avast! NetServer performance

[Yanto.Chiang]

Dear Avast Technical Team,

Today we tried out some features from avast! Netserver with ADNM push deployed and updated.
After we tried with www.eicar.org to test Malware download archive file either from HTTP or HTTPS, when we tried to download archive file from HTTPS avast didn't blocked this downloaded file but instead of HTTPS we found that avast! can blocked HTTP downloaded file.

We capture a screen shoot as for your information.

We are waiting to hear your update soon.


Regards,

[Yanto.Chiang]

second pic

[Yanto.Chiang]

3rd Pic

[Yanto.Chiang]

dashboard ADNM and avast Netserver

[igor]

... and the question is?
If you transfer data with HTTPS, the connection is encrypted - so of course avast! cannot scan the data.

[Yanto.Chiang]

Hi Igor,

Thanks for your prompt respond,

My question is why when we tried with avast! professional edition 4.8 to scan each downloaded data from www.eicar.org either thru HTTP or HTTPS can scan those zip file.

But it was different when we tried with ADNM & NetServer push client do download those file thru www.eicar.org, client could scan HTTP but didn't scan HTTPS.

Please kindly advice

Regards,

Yanto

[Yanto.Chiang]

Dear All,

Is there any update about my question?
Yesterday i had tried it again with visit to : www.gmailcom.com (This website contains trojan) used avast Netserver, but i didn't found that avast warning as like avast professional edition.

I had compared avast configuration between avast professional edition and avast Netserver, there is no any configuration changed.
Is there any mistaken or performance comparison between avast professional and avast Netserver client?


Please kindly advice

Regards,

Yanto
 

 

[wpn]

the net client standard doesnt make sound and as far as i know doesnt show the yellow notification. These blocks are send to the ADNM instead.

how you handle the notification there is entirely on how you setup the adnm i guess

if this is not what you look for then consider it not said

[igor]

I can't imagine how avast! could scan HTTPS in the Professional version... are you sure it wasn't detected on disk (by Standard Shield) instead?

As wpn suggested, please check the configuration of the client; the warnings may not be displayed if they are configured that way.

[Yanto.Chiang]

Dear WPN,

Thanks for your kindly advice 

But i had tried it with Netclient server with ADNM then downloaded from www.eicar.com thru HTTP, and there was sound notification such avast professional edition, but for HTTPS sometimes NetClient Server showed yellow notification at the below of left side screen and blocked downloaded file.
But after i tried it again, sometimes HTTPS allowed to download but not for HTTP.

I created new policy and sometime i use default resident task on "ON-accsess scaning tasks" menu, but still found a problem.
If there is mistaken on our configuration, is there any advice to create a configuration which is can block any download file (we can try with www.eicar.org as a standard test for antivirus)

Please kindly advice

Thanks

Yanto

[igor]

I have to repeat - avast! WebShield is not able to scan/block HTTPS downloads, no matter how you configure it, no matter if avast! Pro or NetClient.

So, if the file, downloaded through HTTPS, was indeed detected, it must have been stored on disk already (i.e. the detection must have come from the Standard Shield provider, not Web Shield) - and the file could have been detected either in the target location (where you selected the file to be downloaded to), or possible in browser's cache (if the browser decided to store the file in its cache).
You can see the exact location in the virus notifications (whether it's http://something or c:\...something).

You can check the configuration of the Standard Shield (what kinds of created/modified files should be scanned, possibly the setting of archives for the Standard Shield provider - though I suggest not to enable any real archives for Standard Shield).

[Yanto.Chiang]

Hi Igor,

Anyway, thanks for your kindly advice.

I tried your suggestion already with enable or disable Standard Shield feature, and found warning when downloaded from www.eicar.org  as your referenced.

I would like to know which features of Standard Shield can block the file such as www.eicar.org file?
Whether Scanner basic or advanced?

Please kindly advice.

Thanks
Yanto

[wpn]

no offense meant but:   what is the goal that you want to get to with these inquiries??  its unclear to me

summation of answers to questions so far:

1) netclient might notifies less obvious then the professional installation
2) files downloaded via HTTPS dont get blocked until they are actually downloaded, since it's a secure web connection you have to wait for the file to be downloaded
3) an infected file will only be noticed when you access the file, access the directory the file is in, or actively scan the harddisk for any virusses, if an infected file is downloaded via a secure tunnel (HTTPS) and its not accessed after downloading i can imagine that avast wont see it (tho a downloaded file would be downloaded in the temp directory and moved to the appointed directory making it bein accessed and thus found any way)

[Yanto.Chiang]

Hi WNP,

Thanks for your kindly advice anyway,

As Mr.Igor referenced to me and I had tried it his suggested, avast can ran as i need.
Then after i activate Standard Shield, when i download zip file thru HTTPS avast will allowed to download but not allowed to save the file or the file will be failed to downloaded.

What i mean for this inquiry is whether avast have this feature, because after i tried with some brands like kaspersky and NOD32 event they acknowledge have this feature but didn't worked properly. So it would be a value added point for avast for Indonesia markert.

Anyway, igor as my last question, which part of Standard Shield protection who can blocked zip file thru HTTPS?
Whether Scanner Basic or Advanced?

Please kindly advice

Regards,

Yanto