1

I have set the ‘Actions’ in the customise behaviour to ‘Ask’ when any suspected malware is detected. Yet when I tried to implement this behaviour when Avast! Free discovered an almost certain false positive in the FotoSketcher 3:20 file application it quarantined the suspicious file anyway.

http://i386.photobucket.com/albums/oo307/Davebucket17/Avast%20Actions_zpssfwbneco.jpg

What setting should I have it on to prevent Avast! automatically quarantining files it suspects are malware? Does this feature even actually work in Avast! Free?

2

Did you set all three tabs to Ask ?

If not then what was detected most likely wasn’t a virus but a PUP or Suspicious as you mention.

3

Yes, all three were set to ‘ask’. It was identified as a trojan, which I didn’t think described a potentially unwanted program. I’m pretty sure trojans are suspicious in any shape or form. What I can’t understand is why the drop-down menu on the alerting pop-up was totally unresponsive. If I have options shouldn’t I be able to choose them? Is this a known bug?

4

A copy of the alert image would help if you can replicate it ?

The reason I ask is that not all alerts have a drop-down function, that is the purpose of those three tabs are for. If you select Ask as the first option the next will default to No Action.

I suspect this could be either DeepScreen or Hardened Mode if you have those enabled.

5

I doubt I could replicate the alert pop-up. This alert gave me a drop-down function. I selected ‘No Action’ IIRC but there was no response. I uninstalled FotoSketcher program (which prompted the now definitely recognised and proved false positive as communicated to me by Avast! Customer and Technical Support) and tried to reinstall it. Exactly the same thing happened. I should be able to tell Avast! to ignore a false positive/suspect file according to the customisation options. But I couldn’t. I don’t have Hardened Mode enabled and there was no mention of Deep Screen on the pop-up.

6

Selecting no action only does that, take none of the possible actions. This will/should leave the file in place, but what it won’t let you do is run it. After a reboot if you tried to run it again you would get the alert again.

For many years avast has taken the decision not to have a single click option to ignore/exclude/allow to run for obvious reasons. If it was a good detection, then a single click (accidental or otherwise) could have serious consequences, for the user who might just blame avast for it.

I don’t know if the DeepScreen popup is specifically branded as such. But if I recall it does say it is running a DeepScreen check and it may take a few seconds.

7

OK, thanks for the clarification, but it actually quarantined it rather than leave it in place.

I can understand the reasoning behind the policy, sort of, but it is disconcerting to think that the end user can’t be trusted by Avast! to make decisions about what runs or what goes to quarantine. If it had been an essential systems driver instead of a third party application program I’d probably be typing this on my Ubuntu laptop now. In my experience most ‘malware’ flagged by anti-malware or AV’s are false positives. I know they are inevitable in any AV program but there needs to be some safeguards. In Panda Free 2015 there was a choice to uncheck the default auto-quarantining of possible malware. This ability saved millions, including myself, from a severely borked computer during the recent great Panda borking event caused by a bad update signature. The ultimate irony here is that I changed my Win 7 desktop to Avast!, as I had had good experiences with it before on my Vista laptop, and because Panda Free 2016 did exactly the same thing with FotoSketcher a few weeks ago on the Win 7 machine! It was a false positive then as well. I thought I would have more control with Avast! Free.

I’ve seen DeepScreen pop-ups and it definitely wasn’t one of those.

8

If users could be trusted to only install safe programs and only visit “safe sites”,
then they wouldn’t need any protection at all.
Even the advanced user can be fooled into visiting an unsafe site and downloading unsafe material.
Hence, if it’s not deemed safe, it winds up in the Virus Chest not your computer.
From there it can always be restored if Avast made a mistake.

9

Yeah, but bob, Avast! quarantined a running application program I have been using malware-free for years. This wasn’t a case of visiting an unsafe site or downloading an unsafe installer. I scan all downloads as a matter of fact. There should be a way for the end user to have some control over what happens to currently running application programs on their own computers. Besides, it wouldn’t restore the quarantined file from Virus Chest anyway. Otherwise why give the illusion of choice of action in the AV GUI?

I’ve never regretted buying a laptop preinstalled with Ubuntu as I never have to worry about an AV program going all HAL 9000 or trying to eat itself.

10

“Besides, it wouldn’t restore the quarantined file from Virus Chest anyway.”
It would after it was sent to Avast for analysis and deemed to be safe.

11

I don’t doubt it. That’s not the point though, Avast! shouldn’t have quarantined a file from a running program it previously considered safe in the first place. I should have the ability to override the decision at the time. This can actually be achieved with other AV’s. So why not Avast!?

12

As DavidR already explained, the decision from Avast was not to allow overrides on a detected infection. Avast makes the final decision.
If that’s not acceptable, your only choice (if you don’t have the patience to wait for a check on this program from the virus lab) is to fire Avast.

13

There is a function in the virus chest options to ‘Restore and add to exclusions’ which was added in the not to distant past. So at least you have a way back, that isn’t a single click on the alert window, this is a deliberate act, not something that could be accidental.

14

And as I stated earlier bob, this isn’t about patience, stoicism or equanimity, and it’s fine if it’s just some third party application program, but if it isn’t it means that I, as an end user could be left with a potentially unbootable computer whose future would basically be to be employed as a giant paperweight.

This is probably the most sensible advice you’ve ever given me bob.

15

I tried the ‘Restore and add to exclusions’ option both times and nothing happened.

16

At this point, the only ones that can add anything to this topic would be Avast.

17

I believe you have other things going on with your installation (given the other point you raised) as only a day ago I did just that, when one of my little utilities was picked up as a PUP on an on-demand scan. I let it be sent to the chest to test this very function, not only was it restored the exclusion was added to the avastUI > Settings > General - expand the Exclusions - File paths tab .

18

It’s a good possibility that there is something wrong with the install, but everything seemed fine. I did have a very minimal custom install, but I only unchecked the bundled applications I didn’t want or need. It worked perfectly well in every other respect.

19

I just wonder if it would be worth trying an avast Repair or a clean reinstall.

20

I’ve uninstalled Avast! for the meanwhile but I may try that at a later date. I like Avast! but I have to be sure that it won’t brick my computer by automatically quarantining suspected malware without asking me about the decision.