avast! deleting 7-zip 9.38 BETA on its own

Can someone explain to me why is avast! deleting 7zip 9.38 BETA on it’s own? Such behavior is unacceptable. It should NEVER ever delete local files no matter what.

I know it’s beta and because of it is not so widely spread, thus making it detected as FileRepMalware, but this doesn’t bother me at all, what bothers me is deletion of the file without the chance to recover it or mark it as false positive.

And if i set it on my own to Move to Chest, it just does nothing.

It isn’t alerting on an earlier build 7zip 9.22 BETA - but as you say even if detected it should follow your File Shield settings.

No doubt your File Shield settings are like mine no deletion in any of the actions (Virus, PUP or Suspicious) 1. Ask, 2. No Action, which stops the actions process (but won’t allow the file to be run).

Presumably you also used the Report the file as a false positive, I just wonder if that shouldn’t have an impact.

When I clicked the report button, nothing even happened. Like I’m clicking a dead button. That was with “Move to chest” settings. If I leave it at “Fix automatically”, I don’t even get the Report as FP button… (as you can see from the screenshots)

There are tons of posts on false positives…
https://forum.avast.com/index.php?topic=163971.0
…and even many on what you describe as well.
https://forum.avast.com/index.php?topic=163884.msg1168221#msg1168221

I don’t buy that if Avast cannot quarantine it deletes.
As you and other OP stated, it is not acceptable that Avast “deletes” files with no chance from user.
With all the false positives this is a train wreck waiting to happen on PCs.
I’ve yet to see Avast Team member respond on this…but of course I rarely see them acknowledge a bug and that they are working on it. :frowning:

I just wonder if having the ‘Fix automatically’ as the first option - it allows avast too much autonomy I feel. If it goes through its auto fix routine without a positive result, its last resort might be delete.

This is one reason I don’t like autonomy and have my settings Ask and No Action.

Its a good thought and I agree…I leave everything manual to see what is going on…especially since my scans are early morning.
Question…and I know it sounds like I’m beating Avast up again but I’m not…do your “manual” settings work ?
I ask because my program update settings are ignored…and I have seen other posts that settings don’t “stick”…and I’ve not had a false positive to judge by…I was wondering if Avast honors the settings in this section ?

http://www.screencast-o-matic.com/screenshots/u/Lh/1420391035002-91484.png

Why would Avast not be able to put this file in the Virus Chest ???
Maybe the action of Fix needs to be modified to ask if repair and virus chest fail ???

I agree totally, Avast ‘deleting local files’(installed) on its own as RejZor’s issue points out, should imho never happen. This is something that needs to be changed.

@ thekochs
Yes my Ask, followed by No Action works, certainly from the limited activity they get.

I base this on the actions are essentially like an If statement, if the first action doesn’t work, move to second action, if that too fails, move to third action.

Ask - really has to have a positive user input. I don’t know if (unintended pun) there is some sort of delay in how long it will wait.

No Action - is essentially an End If statement. That is why when you place No Action into the action stream you don’t get any action options after that, when No Action is in the second option.

However - this is where it becomes a bit weird, the File System Shield has other actions, namely DeepScreen and Hardened Mode. So there is a possibility that when these if enabled and depending on settings could well have a branch before commencing (or even eliminating/ignoring) the actions If stream.

Also since this is the FileRepMalware (in RejZoR’s attachments) avast Cloud determination, it looks like it is either taking a different path or ignoring the actions If stream.

RejZoR had previously mentioned setting the Hardened Mode to Aggressive (which is also what I have set), I think he had previously said it overrides the DeepScreen - that certainly checks the file against the avast cloud.

@DavidR…love the “code” references. :wink:

I get what you are saying but the top level “IF” should call nested routines and return back so that the “global action” integrity is retained. One of my pet peeves with Avast is that they provide settings that are ignored or do not work…in your terms…seems like they don’t do regression testing of these settings and effects/scenarios (ie. branches). These type things can have terrible consequences…like deleted files or un-authorized over-the-top program install and reboot. There is just a line of protection versus increased risk Avast steps over IMHO. Bottom line, if they give users the option to choose the “actions” then those should be held to.

Maybe what avast needs is an ignore button. ::slight_smile:

The problem with an ignore button is that it will be the most used button. Even when the detection is genuine.
The reason for having protection in the first place is to protect you from infections. As soon as you give
the average computer user a button to bypass what they want to run, it will be used regardless of the consequences.
Once bypassed and infected, next will come the complaints: Why did you allow me to infect my computer ?

So true…couldn’t get an “ignore button” for my wife either. ;D

Once you’ve been married long enough, the ignore button goes into hyper drive.
She automatically ignores you and you had better not reciprocate if you still expect
home cooked meals and want o stay out of the dog house. :slight_smile: