I’m using Avast Free v. 19.3.2369 - build 19.3.4241.439 (release date March 11, 2019 4:36 AM) on Windows 10.
Avast detects several components from “CyberLink Media Suite 10” as false positives (which I already added as exceptions and sent for analysis).
Here’s the worst issue:
Avast moved to the Virus Chest the .exe for “CyberLink PowerProducer 5.5” (“C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe”).
I opened the Virus Chest and clicked “Restore and add exception”.
Avast said “It’s happy to be back”, and I could see it correctly added the exception.
Unfortunately, Virus Chest is now empty, the .exe file was NOT restored and it is nowhere to be found.
Having your files deleted (instead of protected) by your anti virus software is unacceptable. The restore process should be a simple file copy, verification and then deletion (or rollback in case of failure). There was no error message. There’s plenty of space on the drive (67 GB). The file is not in its original location, in the Virus Chest nor the Recycle Bin. There’s also no activity log in the Virus Chest (that I could find).
Does anyone know if the file can still be restored, and how? (I’m not so worried about restoring this specific file right now, but I’m worried Avast might delete any other random file forever, so if I could at least manually restore it I’d more at ease to continue to use Avast).
In “C:\Users\All Users\AVAST Software\Avast\log\autosandbox.log”, the relevant entries are these (notice near the end that “Producer.exe” was “marked as infected”):
4/2/2019 11:52:09 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\Media Suite\PS.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:52:14 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\Media Suite\OLRSubmission\OLRStateCheck.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\Media Suite\OLRSubmission\OLRStateCheck.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:52:19 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaShow6\MediaShow6.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaShow6\MediaShow6.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:53:33 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\Media Suite\PS.exe]
[Reason: 0x00020000]
--> Result: Not sandboxing (because the file is in the exception list).
4/2/2019 11:53:58 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\Media Suite\CLUpdater.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\Media Suite\CLUpdater.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:57:16 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaShow6\MediaShow6.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaShow6\MediaShow6.exe]
[Reason: 0x00020000]
--> Result: Not sandboxing (because the file is in the exception list).
4/2/2019 11:57:17 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaShow6\OLRSubmission\OLRStateCheck.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaShow6\OLRSubmission\OLRStateCheck.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:57:27 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaShow6\subsys\BigBang\Runtime\CLUpdater.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaShow6\subsys\BigBang\Runtime\CLUpdater.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:58:32 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaShow6\subsys\BigBang\Runtime\CLUpdater.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaShow6\subsys\BigBang\Runtime\CLUpdater.exe]
[Reason: 0x00020000]
--> Result: Not sandboxing (because the file is in the exception list).
4/2/2019 11:58:46 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaEspresso\MediaEspresso.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaEspresso\MediaEspresso.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:58:50 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaEspresso\OLRSubmission\OLRStateCheck.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaEspresso\OLRSubmission\OLRStateCheck.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:59:01 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\CLUpdater.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\CLUpdater.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (no custody)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 11:59:41 AM Autosandbox candidate: C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe]
[Reason: 0x00020000]
--> Result: Sandboxing (file was marked as infected)
--> Instrumentation: Instrumentation inside sandbox requested
4/2/2019 12:07:41 PM Autosandbox candidate: C:\Program Files (x86)\CyberLink\Media Suite\OLRSubmission\OLRStateCheck.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\Media Suite\OLRSubmission\OLRStateCheck.exe]
[Reason: 0x00020000]
--> Result: Not sandboxing (because the file is in the exception list).
4/2/2019 12:11:18 PM Autosandbox candidate: C:\Program Files (x86)\CyberLink\MediaShow6\OLRSubmission\OLRStateCheck.exe
[Source: ]
[Opened by: C:\Program Files (x86)\CyberLink\MediaShow6\OLRSubmission\OLRStateCheck.exe]
[Reason: 0x00020000]
--> Result: Not sandboxing (because the file is in the exception list).
In “C:\Users\All Users\AVAST Software\Avast\log\Cleaner.log”, there is just this:
I could not search some 17 other files (among 90 files in total) in the same folder, though (got “Permission denied” when greping them, even running as admin). I could not find any log via Avast GUI.