Hi all , Ive been using Avast free for quite a few years now and am very pleased with it, however i have a question which i hope someone can answer. im using Windows XP 32 bit service pack 3 and have Avast 8 .0.1483 installed and fully updated, i have just scanned a file i downloaded and Avast said there was “no threat found” However when i uploaded the same file to …Virustotal …and checked it ,it said that Avast amongst others reported that there was a Trojan in the file.
I`m a little confused as both my and Virustotals defintion updates are exactly the same .
Any idea what the cause of the discrepancy could be ?
Ive just scanned the file on Virustotal again and its given me this result , and yet when i scan the file with Avast on my computer it says “No threat found”.
I definitely wont run the file but id like to know why when i scan the file it shows no threat , i find this very misleading .
Well the magic part is PUP and by default PUPs (Potentially Unwanted Programs) aren’t scanned for on on-demand scans, which is why it wasn’t found. The virustotal scan is setup differently were it does scan for PUPs.
– PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
Not all antivirus programs scan for PUPs and avast has it turned off by default (an exception being the boot-time scan). So if you get this you have been tweaking the avast settings without knowing what the impact might be.
Why did you download this file and where from ?
The web shield I believe is another exception and that should scan for PUPs
Thank you for your prompt replies they are much appreciated .
Someone i know sent me the file as a RAR file , i wasnt expecting it and so i thought it was very suspicious , ive since emailed him and he denies sending it so its now been deleted for good .
The information youve provided is very interesting ,so should my sensitivity settings be the same as shown in the screenshot you posted? , My settings for the Web shield settings show the Heuristics setting as "Normal" , the "Test all files" box is unchecked and the "PUP and suspicious files" box is also Unchecked......... ive not changed any settings at all since i installed Avast so all my settings are Default as far as i know and no one else uses my computer.
Sorry for rambling on but like i said i do appreciate your help .
Me I’m a bit of a control freak when it comes to security, so my settings are bumped up to High Heuristics so it depends on your system spec or performance could be reduced. It isn’t Test all files in my image, but Test whole files, which is different. generally the avast default settings are based on their knowledge and giving a good balance between protection and performance.
I would check the PUP one, that way if downloading something you at least get a warning about it being a PUP.
The only problem then is you have to know A) what that program does and B) why that might be considered a PUP. For this you do need to be able to make an informed decision on how to proceed.
The next point is that when the web shield alerts, it effectively blocks the download, now in virtually all of the shields’ action settings I have the first option set to Ask (the second is set to no action), but the web shield only has Ask and Abort Connection (normal default). So even if set to Ask, there is no option to allow it through, the only way you can get it would be to temporarily stop the web shield to download it. You really have to be very clear that in doing so you aren’t going to leave yourself at risk.
Most of the reasons above and the user having to make the decisions are I believe the reason PUPs aren’t enabled by default.