NEW Avast version 23.8

[midnight]

Updated this AM with no problems 

[lukas.hasik]

Do these 'New Scan Smart detection capabilities' actually work in Avast Free, as in it does it do more than just report them and offer the paid Avast product ?

I rarely run the Smart Scan (or on-demand scans) outside of some questions in the forums, as it usually results in a recommendation for the Avast paid products.

The Identity scan checks your my.avast account email with our DB of leaked accounts+passwords. Obviously, you'll need the Avast Secure Identit product to get the issues resolved. (https://www.avast.com/en-us/secure-identity) otherwise you end up with a screen similar to the attached one where you where what leaked.

[lukas.hasik]

Does the improved web protection also apply to the free version?

Those capabilities are based on the "Real Site" feature which is part of Premium package. Unfortunately, it's not available for Free users. And probably won;t ever be as there is a cost connected with the DNS servers that are needed to provide this functionality.

Need to correct my answer.... I was wrong - please read an update from David - https://forum.avast.com/index.php?topic=324671.msg1709220#msg1709220

[aree2]

It is unfortunate for me to say but within 15m of updating to this version I had a bluescreen of death with System Service Exception as the error. I set my windows folder as exempt to see if it would stop and it did.

Still that is a big security hole so if anyone else has had this happen, free version, please speak up so it's fixed fast.

[jursa]

Does the improved web protection also apply to the free version?

Hi, yes it's included in both versions (the paid version contains an additional SecureDNS feature that can protect in a more generic way against DNS spoofing and DNS attacks). We have improved the DNS scanner and parser in Webshield component to detect/block multiple types of C2 communication via DNS traffic:
- Support for detecting C2 callbacks, data exfiltration and payload delivery through the TXT records
- Support for detecting DNS C2 tunneling through the malicious NS servers
- Scanner supports scanning of A, AAAA, PTR, NX, MX, TXT DNS records, both directions (depending on the signature)

This feature is mainly focused on post-infection stage of malware execution focused on sophisticated malware strains. For example, GuptiMiner uses DNS TXT payloads tunneled through valid SPF domains like spf.microsoft.com we weren't able to block/track in previous versions. This new feature also helps with cleaning the already infected system - the blocked process is immediately scanned by the engine/behavior shield and eventually deleted,quarantined,terminated,..

Those new detections are currently turned on only for particular malware families and they can be recognized by the dns:// prefix in block dialog, see attached screen.

Thnx, David.

[Nunzio77]

Does the improved web protection also apply to the free version?

Hi, yes it's included in both versions (the paid version contains an additional SecureDNS feature that can protect in a more generic way against DNS spoofing and DNS attacks). We have improved the DNS scanner and parser in Webshield component to detect/block multiple types of C2 communication via DNS traffic:
- Support for detecting C2 callbacks, data exfiltration and payload delivery through the TXT records
- Support for detecting DNS C2 tunneling through the malicious NS servers
- Scanner supports scanning of A, AAAA, PTR, NX, MX, TXT DNS records, both directions (depending on the signature)

This feature is mainly focused on post-infection stage of malware execution focused on sophisticated malware strains. For example, GuptiMiner uses DNS TXT payloads tunneled through valid SPF domains like spf.microsoft.com we weren't able to block/track in previous versions. This new feature also helps with cleaning the already infected system - the blocked process is immediately scanned by the engine/behavior shield and eventually deleted,quarantined,terminated,..

Those new detections are currently turned on only for particular malware families and they can be recognized by the dns:// prefix in block dialog, see attached screen.

Thnx, David.

Thanks a lot! 🙂