avast exclusion problem

Avast Free Antivirus / Premium Security
1

I have exclusion problem with Avast Free Antivirus. I excluded one folder from the File System Shield, but the Avast checks that folder. Somebody help me to fix this problem?
Here you can watch the problem
http://www.youtube.com/watch?v=6GZR_-O1ENo

2

Each relevant shield has its own exclusion/exception list, and in the general settings (upper part of the main GUI) there is also a list.

It depends on what you want to exclude, and from which shields or function in Avast.

3

The File System Shield blocks the program. I changed the general settings (exclusion), but it doesn’t work. I have the same problem.

4

Well, I want to be clear. Avast is saying to you that you have a malware. Avast is blocking it. Instead of solving the problem, you want to run this malware anyway!

So, I’m NOT recommending excluding this folder. This is NOT a suggestion.
I’d rather say, stop and don’t do it.

But, it is your system. So just to answer the question on “how to exclude that folder” (NOT RECOMMENDED!!!): add the exclusion to other shields too if you are completely absolutely 10000000% sure of what you are doing.

5

I 100% sure it’s a false detection, I used to play this game. In Windows XP I excluded that folder and it works, but now on Windows 7 exclusion doesn’t work.
I check it with Sandboxie , to watch what does the program do:


 [ Changes to filesystem ]
   * No changes

 [ Changes to registry ]
   * Creates Registry key HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}
   * Creates Registry key HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}
   * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\SQMClient\Windows
   * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{1705c489-60c0-457d-9252-4de4c8278aa3}\Properties
   * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{18c5b238-cb75-47df-85c3-349de69f3004}\Properties
   * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{a769115f-ba83-42ee-aabf-0d2b42e98836}\Properties
   * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{e17a168c-4b7a-44e5-9c38-8b9b26f3097e}\Properties
   * Modifies value "Name=solitaire.RWG" in key HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication
          old value "Name=werfault.exe"
   * Modifies value "ID=44064090" in key HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication
          old value "ID=4A5BC2D9"
   * Creates Registry key HKEY_LOCAL_MACHINE\software\Wow6432Node\ReflexiveArcade\842
   * Creates Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
   * Creates Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
   * Creates value "SymbolicLinkValue=5C00520045004700490053005400520059005C0055005300450052005C00530061006E00640062006F0078005F00530075006C006C0061005F00440065006600610075006C00740042006F0078005C0075007300650072005C00630075007200720065006E0074005F0063006C0061007300730065007300" in key HKEY_CURRENT_USER\software\classes
   * Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{30a4b8b7-d3df-11e0-b4e7-f46d04ee7934}
          old value empty
   * Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{81056ee7-d3de-11e0-97e5-806e6f6e6963}
          old value empty
   * Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{81056ee8-d3de-11e0-97e5-806e6f6e6963}
          old value empty
   * Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{81056ee9-d3de-11e0-97e5-806e6f6e6963}
          old value empty
   * Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{81056eea-d3de-11e0-97e5-806e6f6e6963}
          old value empty
   * Deletes Registry key HKEY_CURRENT_USER\software\classes\*\shell\sandbox
6

Well, the exclusions / exceptions problem should be “solved” with what I already posted.

If you can send this to Avast Team as a potential FP with as much info as you can (like the producer’s website, complete name and version…) then maybe they can confirm the FP (or not) and then it would be better not just for you but for all users.

Another possible explanation could be that the exe is indeed infected now. That’s why the more info you can share / send to Avast Team the more might be helpful.

You could upload the exe to Virustotal too.

7

I too, have a problem with exclusions
I excluded Microsoft Games folder in the ‘File Shield’ settings to no avail.
The ‘general’ settings exclusion only applies to ‘On Demand’ scans

8

@DavidCo,

Is there anything that Avast is interfering with in that folder? If there is some suspected false positive, then you might want to send the details to Avast Team.

Do you see any kind of notification from Avast?

For the exclusions, review other shields too.

For custom scans, then add the exclusion to that specific scan if needed.