A Windows 10 Pro 64-bit user contacted me to tell me that they had seen an Avast pop-up warning of an issue with LTsvc.exe. That’s a legitimate program in our case; we use ConnectWise (formerly LabTech) agents on our machines. Recently these agents have been automatically updating themselves, so that may have been the root cause of this event.

Whatever Avast did, it didn’t affect the functioning of the ConnectWise agents; they are still working normally.

I do realize that there are exploits involving abuse of ConnectWise components, but as best I can tell they require user interaction to trigger. This user wasn’t doing anything at the time the Avast alert occurred; they simply returned to their office and saw the alert being displayed. Unfortunately, I didn’t copy the message details down.

Avast client Alerts tab shows “No alerts yet” – though after a reboot so I don’t know if there’s a cumulative history there to be seen.

I figured I could get them from the console, but I was wrong. This computer was connected to the network at the time so it should have instantly sent a message to the console, which should then have emailed me. None of this happened. I didn’t get an email and there’s no notification of the event in the console.

So while I might have posted this in \Viruses and Worms as a likely false positive, I am wondering if there was some kind of malfunction with Avast that caused it to display an alert but not send it to the console.

Any thoughts?

Avast Business Pro
Program version 23.1.2738
Definitions version 230328-2
On-premises console version 7.29.968

Thanks.

Given your comment "Avast client Alerts tab shows “No alerts yet” " I would say this is the correct location for the post.

As an when someone gets an Alert, it would help if they can capture a screenshot with the Details option selected. If you can then post it here.

Even if this were an FP, that doesn’t get away that it isn’t being recorded, so that needs looking into also.

In the meantime you can use the - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

I would have captured a screen shot had I known I could not trust the console to have the report. This scenario has never happened here before. Is there a local log on the client machine that would have any information about this event?

I appreciate you have captured a screenshot if you had known.

Unfortunately as an Avast Free user I’m not familiar with the On-Premise Management Console & Clients product.

If you find any information - you can try the - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.