So once I install Avast, I no longer have full control over my own property. I did not grant Avast ownerership of my computing platform. Users should always retain control over their own property. It is inappropriate for Avast to omit an option for a positive/passive action, like Ignore Once or Ignore Always (and add as an exclusion), and instead only provide negative/agressive actions (Move to Chest, Block, Delete).
However, that requires users remember or record every malware prompt issued by Avast whether bogus (false positive) or not. I use my computer for real tasks. Security is something that operates in the background but should not interfere with my use of my property or my workflow. Security is, at best, a nuisance you elect to incorporate. If Avast is going to block something despite my choice, it should provide a list of those actions so I can undo them. Yes, the log does permit choices under the Action column but go look at those actions available: Repair (that changes the file, not remove the block), Move to Chest (again removes access, not restore it), Delete (not appropriate if I’m trying to get Avast to ignore what it wants to do), and Do Nothing (does that actually remove the block - only to have Avast complain again later - or does it do nothing?). I’m not sure users instinctively know to go look at a log to perform other actions on what the log reports.
Also, seeing that Avast did something in the past is not the same as me preventing Avast from doing it now or again later. If Avast chose or was told to put something in quarantine, to delete (if not a permanent delete which, if it is permanent, should be informed to the user), or block something then there should remain choices available to the user to make a different decision - other than having to disable or uninstall Avast. It’s my property, not Avast’s. Telling me about suspect files or behavior and helping me to thwart them if I choose is not the same as being so aggressive as to yank control away from my property or what is on it.
If Avast, as it is now, blocks access to a file then there should be some means of removing that block - and also of finding out that Avast is blocking access. If I had not been present when the alert dialog had been X’ed close or someone made the limited choice available in that dialog or I had X’ed the dialog or made a choice (but was busy with real work), the users has nothing inside of Avast to see what action it took and to make a different choice. The log is not useful for determining on what Avast is blocking or why. There could be dozens of entries for the same file but obviously Avast is only blocking access on the one file. You can’t go anywhere in Avast to see on what it is blocking access. One workaround is to go look at the log, manually type out the entry (because Avast won’t let you copy it from the log), and then go define exclusions. Yeah, like I want to spend all that time on a security product that performs none of my real work (i.e., it is outside any workflow for why I have a computer). You cannot right-click on a log entry to quickly and easily select an undo or alternate action but instead have to scroll rightward to the Actions column. Another workaround is to disable or uninstall Avast when you need access to the file but obviously that removes all protection other than just the file to which you wanted access. Defining exclusions works if you are willing to interrupt your work so that you know on what you want to exclude. Finding out later that access is denied and to override it is a laborious, manual, and error prone task in Avast, especially considering how poorly designed is the dialog for defining exclusions (you can’t navigate to a file but only to folders and the wildcarding can be incorrect, so the browser dialog is only useful for getting an initial string that you still have to manually edit).
By the way, for when Avast alerted on the suspect .exe file and blocked it when I X’ed the dialog (which [should] not logically be equated as making a selection from the Action drop-down list), the log shows the action performed was “Moved to chest” when that is NOT what happened. The file was never moved to the chest. The chest is empty, so I can’t even go there to restore the file (its access) from the chest. It’s blocked but not in the chest so I can’t unblock it - until I separately define an exclusion which requires manually copying something from the log unless, of course, I interrupt my real work to record alerts from Avast but, again, that’s me manually copying down on what it alerted. The Action column in the log is NOT what action was performed for the alert. It shows a list of actions you can perform now but none of which is to remove the block. It is a poor substitute for a right-click context menu for log entries but doesn’t let you unblock anything or even copy the File Name field so you can paste it into an exclusion.
Apparently blocking and moving to chest are separate and distinct actions. If the file had been moved to the chest, I could’ve restored [access to] it. The file wasn’t there. So Avast blocked access to the file but doesn’t give me a list where I can choose to unblock it (or to even know later what has been blocked by Avast). Blocking is blind because YOU have to remember from the popups what to unblock with an exclusion. Since Avast shows what it moved to its quarantine chest, there’s no reason why it should hide on what it is currently blocking. Not everyone has the luxury of interrupting their work to spend the time to address an alert on what might be a problem. Sorry, but in my world, security does NOT get priority over other tasks. If I was in the process of welding together, say, the frame for a flat bed trailer, I could care less that the postman came by to drop off some letter in the mailbox. Security doesn’t get priority over real work. If it did, you’d never get your work done. You’d be spending all your time on securing your host and so throttling it that you couldn’t use your computer for anything else.
Then it is a hazardous “feature”. If I choose to exclude a file, that’s the only file in its current state that I want to exclude. Obviously a process that replaces or modifies the file will result in a different file than I chose to exclude. Similarly, if I specify a folder to exclude (something almost always needed for Nirsoft despite those are programs that I chose to install or deposit on my host), any process whether good or bad can deposit files in that folder and be excluded from inspection by Avast. Alas, this is how exclusion works under many if not most security programs. It’s a huge gaping hole in the security program. Any malware deposited over the file or in the folder is free to do whatever it wants.
When excluding files or folders in Avast, I’ll have to find some other means of protecting the excluded files and folders since Avast isn’t going to do that job. Using hash rules in software restriction policy (SRP) rules might be doable but also laborious.
Thanks, Igor, for your help. To clarify, the above are complaints with the product, not with you.