An attemt to explain what went on that Wed night (a follow-up on the FP issue)

[Winter_Nights]

Thank you very much for the explanation, Vlk.  
I will continue to use avast! as my antivirus program.

[maniac2003]

Thanks Vlk for explaining, luckily no harm was done here on 3 systems and my aunte had no problems either (notebook was off)
I'm glad you guys found out what caused it and take measures so that it never ever can happen again.
I will continue to use and spread Avast!

[bob3160]

Thanks for the detailed explanation Vlk.
Leave avast! Who, me
I don't think that's ever very likely to happen.

[Philo]

I for one will be staying with Avast!.

   As a person who works in a managerial position, I have an intimate understanding of processes and the repercussions of not following them. Unfortunately, people in these positions find that they more often than not end up "People-Proofing" the system, (what ever that system may be). Rarely is the fault in the process itself. More often than not its the "Human-Factor" I.E. the person/people who DID NOT follow said process.

   I, like many, was bit by this particular issue. However once the problem was properly understood, the fix was relatively easy. A simple roll-back to Tuesday and then manual updating of my system.

   However, I did learn an invaluable lesson, one that frankly I should have already known. That is, always check the simple stuff first.
 
   I was freaking out when a quick scan with the faulty update informed me of multiple win32 infections. I was doing boot-time scans, full scans w/archiving in safe mode, etc. Finally, I just walked away. The next day in school, I discussed the issue with several different professors. I received recommendations from "Wipe the whole drive and start over" to complex, in depth system fixes.

   The last professor I spoke with asked me, "Did you check your anti-virus providers Website to see if there's been any issue with the program?" LOL Duh......
   As humans are imperfect, so shall be the products of their labors. With that in mind I will continue to use Avast! and recommend it to all of my friends. I have been more satisfied with Avast! than any other Malware fighter I have ever used to date.

~Tuebor~
Philo
Loyal Avast! User

[Rednose]

Thank you for the explanation Vlk

It must be awful for you guys too, especially for the colleague this happened to

Greetz, Red.

[Tsimmes]

@Vlk,
Thanks for the explanation, I think it demonstrates yours and Avast's genuine concern for its users. It's appreciated and I will continue to use Avast. I was fortunate in that I use Acronis True Image to back up my computer every few days. After Avast launched a boot scan that I hadn't requested, my computer was still operable but many programs no longer worked and I could not restore numerous files from the chest. Rather than going through an arduous extraction process from the chest, I booted to my Acronis restore disc and restored a three day old image. I would recommend that every computer user own and use some form of imaging software.

[Tarq57]

< I would recommend that every computer user own and use some form of imaging software.

+1.
Having an awareness to investigate detections prior to blithely deleting them might be a pretty good way of going on, too.
[edit] Tsimes, that wasn't directed at you; more at "the world at large" who so often do this.

I am somewhat confused about Avast launching an un-commanded boot scan.
You are (at least) the second user to report this. I didn't know that it was possible.
My version prompted me to restart for a boot scan, an offer I was able to politely decline.

[Hermite15]

I would recommend that every computer user own and use some form of imaging software

it's already the case  just 99,99% of newbies on Windows don't know it 

[Omega40]

Many blessings to Vlk and the Avast! staff for their honesty and forthright in presenting this problem.
I am still here and will continue to do so.
<3

ps..I use Acronis. 

[Sesame]

Thank you for the detailed explanation, Vlk.  I guess I relatively had a good grasp on what was going on.

I think I was one of those who happened to be aware of the anomaly at the early stage.  However, I could do nothing since, without doubt, the only cure was the release of a fixed VPS.  The boards were pretty crowded at that time and sded had already posted the best temporary solution: disabling Standard Shield and waiting for the update, which happened to be what I had done to one of our PCs.  What I could have done was just to point out the thread but it was almost impossible to browse the boards, not to mention posting...

I think it's a good idea to ask evangelists for cooperation.  For even I could have made a phone call.

[igor]

I am somewhat confused about Avast launching an un-commanded boot scan.
You are (at least) the second user to report this. I didn't know that it was possible.

It's not - such a functionality isn't there... 

[Tarq57]

I thought not, igor, so somehow, maybe, someone has misinterpreted what happened, perhaps. Or inadvertently pressed the enter key in response to the prompt, perhaps.

[soundgrammar]

Hi

Not sure if this has been covered elsewhere, but having read Vlk's explanation, could someone give some more detail on how best to set up avast so that if a false positive does occur (human error or sod's law) the impact can be minimised and recovery is well managed.

Like most people, I'm no expert, so forgive the obvious questions - this is a wake up call for the sleep walkers...

So for instance, how best to set up avast so that:

1. automatic sending of doubtful files to the locker is manual rather than automatic. Mine is set this way, but I have no idea where the options are...
2. Taking updates at certain times rather than when unattended.
3. How best to set up the locker etc so that overfilling does not cause further worse problems
4. How to recover files vaulted due to false positive
5. Implications for safety with any of these options
6. some detection of a "flood" by avast could indicate a FP

This is not an exhaustive list, and I'm in no position to say these are the right set up options or questions - but maybe the experts can come up with the right questions to follow up.

And such info needs to be maintained as options for best practice (not one size fits all), clearly visible and maintained, not buried away with so much other good stuff in the deepest bowels of the forum.

Regards

[Hermite15]

@ soundgrammar: this is no help thread here 

[Lisandro]

1. automatic sending of doubtful files to the locker is manual rather than automatic. Mine is set this way, but I have no idea where the options are...

I've changed my mind. First I thought the user must be asked in any case. But I agree a lot of users will simply delete the files instead of sending them to Chest. Now I think files needed to boot, at least on Safe Mode, in any language, need to be preserved. How to do this? I don't know, just my wish. My fear is seeing avast sending a necessary file to boot to Chest. I can't recover it... neither in Safe Mode.

2. Taking updates at certain times rather than when unattended.

I don't think this helps. I would set automatic updates for engine and virus definitions. The correction also comes with a new virus definitions package. You can't "check" if the update is ok before applying it... it's not reasonable, nobody wants this, neither Alwil.

3. How best to set up the locker etc so that overfilling does not cause further worse problems

I don't mind to set the Chest for higher values than the defaults. But the defaults are enough for most situations.

4. How to recover files vaulted due to false positive

Restore then withing Chest (right click them).

5. Implications for safety with any of these options

If you update your virus definitions, they are correct and the false positive is corrected, you will restore a clean file to its place.
With avast4 you can scan file within Chest. With avast5 beta it's not working yet.

6. some detection of a "flood" by avast could indicate a FP

Can you elaborate?

Better will be start a new thread to discuss like Logon said.