Hi. Avast Free ignores my exceptions. How do I fix this?
I run NiceHash on my PC. It uses a tool called NBMiner. I’ve been using this for over a year without much problems after initially setting an exception for the NiceHash folder. But now that exception seems to get ignored.
Every time I start the miner, Avast automatically quarantines the executable, despite having explicitly added exceptions for both the whole program folder and the specific executable. That last exception I added directly from the quarantine chest (restore and add exception). I got the ‘happy to be back’ notification. Yet, the very next time I tried running it, I got the same warning and the executable was again removed!
How do I stop this from happening? I already sent the executable for false positive analysis. But meanwhile I can’t mine.
I just updated to the latest version of Nicehash, and the latest version of NBminer, and the behaviour remains.
Of note: I manually update the Avast program (virus updates are on auto). Hadn’t done it in a couple of months (I know, I have reasons). Just did an update, and after that this problem started. So it is some change in the way Avast handles these files in the last several months that seems to be the cause.
I’ve sent both the old and the new version of NBminer for analysis. But the fact remains that even with explicit exceptions set to leave it be, Avast keeps quarantining the executable.
I disabled file shield. Even then the executable gets quarantined. Not only that, but now all my set exceptions are gone too!
What is going on?? Avast shouldn’t unilaterally remove exceptions!
Also: how does a disabled file shield still quarantine and block files?
Edit: OK. So I re-added the exceptions. Enabled file shield. Started the miner. Got the warning. Miner was again quarantined. And AGAIN all my exceptions were removed!
This is maddening.
Edit 2: I enabled file shield. Disabled Anti-Exploit Shield. Just to test. Set it to never run until I told it to. Rebooted my PC. Anti-Exploit was again enabled. So that too doesn’t listen.
But now with file shield and anti-exploit enabled, and for the 3rd time added all exceptions, I can run the miner. I don’t dare touch anything and hope it’ll still be running in the morning.
Another thing of note: after updating Avast and a reboot, and dealing with all these problems above, after an hour or so into this troubleshooting I got an Avast upsell screen telling me about the new features. Could it be that only after this screen the update is complete and only after a further reboot is actually working properly? Because that’s insane. The screen usually comes within minutes after an update and reboot. Not over an hour later. That seems deliberate. And no mention of another reboot required. I just did it to see if it would help.
But, even with anti-exploit disabled last night, the executable got quarantined. And even with the file shield completely disabled it keeps happening. Maybe this is part of the web shield? The config menu for Anti-exploit seems to suggest it’s more general for all shields, as it sits above the different shield settings menu’s.
I again disabled the Anti-Exploit Shield. And then all my exceptions were gone again. Restoring settings didn’t bring them back. Had to manually add them again.
It just removed the miner again. Warning screen said in details it was the anti-exploit shield that did it. Anti-exploit schield is unchecked in settings!
I just unquarantined the executable and added an exception from the chest. Disabled the whole Anti-Rootkit Shield that sits above the Anti-Exploit Shield.
I’ve been away all day. PC was on at home, mining.
I have now stopped and started the miner several times without issues.
What seems to be the problem:
1: The warning says it is the anti-exploit shield that has intervened. Whereas in reality it seems to be the anti-rootkit shield.
2: The anti-rootkit shield ignores all exceptions. Those only apply to the file shield.
3: Disabling the anti-exploit shield and/or the anti-rootkit shield, deletes all set exceptions! Even though they seemingly do not even apply to those shields.
Apparently there is no way to run a miner without disabling the anti-rootkit shield. This was not necessary with the version of Avast I was previously running, from a few months ago. And all versions in at least a year before that. But now it is.
Edit: I just submitted a bug report. I’m aware of the dangers of exceptions, but I’ve been running this software for over a year and so have millions of other people. Any problems would be big news fast. Just because miners are sometimes installed without consent does not mean miners are always unwanted, and there is no good way to allow for running mining software without disabling whole parts of Avast. And if Avast then doesn’t even respect the exceptions set, things get very frustrating.
Since I disabled the anti-rootkit shield, Avast hasn’t quarantined the miner again. So I think it’s safe to say that is the cause.
A miner isn’t a rootkit however. And the warning saying it’s the anti-exploit shield that intervened is also incorrect communication, as stopping the anti-exploit shield does not stop the quarantining.
Lastly it is weird that Avast has an option to set exceptions, and still the anti-rootkit shield stops software explicitly excepted from monitoring.
It seems I need to submit logs via the support tool, to the support portal, to get an ID.
The support portal however seems to be for paid users only. I use Avast Free.
The support portal refers me back to this forum.