Author Topic: Why is ImgBurn treated as a suspicious program?  (Read 7296 times)

0 Members and 1 Guest are viewing this topic.

Offline Anacunga

  • Sr. Member
  • ****
  • Posts: 252
Re: Why is ImgBurn treated as a suspicious program?
« Reply #15 on: May 09, 2012, 12:29:38 PM »
There is a big potential problem with false positives with a non-malicious main purpuse if they need to be excluded manually: they get a free-pass for almost anything - opening a door for real malicious stuff (coming as a parasite). So I consider it as VERY IMPORTANT that AVAST is taking these problems serious.

And please consider: for the same reason it is important that PUPs are not treated the same way as real malware. Using something like Nir Sofer's password recovery tools sometimes is not only necessary, but also allowed if the legitimate user needs them to recover his own lost passwords. Blocking them by default settings is one thing - but if you would need to manually disable protection (just to use them) they could be infected by malicous other stuff and could do harm. And that has to be avoided.

Offline AntiVirusASeT

  • Poster
  • *
  • Posts: 464
Re: Why is ImgBurn treated as a suspicious program?
« Reply #16 on: May 09, 2012, 05:37:33 PM »
exclusions in autosandbox is safe as long as the program ur excluding is 100% safe.

any malware trying to use a well known process/safe application within windows will still be monitored by all shields including autosandbox (which is dependent on file system, behaviour, web shield for its analysis) as it is a separate executable from the excluded executable.

note that PUP is not enabled by default in all shields. yes PUPs can be used for both good and bad intentions.
there is absolutely no need to disable any protection. just uncheck PUP for all shields.

any malicious program trying to inject stuff or whatever into PUPs or common safe programs in windows will be monitored 1st by avast. so avast will be able to offer maximum protection no matter if u exclude PUPs detection or exclude programs from being sandboxed.