Client 17.2 - not listening to File Shield Exclusions

Manley · 2017-03-02T14:36:13.000Z

Hi,

My computers have been updating to Avast client version 17.2, and I’ve noticed that the new client is wrongly detecting a program called AristotleNT.exe as a threat and moving it to the Virus Chest. I have had this program in my File Shield exclusions forever, and the old client 12.3 never did this, as far as I know. Is the File Shield doing this wrong or is this something else?

Eddy · 2017-03-02T14:41:14.000Z

Did you set the exclusions through the console ?

Manley · 2017-03-02T14:43:02.000Z

Yes, I did it through the admin console in the File Shield. This program exclusion has been set for over a year and worked with older Avast versions, as far as I can tell. I’m seeing many computers showing “Vulnerable” now, and when I look, they all are moving this “threat” to the Virus Chest. I tried to restore the file through the admin console on one computer, and it failed, so now I think I am forced to re-install the program on all these computers.

Manley · 2017-03-02T14:46:49.000Z

I noticed that the File Shield exclusion list showed the program as this:

*\Aristotle.exe

so I changed that to just this:

Aristotle.exe

and I’m waiting to see if that does anything. There are several entries above in that list that just have a filename without a path. For example: *.ini

Manley · 2017-03-02T15:00:16.000Z

I worked with offline tech support, and they added the program to the Antivirus exclusion list. Now, I’m waiting to see if that fixes it or not.

Eddy · 2017-03-02T15:06:24.000Z

Ok, keep us informed here about changes please.

Manley · 2017-03-02T17:33:14.000Z

Well, I don’t know if it is fixed or not. As new student computers come online, I’m getting more Vulnerable computers in the Admin Console list that show the program was moved as threat. But it doesn’t seem like all do it. So, I don’t know if the student computers are upgrading the client to 17.2 but not updating the settings? Long story short, still got some problems. And the bigger problem is that Avast admin console cannot restore the file/program. It just gives an Error. So, now I’m forced to somehow figure out which computers have the broken program and re-install.

Manley · 2017-03-02T20:53:31.000Z

Okay, well now I’m seeing a pattern. All the computers that installed Avast 17.2 and rebooted, they are the ones removing AristotleNT.exe to Virus Chest. Not sure why this is happening if AristotleNT.exe is excluded in both File Shield and Antivirus areas.

Eddy · 2017-03-02T22:49:06.000Z

I suspect it is the behavior shield that is doing it.

My suggestion is to contact business support and ask them to have a look at it.

system · 2017-03-02T23:37:43.000Z

Hello, in my case, the behavior shield detected a program file as a suspicious object in my office,
but I confirmed the file is a normal and safe program and used by employee in every day.

Making the function disabled is better, but we have no choice that we can make it so,
I changed setting that message is shown when shield detects something suspicious.

Manley · 2017-03-03T01:00:05.000Z

Yeah, I see the Behavior Shield has an exclusions list too. So, I just added AristotleNT.exe there and we’ll see what happens. I originally didn’t put it in that program because Behavior Shield is brand-new and I wanted to see how it worked, and also the exclusion list says “add path” so I thought maybe it only wanted folder structure, not specific program. But, anyway, I put it there and will let you know what happens.

Eddy · 2017-03-03T01:17:55.000Z

Yes the behavior shield is brand new, but it should allow fully legitimate applications to run without a problem and not cause problems.

If you have to add them as exclusion for it to work, it is a workaround and not a good solution.
That is like getting a flat tire each time you drive your car over the same road while you know there are spikes laying there.
You can get a new tire each time, but that is not a solution.
The solution is to remove the spikes.

In this case, avast need to fix it.

Manley · 2017-03-03T12:38:55.000Z

I did submit the program called AristotleNT.exe to Avast for false positive analysis (recommended by tech support), so maybe they will whitelist sooner than later.

Manley · 2017-03-18T11:59:28.000Z

Just to follow up on this for people, I had Avast team whitelist two different programs, and they said it would take about a day to go into effect. So far, not good. Both programs are still getting false positives on computers many days and weeks after they were “whitelisted.” This version 17.2 has some serious problems with IDP.Generic false positives. There are other people in their forums with similar posts. I hope Avast is noticing this and fixing it.

Manley post:13:

I did submit the program called AristotleNT.exe to Avast for false positive analysis (recommended by tech support), so maybe they will whitelist sooner than later.

system · 2017-06-29T12:46:01.000Z

Hello,

I too have a similar issue. I am running avast business v17.4.2520 (build 17.4.3482.0). I need some computers that have constant dealings with the internet to also connect to a local ip server, fitted with a work related database that you operate on through internet explorer. So i prefer to have avast shields up. But for some reason web shield is restricting download of certain forms from the local server. Working on the platform is just fine otherwise.
I have tried to find if it’s a specific option in web shield component but none seems to work regardless if it’s on or off. Only “fix” is to entirely disable web shield.
I have tried to add exclusion for this local ip on general and on web shield component. And also tried different versions of the ip string in the exclusion box: “/*” “/” “just ip” . Gave same results no matter what. I also checked avast report in which it was clear that the exclusion is indeed seen by the program. But i still fail to understand why does it still blocks download…
Any ideas?

system · 2017-08-14T19:35:31.000Z

((I’m using Avast free version v17.5.2303 with virus definitions 170814-4 on Windows 7 64-bit HP))

I’m trying to update a utility called DesktopOK (http://www.softwareok.com/?seite=Freeware/DesktopOK) but it has been moved to the virus chest by Avast citing it as having IDP.Generic infection.
Now unfortunately using “Restore and add to Exclusions” does not work at all. Not even Deleting it from the chest works. And adding it to file exclusion in the Settings department will do nothing either.

Another problem is with some homemade totally harmless batch files - situated in a few subfolders to my main DIY coded program - that Avast after every program update again and again suspect as menacing. And this in spite of having added them to the File exclusions list some months ago.

I don’t know but maybe, maybe it’s time to switch to Microsoft’s own Defender solution…

Manley · 2017-08-15T17:13:50.000Z

Yeah, you can try to get help by submitting a file here, but if you change the file name or the file version changes or any number of other things, you have to submit again: https://www.avast.com/false-positive-file-form.php

There is obviously something wrong with the Avast client as a whole or Behavior Shield or something.

Announcements