I have been running avast! Internet Security for about 5 weeks. This afternoon, it suddenly started throwing up masses of messages about BTHelpBrowser.exe. There tend to be 3 or 4 messages at a time and they all say the same thing:
avast! has finished analysis of the program. We did not find enough evidence to identify the file as malware.
However you should still use extreme caution when accessing it.
File: c:\Program Files (x86).…\BTHelpBrowser.exe
Reason: The file prevalence/reputation is low
Duration: 0:00:00
The program has now terminated.
For the next execution of this file do the following:
Open in sandbox (recommended)
BTHelpBrowser is not something I actively use - but it is something that comes with my BT Broadband. I would therefore have expected it to be known to avast!
Should I be worried about this sudden change of behaviour?
What should I do about the annoying proliferation of notification pop ups that take up a third of my screen every time they appear?
When you recieve the popup with open in sandbox recommended - use the drop down and click on open normally, this will exclude the process from the auto sandbox and you shouldn’t be bothered by it again.
Eventually when avast collects enough information about that process it will automatically be excluded and you wont need the manual exclusion that you need to place now.
the verdict to sandbox BTHelpBrowser.exe is based on a set of criteria(s) as in the screenshot.
notice that the reason u quoted from autosandbox is ‘the file prevalence/reputation is low’
filerep is a new feature in Avast! v7 which provides prevalence/reputation analysis on the files u download/already have on ur system.
it affects the verdict to sandbox the executable or not.
apparently, BTHelpBrowser.exe is not well recognised in Avast community, thus being sandboxed as a precaution to potential malware.
when sufficient (i dunno how much) users have executed BTHelpBrowser.exe, Avast would decide whether to release BTHelpBrowser.exe from sandbox based on the behaviour that it performed on users’ systems.
however, if ur sure that BTHelpBrowser.exe is safe, u can exclude BTHelpBrowser.exe from being sandboxed by selecting ‘open normally’ from the drop-down box of the blue autosandbox pop-up.
alternatively, u can manually exclude it from autosandbox via Avast GUI (additional protection → autosandbox → settings → browse for BTHelpBrowser.exe to exclude it)
I would also suggest that you add it to the trusted processes in the behavior shield, see image. I don’t have the BTHelpBrowser.exe in the list of autosandbox exclusions, but it hasn’t triggered in quite some time as my BT Infinity connection has been very stable.
BTHelpBrowser is not something I actively use - but it is something that comes with my BT Broadband. I would therefore have expected it to be known to avast!
I’m not in the slightest surprised that these obscure BT files have a low rep, given that there are over 150 million active avast users, the number of BT Broadband customers who might have this installed would be very low.
The fact that it isn’t digitally signed also will have the autosandbox twitching, add to that the low file rep, it will be getting very twitchy and that is the whole idea about the autosandbox if it is to be able to be an extra level of defence against unknown malware.