A month or two ago Avast detected a bunch of Win32:Evo Gen[Susp] false positives on my system, inside command line executables that I’ve had in some cases for years.
These false positives broke my software development environment briefly, and I went through the proper processes for reporting them, restoring them and adding them to my exclusions lists. All good, I was back in business.
Today I decided to clear out my Virus Chest and all the Exclusions lists of these false positives and see if the reports resulted in avoidance of the false positive detection. To my pleasant surprise I’m back in business without any exclusions whatsoever. Bravo, Avast, for refining your heuristics.
But YOUR unrefined heuristics caused ME extra work. Plus I don’t imagine many folks think of cleaning out their exclusion lists at a later time.
Could we have a setting that allows temporary / time-limited exclusion?
This is not fundamentally different from the concept of “Disable Shields for 10 minutes”, though I imagine the time frame for expiring exclusions could be in the time frame of days, or maybe “until next update”.
If I had to boil this down to a very specific request, maybe the most useful function would be “Exclude until next Avast update is installed”.
Sorry to disagree. When you disable the antivirus is (should be) due to performance reasons. Not security ones.
If you detect a malware you need to block it, a timed free passport to it will infect the system.
And, please, do not shout out (keep the letters on 12 pt, not bold)
All the detections that I allowed were false positives. The very fact that the very same programs are no longer detected by your software proves it. False positives are all your software EVER detects on my systems, because my first lines of defense are FAR more effective than downloading malware then relying on your anti-malware software to block it at the last instant.
Beyond that, did you see that I’m asking for a time limited exclusion, which would be FAR less likely to cause a long-term infection problem than a non-time-limited exclusion, which you already offer? You do realize that people do actually exclude things, right?
And I’m sorry, but your forum freely offers the ability to express things in a larger font. I’ll use it if I feel like it to summarize a request for those who might consider a long post like mine tl;dr.
Here’s a request for you in return: Please don’t post useless responses to legitimate requests.
Time limited or not, they are still exclusions and excluding something detected will eventually lead to an infected computer.
Follow the safe and proven method and report the detected item to avast!.
If it turns out to be a false positive, the exclusion usually happens by the next update.
This method has proven safe for all of us and should remain.
Did I not note that I reported everything to Avast in the first post? And waited a while? And found that Avast acted on the reports in the expected way?
It’s my observation that the comprehension of my original post has not been particularly high in this thread.
I’m not asking for the ability to immediately ignore Avast’s detection - in the contrary I’m asking that Avast offer the ability to time-out an EXCLUSION so that it will not remain in force forever.
What part of that seems at odds with “the exclusion usually happens by the next update”?
Do you folks honestly think it’s better to allow an exclusion to remain in force forever?
Thank you for your responses. But please, save your arguments for people posting things you’re actually AGAINST.
I’m puzzled ???
If you’re able to restore a file it’s because it’s no longer detected.
If it’s no longer detected, why would you want to restore the file and temp. exclude it ???
Perhaps it’s not clear the order in which things happen:
False positive is detected in a trusted tool.
Avast blocks the run of the tool and moves it to the Chest, stopping the user’s work.
User evaluates the detection carefully and determines it’s a false positive.
User ensures the false positive is reported and, because he needs to use the tool, chooses Restore and exclude.
Some time later Avast alters the software so that the false positive is no longer detected.
User has to remember to remove the exclusion in order to have Avast return to its most protective state.
It’s item 6 I’d like to see automated.
Is the misunderstanding here borne from there being some folks who live, eat, and breathe Avast maintenance, vs. others just wanting to get their work done? I’m truly at a loss to understand how anyone could argue against making the software more automatically protective.
Since a discussion with you is impossible, I’ll simply state that the safest solution
is to not exclude the program but report it to Avast as a false positive.
Allow them to determine if it is indeed a false positive or an actual infection.
I’ve been watching this thread with great interest.
To me, it’s a very interesting, creative, proposal for a useful feature.
Can’t quite understand why there’s so much opposition to it. Perhaps it comes from not ever writing a script or an .exe file where dealing with exclusions is a pain.
One mindset seems to be, “do without your mistakenly blocked program until Avast deems it safe”, with an implication that only Avast could possibly make the proper judgment.
Maybe that’s understandable if you assume that people only use their computers only for frivolous entertainment and don’t understand how their systems work… But not everyone fits that stereotype. Some use their computers for technical work and know exactly what they’re doing.
Clearly Avast has already provided the capability to EXCLUDE things so the product won’t leave users in a “can’t get there from here” situation. I’m not asking to make that less safe - quite the opposite!
I do have to say that on every product with “Heuristics” I’ve found it necessary to switch it off in order to prevent unnecessary false positives. “Unnecessary” false positives are when a virus-killer attacks a file which is still identical to the original on the CD, like my Lotus install.
I do expect that from time to time a definition will be… overly enthusiastic?.. but it doesn’t matter if the suspect file could potentially have been compromised, for example a download, or an automatic upgrade. Often these are very reasonable, but the file contains some iffy DNA.
But yes, a programmable time limit on exclusions is a good idea. Note “programmable”. I still do not dare let Avast anywhere near my hosts file, or its backups. I dunno what it’s looking at in there, unless it disapproves of the URL strings…
