Hello ccm582.
1/ Answered in one of my previous posts
2a/ Ok, this is pretty fresh configuration export. We will test it more thoroughly next week.
3/ Yes, Avast One tends to be lighter than standard Antivirus but there are also other components related to privacy, performance etc. We will look more at the UI and Firewall rules to see whether we can induce something similar.
4a/ Avast One and dark mode - although it is available in the Antivirus, it is not planned in the Avast One at the moment (it seems simple, but it is actually not).
4b/ Avast One and antifingerprinting - it is available in the Avast One while not in the Essential (Free) edition. I shared this with the product manager of the Avast One (I am sure he is aware of this and there is a good reason for it).
4c/ Avast One vs standard AV exceptions configuration - can you tell me why would you like to have exception for e.g. shields while not for scan? I mean once the scan is done in folder not in exception for scan, it could be quarantined etc. I am not saying we cannot do this, but would like to understand the story behind ;-)
6a/ EICAR detection and disinfection
Well, EICAR test file is I would say simple definition detection and as a such does not required any disinfection simply because it is not needed. In more advanced threats, detected especially by the Behaviour Shield, there is system disinfection usually required and performed.
6b/ Basically, once the AV drivers are loaded (during the system boot) there is nothing that would escape them so although the AV application itself could be started "at some point" after the computer start (processes, services, etc.) the computer is protected already.
7/ Avast Firewall untrusted (public) network profile does not mean to block all the incoming connections. It is a much more strict profile of course then applied for trusted networks, but there are some exceptions for incoming traffic.
The flow for the incoming traffic is as follows and it is evaluated in this order: Traffic --> Network rules --> App Rules --> (Ask dialog, if enabled) -> App/System. In the section Firewall - Firewall settings - View Firewall Rules - Network rules you can see the rules that are above the rule “Public Tcp/Udp In Block” (which blocks all the incoming connections on TCP and UDP protocol). These rules are above which means they are evaluated first.
In your case, I would say that the incoming connection was allowed by the rules above the “Public Tcp/Udp In Block” and as long as Firewall did not find the existing rule in Application rules the Ask dialog was triggered. If you want to adjust the setting, it is possible to do it on the page with Basic Rules or you can create your own Firewall rules on the Network/Application Rules page.
Response to the Behavior / Ransomware Shield will be answered later
Have a nice day! Petr