Avast javascript Protection(Failed)

71.zip.js
https://virustotal.com/en/file/b92a696245ce77c30d1626a238b9044da2deafbabaaae683f9fc37e5085fae2d/analysis/1488971110/
17142.js
https://virustotal.com/en/file/287a396622188553c92f38652d92ca2b955f47ef7e20493238caf67137d12154/analysis/1488971188/
280581.js
https://virustotal.com/en/file/0dcc53b3e724617dd02be0e9391e78dbb70fded83861afd6001c15af78078b73/analysis/1488971274/
a.js
https://virustotal.com/en/file/c8c03595cd68fd3281b597f5b271decee61695bb23ee446126a02a6ac72c70ac/analysis/1488971320/
Avast javascript Protection is really bad and need improvements.Pls avast team do something about it.I am testing javascript(mal) on SD.

And where is the proove that it fails ?
Just because a scan at VT doesn’t show that avast is detecting things, it doesn’t mean avast doesn’t.

VT is just a on demand scan and nothing more.
It doesn’t use e.g. the on access scan.

I knew that.1file(71.zip.js) is block by URL:mal now.But not delete the whole .JS File or viruschest it.

These are downloaders, so have you tested if avast detect the Payload?

After few hours avast detect the payloads but missed the main files(downloaders). :slight_smile:

I think this topic has been touched multiple times.The samples you posted are numecod downloaders that come as a mail attachment in mail applications specifically not web mail.

Avast mail shield will block these downloaders as they arrive in the inbox so we are protected.You have to test the whole infection chain to know exactly if avast stops it or not.

In case of avast until the file is executed you can’t say if its detected or not since there are lot of layers and shields,malware has to get past all of them to infect you. :slight_smile:

The gripe that I have had for a long time is that even after blocking the downloads the js is trying to access,avast is unable to see the underlying downloader that has to removed,this should actually be intended behaviour performed by IDP since it can monitor this kind of stuff.Even,if IDP doesn’t do it atleast we could deepscreen the file. :-[