 there is Privacy setting "Use my sign-in info to automatically finish setting up my device after an update or restart" which is enabled by default - we belive that turning off this option will solve the issue too (but as it is on by default by MS, it would require each affected client to do so).

Offline petr.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 252
Re: New beta version 22.6.6017
« Reply #22 on: June 17, 2022, 10:41:57 AM »
Hi guy.rouillier, thank you for your time and information provided - I created ticket for devs to look at it further. Could you please share the ID of the package from the support tool? The package can be found here: c:\Users\<your_username>\AppData\Local\AvastSupport - so its filename would be great to know. Thank you.

Offline petr.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 252
Re: New beta version 22.6.6017
« Reply #23 on: June 17, 2022, 10:46:27 AM »
Hello ccm582.

1/ Answered in one of my previous posts  ;)

2a/ Ok, this is pretty fresh configuration export. We will test it more thoroughly next week.

3/ Yes, Avast One tends to be lighter than standard Antivirus but there are also other components related to privacy, performance etc. We will look more at the UI and Firewall rules to see whether we can induce something similar.

4a/ Avast One and dark mode - although it is available in the Antivirus, it is not planned in the Avast One at the moment (it seems simple, but it is actually not).
4b/ Avast One and antifingerprinting - it is available in the Avast One while not in the Essential (Free) edition. I shared this with the product manager of the Avast One (I am sure he is aware of this and there is a good reason for it).
4c/ Avast One vs standard AV exceptions configuration - can you tell me why would you like to have exception for e.g. shields while not for scan? I mean once the scan is done in folder not in exception for scan, it could be quarantined etc. I am not saying we cannot do this, but would like to understand the story behind ;-)

6a/ EICAR detection and disinfection
Well, EICAR test file is I would say simple definition detection and as a such does not required any disinfection simply because it is not needed. In more advanced threats, detected especially by the Behaviour Shield, there is system disinfection usually required and performed.

6b/ Basically, once the AV drivers are loaded (during the system boot) there is nothing that would escape them so although the AV application itself could be started "at some point" after the computer start (processes, services, etc.) the computer is protected already.

7/ Avast Firewall untrusted (public) network profile does not mean to block all the incoming connections. It is a much more strict profile of course then applied for trusted networks, but there are some exceptions for incoming traffic.
The flow for the incoming traffic is as follows and it is evaluated in this order: Traffic --> Network rules --> App Rules --> (Ask dialog, if enabled) -> App/System. In the section Firewall - Firewall settings - View Firewall Rules - Network rules you can see the rules that are above the rule “Public Tcp/Udp In Block” (which blocks all the incoming connections on TCP and UDP protocol). These rules are above which means they are evaluated first.
In your case, I would say that the incoming connection was allowed by the rules above the “Public Tcp/Udp In Block” and as long as Firewall did not find the existing rule in Application rules the Ask dialog was triggered. If you want to adjust the setting, it is possible to do it on the page with Basic Rules or you can create your own Firewall rules on the Network/Application Rules page.

Response to the Behavior / Ransomware Shield will be answered later ;)

Have a nice day! Petr

Offline ccm582

  • Jr. Member
  • **
  • Posts: 96
Re: New beta version 22.6.6017
« Reply #24 on: June 17, 2022, 12:07:58 PM »
Thank you, petr, for your detailed reply. After reading it, it resolved many  doubts I have about Avast.

I will reinstall Avast before my Hide Folders trial expires and try the Privacy setting. Will let you know when I do so. I'm sure you tested it before recommending it.

My reply to your questions and points raised:

4b.  I deliberately put Eicar and a few harmless malware into a folder. So I would select all the exceptions i.e. File Shield, Behaviour Shield and Scans to prevent quarantine.

But sometimes Avast may think a program is suspicious and want to quarantine it although the program is perfectly fine. So it is a false positive. It may take a long time for Avast to find it to be ok. So I set it to excluded from all Shields except Scan. When I scan it, I will know whether Avast still think it is malware. If by then it is cleared of suspicion, I can remove the exception. Avast Free allows me to do that but Avast One will exclude the folder from all shields and scans. This is one reason I prefer Avast Free.

In Avast One, you may not need to have exactly the same Exception options (Scan, File Shield...) as Avast Free. There are already checkboxes there. In addition to 'Remove' button at bottom, how about 'Enable/Disable' button at bottom too. Then we don't have to delete the Exception to scan, then add it back again.

4c.  I think Avast One excludes anti-fingerprinting to encourage Premium sales. I can live without anti-fingerprinting because Firefox and Brave browsers have it built in. There are also many browser extensions that do this so I don't think anyone would buy Premium just for this. This is similar to Avast One's VPN with Killswitch for Premium only. There are free VPNs that offer more data and Killswitch together which is why I don't use Avast VPN. A VPN without Killswitch is not safe.

6a. I have never seen Avast disinfection in progress as I never got any serious malware or ransomware. Are you saying that if a serious ransomware hits, Avast will block, quarantine it and then do a 'disinfection' to see whether it did any damage? If so, can it reverse the damage?

6b.  If my internet is on during boot-up, does Avast Firewall also stop my 'blocked applications' from accessing the internet if Avast starts AFTER the blocked app?

7.  In Avast Free or One, it is stated that Untrusted networks will block incoming connections. This may cause misunderstanding so perhaps you may want to re-word it.

Your explanation makes many things clear now. I used Comodo Firewall before which has a network rule of blocking all incoming connections after allowing outgoing connections and allowing a couple of ICMP incoming connections.  I suppose I can create a Network Rule to block all incoming connections and put it at the top. BTW, creating a Rule places it at the bottom. Then I have to drag it all the way past many rules to put it at the top. Any chance of a checkbox with go up/down/top/bottom arrows?

I look forward to your Ransomware/Behaviour Shield replies that I'm sure will answer many points raised in this Forum.
« Last Edit: June 18, 2022, 08:05:36 AM by ccm582 »

Offline petr.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 252
Re: New beta version 22.6.6017
« Reply #25 on: June 17, 2022, 02:09:53 PM »
Hi ccm582, just for the Hide Folders - well, some of us were not able to induce the issue at all as it is matter of timing. For me personally, the Privacy configuration did not help. We also contacted vendor of the software and they recommended the following:

In Registry Explorer browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsproflt2 and change Group value from UIGroup to Event Log. This helped on my machine but I would not consider it as "final" solution as it requires user interaction to solve the problem (not even talking about working with registry etc.).

However, the only way to solve the issue for all is from the vendor to change the code ;)

I will look at your reply next week and get back to you. Have a nice weekend! Petr

Offline guy.rouillier

  • Newbie
  • *
  • Posts: 11
Re: New beta version 22.6.6017
« Reply #26 on: June 18, 2022, 01:16:18 PM »
Could you please share the ID of the package from the support tool? The package can be found here: c:\Users\<your_username>\AppData\Local\AvastSupport - so its filename would be great to know.

I believe you are referring to the name of the generated zip file.  If so, that is: 20220617_0407_YNQ3B_930869535.zip

After uploading the file, I received an email from Manigandan Mohan on The Avast Support Team, gently asking "What's this?"  :)  I will reply to him with a link to this post.  If you could provide me the ticket number, I'll send him that as well. I have an Avast account with an email address if you would prefer to send the ticket number privately.

Thanks. 

Offline ccm582

  • Jr. Member
  • **
  • Posts: 96
Re: New beta version 22.6.6017
« Reply #27 on: June 18, 2022, 01:22:47 PM »
Hi Petr,

I had some time today and so I tested with both Avast One and Avast Free both version 22.6.6019 Beta.

The Registry solution worked. Hide Folders 5 now start up with both Avast Free and One.

Ransomware Shield sometimes work and sometimes doesn't. In Avast One,  for external drives, Ransomware Shield displayed this behaviour:

On PC reboot with external drive plugged in:

- RS doesn't work
- files deleted from external drive goes to its Recycle Bin.

If I pull out the external drive and plug it back in again,

- RS works
- files deleted are deleted permanently and doesn't go into Recycle Bin. RS makes the external hard disk into a flash drive where there is no Recycle Bin.

I then uninstalled Avast Free because of its UI problems, and Avast One because I want my deleted files to go into Recycle Bin instead of being deleted permanently.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: New beta version 22.6.6017
« Reply #28 on: June 18, 2022, 01:36:51 PM »
Could you please share the ID of the package from the support tool? The package can be found here: c:\Users\<your_username>\AppData\Local\AvastSupport - so its filename would be great to know.
I believe you are referring to the name of the generated zip file.  If so, that is: 20220617_0407_YNQ3B_930869535.zip
Yes, as the name includes the File-ID, so the devs can find it on the server. ;)
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline guy.rouillier

  • Newbie
  • *
  • Posts: 11
Re: New beta version 22.6.6017
« Reply #29 on: June 25, 2022, 01:35:08 PM »
I wanted to close the loop and report that my issue seems to have been fixed with the latest beta 6020.  With all Avast Shields enabled, I am able to run VirtualBox VMs without crashing.  I'll report on the 6020 thread on this forum if I encounter any more problems.

Thanks for the help.