Someone is confused here...
"Ignore" is there, it's just called "No action" or "Block".
Why couldn't you configure on-demand scanner differently than on-access one? Sure you can...
first, there's no confusion on my side, you're confused about my interpretation: although the interface itself would be somewhat confusing due to an improper wording, it's not anymore once you've tested it with an Eicar file and seen what it does. To put it simply, the "ignore" command doesn't exist at all. Don't tell me how it was in V4, I have no idea anymore, I tested it once or twice ages ago with Eicar had one FP two years ago so...and no infection in the meantime.
This said, you cannot assimilate "no action" to "ignore" or "block" to "no action" because this wording doesn't make any sense...not in "real" languages anyway
Also, "no action" for manual scans gives you the option in the result panel to "do nothing" if you want, when "no action" when set in file system shield will block files automatically, so there's a major behavior difference. Give it a try
Again, what's needed is a "real" ignore option, that as VLK suggested yesterday, could be called an "add to exclusion list" and avoid the pain of having to restore hundreds of FPs (from Chest, when it works...) in the case of an incident like yesterday. You seem to be very unwilling to add this "real ignore option" from the beginning of the beta testing, referring to dangerous fast clicks for noobs, sorry but we're running our own computers and I do not accept to be left with the choice between, sending to chest, block or delete. In the end the data is mine, and I wanna do what I want with it, especially when it can instantly save my system from being crippled with 10000 FPs... once numerous FPs are in Chest, restoring (again, when it works...) won't necessarily work, especially with systems files...>>> system lockups...reboot... system lockups again etc...etc...I'd rather avoid my system to break than having to attempt a repair through avast Chest sorry...
It's been suggested to many yesterday to wait...no panic...wait and wait...attempt to restore from Chest...you must be kidding My system wasn't affected I got luck, but if it had happened, you seriously think I would have trusted a system composed with thousands of files restored from the Chest I would have attempted a sys restore, and if not good enough or fail, reinstalled Windows + programs in no time and waited for the update correction before reinstalling avast. I would have lost two hours, not a minute more. Better than wasting the whole day looking for solutions on the forum.
You know, unfortunately, a majority of the users who logged in to complain yesterday were people who don't have a freaking clue about how to run a computer. For many of them Windows was just broken (really broken) and they will have to pay someone to reinstall their OS. You'll be surprised: I won''t blame Avast for this. these guys must understand that buying a PC is not buying a TV...I guess they'll never make...this difference. Many of them just didn't catch that an FP slaughter was going on, and instead of dealing accordingly, they launched a full scan with Avast, or worse, a bootscan So may be you can help them, may be you can't, but in all case leave to those who know what a computer is the option to decide what to do when something's detected >>>> IGNORE OPTION... again, thanks.
adding: a useless alternative to "send to chest" is this non-sense called "no action" blocking files for real time shields. How the hell do you unblock files then...again, the option doesn't exist...other then adding the whole system in the exclusion list may be... also, did you notice that once a file is sent to Chest, after a manual scan, it's just sent to Chest, but when it is by a real time shield, it leaves a zero byte file in the original location? why is that?
THANK YOU! I agree with every word in your post. You have explained it much better than I did.
I have an old, harmless file detected by both Avast and Avira (about 30% of scanners at VirusTotal detect it) as VBS.malware.gen. I use it like I would Eicar for testing purposes with the scanners that do detect it. With Avast 5, if I right click scan it with the on demand scanner, I get options with "do nothing" as one of them. So, that is acceptable.
The real time scanner is the problem. If I try to open this same file, the real time scanner pops up and states that "Avast has blocked a file. No further action is necessary". I have the File System Shield configured as Actions/Virus/No Action. Please explain to me how "BLOCK" is "No Action". "Block" is an action! I don't want the file blocked. I want, in this case, for the scanner to IGNORE it. To make matters worse, after BLOCKING access to this file (even though I have No Action chosen), Avast tells me "No further action is necessary". Well, heck, OF COURSE further action is necessary since I want the Shield to ignore the file so I can access it! I don't want to put it in exclusions. I want an IGNORE button! Ignore button could be temporary. With Avira ignore is just for while you are right there. If you leave the area and do something else and then come back to where the file is located Avira will alert again (this confuses newbies and average users and I must have answered dozens and dozens of posts about it their forum over the years). So, ignore doesn't have to be forever. I don't care if it is, or is only for a short while, but I want the OPTION of IGNORE ...at least for the time being.
When this current mess occured, I had File Shield configured on Actions to First "Ask" and if that failed then Second "Take No Action". So, Avast rebooted with the bad definitions and beta 3 and immediately flagged HostsMan as a virus. OBVIOUSLY, ANYONE would know that was a False Positive. I had just started that computer after 4 days of no use. Avast did not object to HostsMan when I started the computer. I immediately did an an update of Avast which got me a program update to beta 3 and the bad definitions and Avast asked to reboot the computer. I allowed that and bam! HostsMan is now a trojan?! Well, of course, not! It had to be a FP. Yes, there was the slight possibility that Avast had not had a definition or heuristics to determine until now that HostsMan had a trojan but that was a very slight possibility and it was EXTREMELY likely that there was false detection of HostsMan.
So, I get a popup Asking what to do and I am given three options: move to chest, delete, or block! NONE of those, in this circumstance, was acceptable. Block is NOT ignore! Block would have kept HostsMan from running! That was UNACCEPTABLE. So, my choices were: Lose my hosts file or disable Avast both of which were unacceptable! Do you finally understand? Block is NOT ignore! I need IGNORE.
Avast has the same shortcoming that I and many others have complained about for years with Avira. I might be persuaded to use Exclusions in lieu of a missing Ignore button but Avast, like Avira, doesn't make that easy. Why is there no box on the "Ask" popup for me to check to have that file AUTOMATICALLY excluded? Avira's excuse is that the naive users might be harmed by such an option. Ugh. Make it slightly hidden then with a further click and a warning before one can check the box to automatically exclude the file.
As an aside, I NEVER put anything in quarantine. Why? Because many times antivirus applications screw up when restoring files. I had Avira recently put the files in MyPrivate Folder in quarantine. I had been helping someone in the forum and had changed my settings while helping them troubleshoot and I ran a rootkit scan with the altered settings forgetting I hadn't changed them back as I usually have them. So, all those files ended up in quarantine as an automatic action (which is what the user needing help had the setting at). When I went to restore them they restored as corrupted. Avira is not the first antivirus I have had that has messed up at sometime with restore from quarantine so I don't use it. I want BOTH IGNORE AND BLOCK OPTIONS. I will choose block for anything I am unsure about and then will submit to VirusTotal/Jotti/etc and to the vendor. For something I know is not a virus/malware (like the VBS file or HostsMan) I will choose ignore so that I can USE the program!
Please give us an ignore button in ver 5. I would like to continue using Avast on at least one computer. I was impressed today when I read the blog and the lengthy explanation in the forum about the details of how this huge mess happened and why. I very much appreciate any vendor who is open and honest about mistakes and who pledges to keep the customers fully informed as to what actions are taken to prevent such problems in the future. But I still have to have an ignore button!