Attention!
There’s a bug since avast! 5 release when web shield block a threat too late (when is already on system), after that is of-course detected by filesystem shield but avast! says Action: (WTF?) then. It says that no action is required but the virus is still on it’s place and active. So It must be deleted by boot-time scan then (If it’s active threat). Can you please fix this problem as soon as possible? Thanks
happened to me once - recently! that avast blocked a site because it was a worm threat, after few days he found a rootkit trying to run in my system from another site, and since then i only surf via sandboxie, you are 100% protected.
looks like web shield can’t stop all the threats before the computer load them, never surf without sandboxie!
Regardless of whether Avast should have prevented the malwared file from executing or not in looking at the video the file is being run before being saved and checked.
This is bad security practice.
All files that are downloaded should be viewed before being downloaded. In other words the browser should be set to bring the file up on the screen before you download it. Then if you still want to download it, download it to a safe place and save it without executing it.
Then run a scan of the downloaded file before executing it.
Downloaded files should be scanned both by Avast and Malwarebytes and/or SAS. If it is clean only then should it be executed.
If you participate in the Avast community suspicious files will be automatically uploaded or
If Avast misses a malwared file that MBM and/or SAS catch or if all three fail to identify a file as malwared that you still think may be malware then you should password protect the file and email it to Avast at virus@avast.com with an explanation.
HTTPS does not protect against the transmission of infected files. It protects against eaves-dropping and man-in-the-middle attacks. HTTPS is a privacy protection protocol.
Avast will scan packers if you instruct it to. If you don’t it won’t unpack the file and scan it. I set all my scans—“Packers” to “All Packers” If you don’t do that then if you have a packer that is not checked off under “Packers” Avast won’t attempt to unpack it to scan it.
I also set my “Actions” to Repair----Move to VC----Delete.
I also set under “Actions” —“Processing of infected archives” to the middle “radio button”. The bottom one would be more secure. I think leaving it at the default which is the top radio button and says “Try to remove only the packed file from the archive, if it fails, do nothing” is a bit risky. I am not sure why that would be the default.
I have not had any problems with infected files getting into my system with these setting and using the procedures I described above.
Using these settings AIS has caught some infected archives/files while they were seeding at the end of a P2P download and then promptly sent the file to the VC or deleted it with no further incident. I always followed up on these files when something like this happened by checking the download location and verifying that the file had indeed been moved.
The I clean my system’s temporary files before doing anything else. This procedure seems to have kept my system pretty secure so far.
Avast Internet Security missed a file which MBAM detected, its now stored in the MBAM quarantine and I want Avast! AV to add it to their virus list and include in a definition update in the future, but since the file is already in quarantine and I dont want to risk restoring it, how can I submit it to the virus lab? I’m guessing a screen-shot won’t help :-\ Also it missed a virus in the registry, again same story - I dont want to restore from quarantine… How can I inform them and make sure they include it in an update in the future? (Not all users use MBAM/ SAS and this would help them greatly and its good for Avast! also)
P.S. Wrt the original post, will not watch yet another lame Youtube AV “review” (and no, HTTPS of course will not be scanned, if that is what the “expert” did. ::))
Shrug; add it to Avast chest from there if MBAM lets you. If not, well not really much help for you. Noone will transfer it to Avast in self-contained sealed box.
Registry keys cannot be added. (Well, you can export the key and add it, but why? It is just a manifestation of the infection, not the infection itself.) Once the key was deleted/values reset to default, there is no more action left.
avast! didn’t really miss anything or detect it “too late”. There is no such thing really. However it sometimes does happen that parts of the file do fall through Web Sheild and hit the HDD where Filesystem Shiled detects it because browser already cached parts of that file. But in such cases they are just remnants of the actual file. And even if they are in fact a full file which was initially detected, there is no way of it getting run anytime later. In worst case it will just be on a HDD and will not do anything. What avast! found out later was probably just one such file inside browser cache that File shild got hands on while browser wanted to purge that file from the browser cache sometime later.
dont want to restore it as it might risk my computer getting infected. I only have this screenshot.
ok I will try doing that