This comes from my perspective as a software developer.
It prevents me from releasing software on time. The 2+ hour wait time for things to ‘process’ a file is long, and it seems hard to automate around it. I can - and often do - release multiple builds in that time, so this is a big problem for me. With as many users as it has, I cannot tell them to not use Avast or turn this off.
It seems ineffective - it only considers executables. My software is mostly libraries, with one executable. What’s the point of scanning the executable without its dependencies? You’ll learn nothing about it. You cannot even start it, much less make sense of it when you don’t see 90% of the binaries.
The biggest problem for me is that it breaks updates of my software.
What the update does is download the new version, swap out the files, launch the new version and:
if it successfully starts, exit.
if it doesn’t start, put the old files back where they belong.
Problem is that Avast pins the new binary and doesn’t let it exit - it seems to be tied to the popup box. That means the file can’t be deleted and the old one can’t be moved into its place. With every attempt of resolving this on my end taking 2+ hours, this is extremely annoying to deal with…
So. I do not see how this feature is effective if you can defeat it by putting bad code in libraries. I also do not see how to deal with this as a developer using a continuous delivery approach.
CyberCapture doesn’t affect local files, only files received from the internet (at the moment). Also, 2 hours is the supposed maximum limit. Last time I had CyberCapture invoked on a downloaded file, it took around 1 or 2 minutes and I already received the verdict back that file is clean.
The analysis took way more than two hours. I waited two hours, and then left it to its own devices. It was done in the morning… Maybe it’s not as fast on a Friday night. Or maybe a real person looked at it. Without the libraries, it’s impossible to tell what it does anyway.
As for my broken update problem:
I can’t trigger the CyberCapture popup once the application updates itself - this is in contrast with my bug reports, HOWEVER, if I put Avast into hardened mode, I get different popups - but those don’t let me send stuff for analysis.
Is the blocking the same as if CyberCapture was involved?
If this is the case, I have this fixed already - I have changed how the updates work to not ‘delete’ the executable on rollback, but just to ‘move’ it back.
As for whitelisting:
The e-mail submit is fine… question is: will I get a machine readable e-mail back?
You are notified when your file has been analyzed and whitelisted. If your file is rejected by our analyst, we won’t provide an explanation as to why it was rejected.
That is kinda vague... Notified how? Is there a guy on the other end writing e-mails, each one unique? Do I have to wait, read some e-mail and then push buttons to make the deployment happen? Is this *really* a manual process?