Author Topic: since 2 days we have Avast armageddon (Read 2243 times)

Tom610 · « **on:** March 02, 2023, 09:52:12 AM »

1. Since feburary 28th Avast is detecting many .doc files (MW97:CVE-2006-2492) --> Case has been opened
2. As of this morning Avast behavior shield is going crazy! We have detections in an amount that we never had before. Something must have been change from Avast! Short Workaround: disableing behavior shield within the global policies...

Tom610 · « **Reply #1 on:** March 06, 2023, 03:52:10 PM »

Update:

After disableing the behavior shield last week (which worked so far) we see it still running on customer clients right away with detections of it.

This is really a mess Avast!

Action: Create a case --> revering to case 15814728 and informing contacts at Avast... hope we can speed up some things here...

bob3160 · « **Reply #2 on:** March 06, 2023, 03:56:05 PM »

Reported to Avast.

vojtech.vobr · « **Reply #3 on:** March 06, 2023, 04:52:04 PM »

Hello,

fix for this issue has been released in virus definitions update 230302-00, can you still reproduce it with current virus definitions?

Tom610 · « **Reply #4 on:** March 06, 2023, 05:09:48 PM »

Quote from: vojtech.vobr on March 06, 2023, 04:52:04 PM

Hello,

fix for this issue has been released in virus definitions update 230302-00, can you still reproduce it with current virus definitions?

To which problem of the two shall this apply? DOC or behavior shield?

Regardless of any definition updates: Those would not explain why behavoir shield is active again although disabled within global policies...

vojtech.vobr · « **Reply #5 on:** March 06, 2023, 05:30:27 PM »

I'm sorry, I missed the behavior shield question, only detections on DOC files were solved by virus definitions update.

We're currently working on resolving the behavior shield issue.

Tom610 · « **Reply #6 on:** March 07, 2023, 12:56:10 PM »

As per case 17592044 this problem (behavior shield) was also fixed...

At least as of today we do not have suche a great amount of detection/blocking mails from the hub. This indicates that it could be fixed indeed.

I'll keep an eye on this!

Tom610 · « **Reply #7 on:** March 07, 2023, 01:43:32 PM »

Negative: I enabled BS within our global client policy, right after that a bunch of Hub detection mails where sent...

This has definitely not been solved!!!!

Again I disabled BS since customers can't work with this and we still have 15814728 unsolved.

God this is so bad work guys!

PDI · « **Reply #8 on:** March 08, 2023, 12:40:13 PM »

Hi Tom610,

the issue was fixed but there may be some pending detections for some reason. There are 2 other shields running in the process which may have some impact on the results after the BS restart.

Could you please restart the devices before enabling the BS?

Thanks,
PDI

Tom610 · « **Reply #9 on:** March 10, 2023, 04:20:27 PM »

I have activated BS as of today 10.57 a.m german time.

We'll see next week how it goes with this.

Tom610 · « **Reply #10 on:** March 14, 2023, 02:16:01 PM »

Update: Seems that Avast has solved both problems. Hub has calm down... armageddon is over...

Author Topic: since 2 days we have Avast armageddon (Read 2243 times)

Tom610

since 2 days we have Avast armageddon

Tom610

Re: since 2 days we have Avast armageddon

bob3160

Re: since 2 days we have Avast armageddon

vojtech.vobr

Re: since 2 days we have Avast armageddon

Tom610

Re: since 2 days we have Avast armageddon

vojtech.vobr

Re: since 2 days we have Avast armageddon

Tom610

Re: since 2 days we have Avast armageddon

Tom610

Re: since 2 days we have Avast armageddon

PDI

Re: since 2 days we have Avast armageddon

Tom610

Re: since 2 days we have Avast armageddon

Tom610

Re: since 2 days we have Avast armageddon