AVAST 2017 Web Shield don’t show any popup or warning message if we visit a malicious page twice. For example suppose I am visiting microkool.com/Dropfile/index.php by mistake. This is a known phishing site and is in the database of every antivirus product including AVAST. Now if I visit the above mentioned website, AVAST immediately tells threat has been detected and the connection to that site is aborted. This is absolutely fine. However again if we visit that website or any other phishing site (that is in the database of AVAST), AVAST don’t show any notification or warning. It only blocks the connection silently in the background giving the user an interpretation that the website is temporarily not available or there might be some problem with proxy or dns.
AVAST shows notification again only if computer is restarted.
This issue is there in AVAST 2016, 2017. Any idea regarding this? Did someone here else experienced this issue or its me only? :-\
Don’t worry. Once is detected malware, connection is disconnected by default. And if is disconnected, malware can’t visit your PC. You can change this in web shield options.
An entry would/should be place in the WebShield report file, C:\ProgramData\AVAST Software\Avast\report\WebShield.txt
I would also suggest that you change the default settings for the Web Shield - AvastUI > Components > Web Shield - customise > Actions and set the Primary option to Ask. This will throw up the interactive alert window, so you will get a notification of sorts immediately. Your only other option is Abort Connection, which will close that alert window.
That said when you visit a malicious site (if avast detects it) then it aborts the connection, so you may be left with a blank browser page.
I certainly understand your point. But what I am trying to say that AVAST always should display pop up. Now the case is once it has shown popup for one malicious site, it will not show any other popup if you visit that particular site again or any other malicious sites. It blocks the connection though giving users a wrong interpretation that there might be something wrong with proxy or DNS or website is temporarily not available. There is an option ‘show notification when action is taken’ and that said when this option is ticked or checked it show a message every time we visit malicious site and not once.
this is a design decision because there were cases, when tons of alerts were showing up, because a program was trying to access a blocked page over and over again which was a huge annoyance. So there is a timeout for the alert to show up again - but just for the one particular URL. When you access a differend malicious site, the pop-up shows as expected.
I also raised this point with the Avast team but eventually agreed with them. This was mainly to stop spammed popups when malware was calling home every few seconds.
Sorry I couldn’t agree less, if they are going to show a popup (without the user changing the settings), showing that popup just once is totally crazy. If you go to a malicious site you get the popup, go back later or to another malicious site and not give an alert popup would give the user a False Negative. They believe the site/s are clear or the initial popup was an False Positive.
One of the most common popups on malicious sites is the URL:Mal popup and as Jiří Šembera mentioned, these usually come at regular intervals. They can also be an indication that you have an undetected or hidden malware file on your system that is trying to get out to connect to a malicious site.
That’s wrong. If you go to another malicious website, there will be an alert popup. Once you’ve received that alert for that website, you won’t get a pop-up for 10 more mins on the websites you’ve already had the popup for unless you restart shields.
Basically that don’t happen. I have tested with different valid malicious site that are in the database of AVAST. Once a notification is shown for the first site, other sites gets blocked automatically without showing any notification. This is what really happens. If you want I can share some valid links (malicious) which are detected by AVAST but notifications are shown only once giving the user completely a false interpretation.
If the case was really that, then it should be left to the user’s discretion when and how to show alert messages. In fact when I have checked the option ‘show notification window when action is taken’ option, AVAST should show a pop up. Otherwise that can be considered as a bug. Now if too many alerts are generated in rare cases, there should be options like “Don’t show notification for this event” and “restore hidden notification” by which user can enable or disable or better customize the way they want the alert.
I can share some valid malicious sites that are in the database of AVAST which I used for the purpose of testing to figure out the issue, but unfortunately AVAST shows blocked notification only for the first site that you visit. For others it is simply blocked. I don’t know the timeout period as others mentioned. But what I did was to restart and check with some other URL and the same applies for that also.
Once you turn off shields and start them again, you’ll get pop up again.
Regarding your malware samples, don’t post them here. However, are you sure they’re not from the same domain? A prime example would be AMTSO. Since they’re coming from same domain after detection of of the first file, you wouldn’t get the popups… same for EICAR files.
“URL:Mal” means this url is somewhere blacklisted and is blocked before my browser connect this site? Or it means on this site was found malware which was blocked? So no malware come to my PC? Is important block malware before is executed, not after.