Avast v5 is detecting COMODO Leak Test (clt.exe) as Win32:Malware-gen. Now this is a good thing as avast doesn’t know that it’s actually a tool. So to rectify the problem I put the folder containing clt.exe in the exclusions list under Main Settings but the exclusions option does not work. In main settings under exclusions is say “Type paths to be excluded from scanning. Note: exclusions specified here will apply to both on-demand scans (manual and scheduled scans) and to the real-time shields.” Pix #1 shows the items in the exclude list indeed do have the correct path. Pix #2 however shows that clt.exe has not been excluded but has in fact been moved to the Virus Chest.
Hold on now cause it gets stranger yet. “Quick scan” & “Full system scan” & “Removable media scan” & “Select folder to scan” & “Screen saver scan” does not detect it but ---- “Scan from Windows Explorer” & “File System Shield” & “Boot-time Scan”does detect it and moves it to the virus chest. I have gone over ALL settings again and again and all settings seem to be correct.
So again i think i have found a Program BUG :o and for myself this is a first with avast.
huh ??? instead of the drive letter ??? lol then how does avast determine where/what "?:" is instead of a drive letter ???
Isn’t that like a pasanger telling the taxi driver “i want to go to my house” ??? Does he know where you live lol
Ok now i’m really getting upset >:( Using all 4 virus test files from http://www.eicar.org/anti_virus_test_file.htm I have found many problems with avast v5. I think this version needs to go back to the testing stage. (did you guys make vista also lol)
I put all 4 test files on 3 drives, C: System Drive, E: Backup Drive, J: usb zip Drive. I put them in an excluded folder and in a none excluded folder.
For example when i plug in a usb zip drive avast does not detect the test virus.
When i plug in my external drive avast does not detect the test virus.
When i open a folder containing the test virus file sysyen shield does not detect the test virus.
When i use “scan removable media” it does not detect the test virus on my external drive or on my usb zip drive.
Web shield works cause i had to temp disabal avast so i could download the test files
For the first time in over 3 years i’m VERY disapointed with avast
If there is a mod that lives close to me i am willing to show results in person.
? is a wildcard for any drive letter.
But if the file is the same in every location, something is weird with your exclusion list.
Try that and post back if they’re detected.
Please, do not use red background… it just difficult to read…
Hmm… it seems that exclusion lists in main settings partially work in File-system shield.
I made a folder “C:\testbox” and add it to exclusion lists (“C:\testbox*”) in main settings, and put eicar.com, 2 real malware samples “F.exe.virus” (has own icon) and “C.exe.virus” (has not own icon) into it.
With file-system shield enabled…
Execute eicar.com → No alert appeared (even eicar crashes on my Vista PC) : Normal
Rename “eicar.com” to “eicar2.com” → Alert appeared (EICAR Test-NOT virus!!!, Process: Explorer.exe) : NG
Rename “F.exe.virus” to “F.exe” → Alert appeared (Win32:Malware-gen, Process: Explorer.exe) : NG
Rename “C.exe.virus” to “C.exe” → Alert appeared (Win32:Small-NFN [Trj], Process: Explorer.exe) : NG
Rename “eicar.com” to “eicar.com.virus” → No alert appeared : Normal
Rename “F.exe” to “F.exe.virus” → No alert appeared : Normal
Rename “C.exe” to “C.exe.virus” → No alert appeared : Normal
Open eicar.com via Notepad.exe → No alert appeared : Normal
Open “F.exe” via Notepad.exe → No alert appeared : Normal
Open “C.exe” via Notepad.exe → No alert appeared : Normal
Do right-click scan to both files / directory → No file scanned : Normal
Do these experiments help to figure out this mystery?
Well the Settings, Exclusions don’t have the detailed options as in the real-time shield exclusions (Read, Write, Execute), so that might well make a difference as I guess the settings Exclusions won’t scan a file. I guess that doesn’t overwrite/stop the scanning of an executable file if it attempts to be run or make changes to the file.
Also i have noticed that if you put a file in main settings under exclutions and also same file in exclusions under say…screen saver then avast gets confused and doesnt exclude it at all.
