Guys, sorry but I need to bring this up!
Case 16002482 wast created at June 17th in 2022(!!!) and is about serious problems related to the function of the Avast Exchange Plugin.
Basic Problem here is that the Plugin is either active or not and the hub is basically not able to detect/view the plugin status correctly. We've seen customers where tha Hub said: Plugin is enabled but the Avast GUI on the Exchange server was disabled.
Many of our customers use Exchange as mailserver.
So why the hell is this a security issue?
1. Phishing attacks are meanwhile running with onenote documents.
2. Today an Avast hub detection mail got my attention with this detection:
File path: C:\Users\username\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZ76VU6J\DocumentsFolder_167856_Feb_03.one|>[Embedded:onenote_attachment
I was aware from the past that onenote is one of the new attacking vectors for phishing attacks... So I did a quick reseach regarding this topic.
As an result of this I got to the conclusion that I want to prevent OneNote files from getting into our customer client environments.
I allready was aware that Avast policie settings did not allow file blocking just by the Avast e-mail scanner settings on
endpoints*. But I did know that this is possible within the exchange plugin. So I made this setting now to all of our customers that are managed by global policies. Now the plugin will block any files with *.one.
To confirm that "*.one" is the righe wildcard I opened a ticket since from my expirience Avast is using not quite the same structure for wildcards in file shield and behavior shield for instance... That's why I do not trust Avast here!
Be aware that here:
https://businesshelp.avast.com/Content/Products/AfB_Management_Consoles/ConfiguringSettingsandPolicies/Wildcards.htm?Highlight=wildcard is nothing documented regarding this...
So with all this stuff in mind I come to the conculusion that Avast is not able for
month to fix a buggy exchange plugin which in this special matter is crucial for us to strengthen customers security.
Second topic as we talk about blocking documents on the endpoint!
Why is the Avast endpoint e-mail scanner not able to block files? If I'm not misstaken AVG had this function for quite some time. It was removed than some day and is until now only a feature of the exchange plugin.
In my opinion this needs to be fixed.
And yes I'm well aware of that also other security products needs to be in place on the customers end to prevent certain files from reaching the endpoint. But doing this job almost 20 years I also know that not every customer has the same serucity setup.... Avast is the only endpoint protection that almost all of our customers use since we migrated them to the Hub.
So thats the reasond why I personally expect much more from Avast here.
That's also the reason why I make thing like that public here...
So let's talk about that please and change what needs to be improved!
