Author Topic: Avast alert during boot and no ignore option available!  (Read 13156 times)

0 Members and 1 Guest are viewing this topic.

Mele20

  • Guest
Avast alert during boot and no ignore option available!
« on: April 10, 2010, 08:28:46 AM »
Yesterday, I installed Avast 5 on my XP Pro SP2 virtual machine running on VMWare Workstation 7.  I used the computer all evening, rebooted it once I think I recall. Then I shut it down. I booted it just now and DURING BOOT AS THE DESKTOP WAS LOADING Avast popped up and said it had detected a trojan. The file in question is an antivirus performance test file that almost all AV vendors alert on each test in the file. That is fine as it is a test of your antivirus program. What I don't understand though is why Avast alerted on it during boot. Nor do I understand why it says the PROCESS connected to the file is Procguard.exe. Procguard.exe is the GUI for  ProcessGuard. The file in question is located in my downloaded programs folder and has zero to do with ProcessGuard’s GUI. 

This is the first time I have ever seen an antivirus program alert to a file and a process at the same time. Here is an instance of why Avast should NOT have removed IGNORE!  The way I read the popup Avast wanted to move the file and THE PROCESS both to Quarantine! If I had allowed Avast to try to do that at best what would have happened would have been that I would have ended up with pgaccount.exe (ProcessGuard driver) running and no GUI which potentially could cause a major problem if PG alerted on something and I had no way to instruct it as to how to handle the alert! 

I had to close the Avast alert window via the upper right X to avoid a mess.  Then Avast alerted again immediately before I could turn off the real time scanner. It took four tries before I was fast enough to be able to turn off the real time scanner before another Avast alert.

An IGNORE option is ESSENTIAL. I CANNOT USE THIS OTHERWISE EXCELLENT PROGRAM WITHOUT AN IGNORE OPTION.  I also need a setting to IGNORE  infections inside archives. Default there should be, like any detection, NOTIFY ME and temporarily block access until I make a choice regarding what I want Avast to do and ignore should be one of the options. I certainly don't want Avast trying to clean what it thinks is a virus in an archive when it really is an FP as trying to clean in an archive will usually fail and destroy the archive.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast alert during boot and no ignore option available!
« Reply #1 on: April 10, 2010, 08:43:11 AM »
There is an Ignore command, and it is called "Block" (in the dropdown list).
All the Block command does is prevent the file from executing. No action is (physically) performed on the on-disk file.

BTW the "Process" field tells you which process accessed the file, triggering the scan (remember we're talking about an "on-access" scanner). If it was the GUI part of ProcessGuard, most likely ProcessGuard was just trying to prefetch some icons from a list of applications or something like that, opening and reading the file and thus triggering the scan.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Mele20

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #2 on: April 10, 2010, 10:02:12 AM »
Ah...come on! There has been a lot of discussion on this board about removing Ignore option in ver 5. You know as well as I do that Ignore is NOT the same as Block.

I need an Ignore choice. Simple as that. I uninstalled Avast and when asked for feedback I said it was because you removed Ignore from version 5. I said I was going back to Avira 9 if I can find a download for it because (warts and all) Avira has an ignore choice. I still have Avira 8 on my host XP Pro machine and I have used ignore a lot over the 3 plus years I have had Avira.

I cannot fathom why procguard.exe would be looking at that file. Avira, and all but one Vendor at VT, detect that file (38 vendors detect it). I have had Avira, McAfee Enterprise (I used to beta test for them) and several other AV on that machine (it is a test machine) and procguard.exe has never before accessed that file during boot. This is the first time I have had Avast on a machine that runs ProcessGuard and I was wondering if they would get along.

You ignored my other question (about actions when a virus is found in an archive) which relates to the same subject: can Avast users actually configure Avast as they want it? The answer for ver 5 is NO.  It is a sad situation today in that most AV vendors now ignore the needs of "power" users. Maybe the solution would be two versions - one for average users and one for power users.


ArminPasalic!

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #3 on: April 10, 2010, 10:08:26 AM »
Avira 10 is out. And it is Sh*t! I watched a Review. The guy got infected and got Blue Screen at third Link.. Not Nice Avira.

