Author Topic: Avast Virus Chest & Real Time Shiled File exclusion  (Read 10228 times)

0 Members and 1 Guest are viewing this topic.

Frank Bullitt

  • Guest
Avast Virus Chest & Real Time Shiled File exclusion
« on: November 19, 2011, 08:37:18 AM »
Hello everyone,

First of all I would like to say that I'm a brand new user of Avast (two days old), and this is my first visit to the forum.  I'm glad to be here.

I would appreciate your help with the following two things:

1. Last night's scan, revealed some files that Avast characterized as viruses/suspect files, and as a result during the scan it placed them inside the Virus Chest.  Fine up to here.  I wanted to restore some of them back to their original position, so I right-clicked them from inside the Chest, and chose the "Restore" option.

The files were restored (I checked), but I still see them inside the Virus Chest.  Is this normal for Avast, i.e., after you restore files from the Chest, to still see them inside the Chest?

2.One of these files, when restored, it was picked up by SAS (with real time protection) as suspect.  So SAS, places it in Quarantine. Fine.  I go to SAS Quarantine options, try to restore it (fine, so it does), but then Avast Real time Shield comes and places it again in the Virus Chest. So, I'm in a kind of a loop here.

Despite the fact that in the Avast Options, (both for On-demand & Real time) I have excluded the specific file, Avast does not let me restore the file, i.e., when placed out of the quarantine from SAS, it picks it up again.  Is there a way to make Avast leave this file alone?


I would really appreciate your help with these two issues please.  Thank you very much in advance guys.

All the best,

Frank.
« Last Edit: November 19, 2011, 08:40:53 AM by Frank Bullitt »

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6365
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #1 on: November 19, 2011, 09:00:34 AM »
Hello everyone,

First of all I would like to say that I'm a brand new user of Avast (two days old), and this is my first visit to the forum.  I'm glad to be here.

I would appreciate your help with the following two things:

1. Last night's scan, revealed some files that Avast characterized as viruses/suspect files, and as a result during the scan it placed them inside the Virus Chest.  Fine up to here.  I wanted to restore some of them back to their original position, so I right-clicked them from inside the Chest, and chose the "Restore" option.

The files were restored (I checked), but I still see them inside the Virus Chest.  Is this normal for Avast, i.e., after you restore files from the Chest, to still see them inside the Chest?

2.One of these files, when restored, it was picked up by SAS (with real time protection) as suspect.  So SAS, places it in Quarantine. Fine.  I go to SAS Quarantine options, try to restore it (fine, so it does), but then Avast Real time Shield comes and places it again in the Virus Chest. So, I'm in a kind of a loop here.

Despite the fact that in the Avast Options, (both for On-demand & Real time) I have excluded the specific file, Avast does not let me restore the file, i.e., when placed out of the quarantine from SAS, it picks it up again.  Is there a way to make Avast leave this file alone?


I would really appreciate your help with these two issues please.  Thank you very much in advance guys.

All the best,

Frank.
Hello and welcome to the forum  :)

1. Yes, it's normal.
2. Do you have excluded the correct file? Please check it again!

You also should check the suspected file here: www.virustotal.com

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6365
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #2 on: November 19, 2011, 09:07:00 AM »
You could also use the option "Submit to virus lab..." in the Virus Chest by right-clicking the suspect file to let the avast! team check if it's a false positive.

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

Frank Bullitt

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #3 on: November 19, 2011, 09:16:19 AM »
Thanks for the reply DJBone.

For #1 you are clear.

For #2, yes I have excluded the right file.  Maybe to exclude a file, from real-time shield (and/or on demand scanning), I have to first disable the Avast! protection.

I just did, and the file this time was NOT picked up from Avast when restoring back from SAS. So, it sits now in the original folder.

Is this the normal procedure?

Thanks once more for your help.

Frank.

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6365
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #4 on: November 19, 2011, 09:23:41 AM »
You're welcome.

Is this the normal procedure?

Thanks once more for your help.

Frank.
Yes, it could sometimes happen. Do you have checked the file at www.virustotal.com ?

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

true indian

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #5 on: November 19, 2011, 10:53:41 AM »
why not place the file in file system shield exclusions...

avast UI>>>
real-time shieds>>>
file-system shield>>>
expert settings>>>
exclusions>>>
add the file>>>

ady4um

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #6 on: November 19, 2011, 12:43:33 PM »
@Frank Bullitt,

It is not clear enough where EXACTLY you added those exclusions / exceptions.

Did you add the specific file or the folder?

The general settings is for one type of exclusions. EACH shield has its exclusions.

So, depending on which shield is catching the "bad guy", you should add the exclusion / exception accordingly.

Avast should NOT be paused / disabled for this action to take place. You are opening a security hole.

Besides the technical answers, I wonder why you would want to restore a file that is suspicious before comfirming first if it is a false positive.

Frank Bullitt

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #7 on: November 19, 2011, 12:47:21 PM »
@ DJBone: Thanks mate. No, I haven't.

@True Indian: It's what I did in the first place. But with no results.  Once I disabled Avast, and followed the same procedure, and then enable it back on, I had the required results.

Now Avast leaves the file alone, in its original position (since I asked it to exclude it).

So it looks the trick is to able/disable Avast.  At least for this file. For other files, the procedure works without disabling first Avast.  That's a bit odd, isn't it?

Thanks a lot,

Frank.

Frank Bullitt

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #8 on: November 19, 2011, 12:53:37 PM »
@ady4um:

The exclusion took place at both General Settings and the Real-Time Shield/File System Shield/Expert Settings.  The whole folder was excluded.  How could I have excluded only the file since I couldn't see it.

I want to exclude this file. Is as simple as that mate. No need to wonder about it.

Thanks a lot,

Frank.

PS. Sorry for the bump. ady4um hadn't posted yet when I was typing my previous answer.
« Last Edit: November 19, 2011, 12:58:03 PM by Frank Bullitt »

ady4um

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #9 on: November 19, 2011, 01:10:28 PM »
About the exclusion, you can type whatever you want, no need to select a file in current existance. So it is still possible.

I wasn't clear enough. What specific shield was detecting the "problem"? In theory, that's the shield where you need to add the exclusion to.

Good luck.

Frank Bullitt

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #10 on: November 19, 2011, 01:20:42 PM »
@ady4um:

Thanks for the reply.  How can I see which Shield is detecting the issue?  For example at the File System Shield currently the notification stands at:

Files Scanned/ Infected: 1595/0.

If I remember correctly, before successful exclusion took place, the score was 1595/1.  I therefore assumed that it was the File System Shield detecting the issue, since on top of that, the Behavioral Shield was at "0 infected".  All other shields, were not relevant.

I therefore added the file, to the File System  Shield Exclusion Zone.  So adding the detected suspect file to an exclusion, alters the respective Shield notification as well?

Cheers,

Frank.
« Last Edit: November 19, 2011, 01:23:05 PM by Frank Bullitt »

ady4um

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #11 on: November 19, 2011, 01:30:37 PM »
Well, you are not willing to post any additional info about the suspect so how can I tell you specifics?

Avast has logs. In the chest you can re-scan the file and read at least part of the message.

If indeed the File System Shield is the (only) one detecting this suspect, and I would be interested in excluding it, I would add the exclusion there, as you said you did.

But the file may be trying to communicate, or trying to "activate" something else. So maybe the Network Shield is in place too.

You should post the specific information in the "Viruses and Worms" subforum.

ady4um

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #12 on: November 19, 2011, 01:34:19 PM »
BTW, if you were willing to post more info, like the exact code you added to the exclusions, then maybe we would be able to give you a specific answer.

It is "rare" (at least to me) to request free help from pear users but refuse to add simple info (like the VT reports). Well, probably that's just me.

hg3

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #13 on: November 20, 2011, 02:17:43 PM »
I performed a scan last night and I also had Avast place files it categorized as corrupt into the chest. This morning my PC will only perform a repeat boot from the blue screen. How do I restore my files? :(

true indian

  • Guest
Re: Avast Virus Chest & Real Time Shiled File exclusion
« Reply #14 on: November 20, 2011, 04:38:38 PM »
    Create a Windows 7/Vista System Repair Disc
     
    Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.
     
    • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:
       
      Quote
      recdisc.exe

    • Allow the UAC(User Account Control) prompt via selecting Yes.
    • You should now see a menu like the below:-


     
    • Put a blank rewritable  CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
    • Note: If a AutoPlay window pops up, just close it.
    • When the SRD has been created you will see the below:-


     
    • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
    • You now have a Windows 7/Vista System Repair Disc.
    .
    Reboot the computer and start from the CD



    When you reboot you will  see this although yours will say windows 7. Click repair my computer

     
    Select your operating system

     
    Select Startup Repair

     
    • Once finished type Exit
    « Last Edit: November 20, 2011, 04:45:13 PM by true indian »