Mele20

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #4 on: April 10, 2010, 10:42:39 AM »
I didn't say I was going to install Avira 10. Heck, I just UNinstalled Avira 10 beta Suite to install Avast. I was a beta tester for Avira for three years. I know 10 has a lot of problems. I really like Avast 5 except for this configuration problem which is a big thing to me.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast alert during boot and no ignore option available!
« Reply #5 on: April 10, 2010, 01:47:15 PM »
Ah...come on! There has been a lot of discussion on this board about removing Ignore option in ver 5. You know as well as I do that Ignore is NOT the same as Block.

I need an Ignore choice. Simple as that. I uninstalled Avast and when asked for feedback I said it was because you removed Ignore from version 5.

This is simply not true.
No functionality was removed from avast 5 with respect to this.
The only change that took place was that the option IGNORE in v4.8 was RENAMED to BLOCK.

There was no real "Ignore" option in v4.x (meaning that avast would allow you to execute a file that it thinks is infected), and there is none in v5.

I said I was going back to Avira 9 if I can find a download for it because (warts and all) Avira has an ignore choice. I still have Avira 8 on my host XP Pro machine and I have used ignore a lot over the 3 plus years I have had Avira.

In case avast, real Ignore is accomplished by adding to the exclusion list (of course, with the possibility of infecting your system unless used with caution).

You ignored my other question (about actions when a virus is found in an archive) which relates to the same subject:

There's no difference between ordinary and archived files. If you have avast set to Ask, you can choose any action you want (or no action by means of the  BLOCK button).

can Avast users actually configure Avast as they want it? The answer for ver 5 is NO.  It is a sad situation today in that most AV vendors now ignore the needs of "power" users. Maybe the solution would be two versions - one for average users and one for power users.

I'm still confused - what exactly is the feature you need, and is missing from avast?

Vlk
If at first you don't succeed, then skydiving's not for you.

Mele20

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #6 on: April 10, 2010, 04:18:01 PM »
It appears that I misunderstood ignore in 4.8. I only used 4.8 briefly a year or so ago. Briefly because I couldn't get used to the GUI. So, I was going on the discussions here about ignore in 4.8 vs block in 5. Maybe I misunderstood posts I read here about the issue.

In Avira ignore means ignore. You can execute the file. That is how it should be. It is my computer not Avast's. If I want to execute a file Avast has no business stopping me if I choose ignore. If I choose block then Avast blocks me from accessing that file.  I know I could disable Avast real time protection while I access the file and Avast does have a quite superior (compared to Avira) method of disabling a shield as you have several choices. With Avira you have to remember that you disabled Guard as there is no reminder...no disabling for x number of minutes only. I like how Avast has disabling shields set up. Still though, I want an ignore option. But if ignore was never there in the first place in any version of Avast well it is unrealistic to think it would be in this version.

As for archives, there are those choices at the bottom of the Actions screen. I must be confused by how those are presented because it seemed to me that archives were a special case and handled differently from other detections.  What you are saying is that those options at the bottom, regarding whether to try cleaning the virus in the archive and leaving the rest of the archive intact, or deleting the entire archive if malware is detected, etc. doesn't occur unless you first choose an action such as "clean" correct? I misread that entirely I think. 

petusalem

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #7 on: April 10, 2010, 04:29:18 PM »
Ignore versus block. Huge difference for me. Ignore means let it go and block just blocks it. :)


Mele20

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #8 on: April 11, 2010, 09:48:51 AM »
Ignore versus block. Huge difference for me. Ignore means let it go and block just blocks it. :)

It bothers me considerably that apparently Avast does NOT know the difference between "ignore" and "block" since in 4.8 the word "ignore" was used but it actually was not ignore but block. There are problems, of course, in translation but it seems to me that at some point in 4.8 labeling "block" incorrectly as "ignore" would have been addressed and properly fixed by Avast. Sloppy to not fix it until ver 5.

There is a huge difference between "block" and "ignore". Ignore means that Avast should act as though it never noticed the file and never thought it was malware. Block means Avast blocks access to the file. I can't fathom how Avast could have thought the two words meant the same thing and only realized they didn't in version 5? This just makes me wonder what else in Avast is sloppy and incorrect?   

Ignore in the AV world generally means ignore until reboot of the computer but some AV have an option to "ignore always".  Avira 10 has this option (before version 10 the option was simply "ignore"). Avira is almost as bad as Avast in that "ignore always" in ver 10 does NOT mean ignore always. Rather, it means what it has meant in past versions (ignore until reboot), but someone didn't proofread the English version very well and added "always" to the standard ignore option. This is causing lots of confusion in the Avira forum.




Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Avast alert during boot and no ignore option available!
« Reply #9 on: April 11, 2010, 10:03:49 AM »
This just makes me wonder... why you waste so much of your time writing here ;)

It's interesting that I don't remember anybody (of that 100 millions of users) ever having complained about version 4 blocking access to the file for the "Ignore" action. Now, when it's renamed - but behaves the same, it's suddenly a problem.
« Last Edit: April 11, 2010, 10:07:12 AM by igor »

Mele20

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #10 on: April 11, 2010, 03:35:04 PM »
I "waste" my time because an antivirus program is arguably the most important piece of software I will ever install on my computer. It damn well better be what it claims to be. Time was when I was a trusting person when it came to AV vendors and their products. Funny thing was though, that was not smart of me. One of the worst offenders was Kaspersky with the chkdsk fiasco and their blatant lying. We users at my home security forum taught them a bitter lesson in how important TRUST and ethics are in the AV vendor world (or any business for that matter but particularly true in the AV business where trust is everything). They have never recovered from what we exposed in our famous thread. I am currently wondering if I have some weird penchant for attaching myself to dishonest AV vendors...not speaking of Avast here...but thinking of Avira and what I just learned and had confirmed about them. Their house is burning and they are asleep.  

It is sort of a red herring to go on about how no one complained about the wrong wording in Avast 4.8...but it is interesting.  I would have complained but as I said I couldn't stand the GUI (although Winamp is my SOLE media player) so I didn't have Avast 4.8 long enough to notice that either you used the wrong word when describing Avast's action and were actually describing a different action or that, if I took the word at face value, then obviously there was a bug.  Maybe other AV vendors have problems with English also and also misname block as ignore and maybe users who came from those AV expected the same bad use of English with Avast.

I'll let you in on a little "secret". ;) I won't be "wasting" much time here this coming week as I have something majo this upcoming week that will take most of my time. :D
« Last Edit: April 11, 2010, 03:38:56 PM by Mele20 »

fphall

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #11 on: April 11, 2010, 03:40:40 PM »
Ignore versus block. Huge difference for me. Ignore means let it go and block just blocks it. :)

 

There is a huge difference between "block" and "ignore". Ignore means that Avast should act as though it never noticed the file and never thought it was malware. Block means Avast blocks access to the file.



Exactly! Words mean things...  now that they have correctly named the Block function they need to add an "ignore" function to the choices.



Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Avast alert during boot and no ignore option available!
« Reply #12 on: April 11, 2010, 03:46:51 PM »
And than you can wait for infected users who were used to 4.8 and will blame Alwil for it :-\

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

fphall

  • Guest
Re: Avast alert during boot and no ignore option available!
« Reply #13 on: April 11, 2010, 04:01:28 PM »
And than you can wait for infected users who were used to 4.8 and will blame Alwil for it :-\

Greetz, Red.

Well call it something else then... like "Allow", or "Allow to run".

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast alert during boot and no ignore option available!
« Reply #14 on: April 11, 2010, 04:20:13 PM »
Alwil software long ago took the decision they wouldn't have a single click option that allowed a user to run what it considered an infected file and if the user wanted to allow a file to run then they manually added it to the exclusions to achieve that.

This way there is no likelihood of someone accidentally selecting an option/button that would allow a virus to run. They are looking after the many users that aren't as competent and confident in what they are doing and why the default actions air on the side of safety.

In 4.8 there were many people who when the alert required a user input, many choose delete and that had some consequences if this were a false positive.

So there really had to be a way to protect some users by having an automated option that chose the least damaging option move to the chest. Many of us who didn't like that either because there was no way to recover a file from the chest (in safe mode) if you couldn't boot into normal windows mode. That omission has been corrected in a program update to be released soon.

There are far more inexperienced users than experts in the 100 million plus avast users, so they have to cater for the majority, experts are more than capable of looking after themselves and adding a file to the exclusions if required.

More importantly if they know something is a false positive they are also capable of confirming that (virustotal), submitting the file to avast for analysis and correction of the detection, which helps all avast users than simply excluding a file that helps only one person.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security