I’d like to keep Deepscreen active for the extra protection it affords, but it is constantly finding a problem with a file/program, even though I have placed the program, the directory the program is in, as well as the main directory for that genre (i.e. Ham Radio/SpotSpy/SpotSpy.exe). Deepscreen eventually allows the program to run and has never quarantined it, but it is becoming an annoyance to have to wait almost every time I start the app.
Any ideas?
Thanks!
Doc
You can try this - enable the Hardened Mode and set it to Aggressive.
This might seem strange to set it to Aggressive, but it is less noisy. It checks the files hash # against the avast cloud database. When there is a detection/Notification on the Hardened Mode, Aggressive, the alert window should allow you add it to the Exclusions…
In doing this it may be bypassing the DeepScreen as the file could well be on the database.
Thanks, David! I’ve set it as suggested and will see how it responds over a little time.
I noticed I had made a typo in my original post. Meant to say that I had placed the app & directories in the excluded bin, but didn’t complete my thought completely!
Thanks
Doc
You’re welcome.
Interesting. I set hardened mode, and, to a degree, it worked.
I launch a suite of programs via a batch file, and the first time I launched in hardened mode, Avast caught every single program started EXCEPT the one that kept alerting! As each app was caught in hardened mode, I created the exception for each, and have since launched 6 or 8 times with no alerts on any program in the group, so, while it worked, I have no idea how! I will, however, accept the results!!!
Thanks Again!
Doc
As I said the aggressive mode checks against the avast cloud to see if the # hash is listed, in some cases it may be.
Another factor, if you allow the avast community function, I assume that when you set an exclusion, that data would also be sent to avast. This can be checked out and benefit other users not just you.
But having now set the Hardened Mode to Aggressive, essentially it is superseding the DeepScreen, so you are unlikely to get it interacting with that program/s.
Just checked to be sure and I do have the community option active. Maybe help some other poor schmuck from the same hassle!!
Thanks again!
Doc
So it appears that Deep Screen and Hardened-aggressive mode are alternatives, is that correct?
Which one should one use in general?
Which one should one use for a brand new .exe file that Avast will never see because it changes often, so is pointless to submit.
Also which exclusions list should be used. It’s really hard to figure it all out in v9. Expecially exclusions which don’t seem to work too well.
That would appear to be the case, although it isn’t clearly defined, at least I haven’t found it.
If you read the wording in the Hardened Mode (which is off by default) ‘This is recommended for inexperienced users.’ For me, the inexperienced user may not be able to comprehend the DeepScreens actions, etc. So it would make sense for that to override the DeepScreen function.
Although enabling the Hardened Mode doesn’t disable the DeepScreen (the option is still checked); I have Hardened Mode set to Aggressive, the Deep Screen doesn’t seem to have been active.
Thanks much.
Do you have reputation enabled as well? I suppose you do since Hardened needs it.
If Hardened mode is off, is reputation needed?
Do exclusions really work for you?
The Reputation function is enabled by default and that is the way I have left it. So I feel it is over and above the Hardened Mode.
The File Reputation function would be used for more than just Hardened Mode as scanning would use it when Hardened Mode isn’t enabled.
My exclusions work just fine, but I haven’t got a huge number of exclusions. Mine are mainly in the File Paths and DeepScreen sections, none in the Hardened mode section.
Thanks again.
I didn’t think reputation is needed for plain old scans. Why then are there sig updates?
I’ll get all the nuances eventually, I hope, but it is not easy.
Reputation and Signature updates aren’t related, signature updates are for known/defined virus/malware signatures.
Something with a poor file reputation, e.g. not digitally signed, not in common use, etc. etc. could well have a low file reputation score, yet not be malicious, more suspicious.
Got it. Thank you again, DavidR. Valuable information, as usual.
There is once scenario where this whole mad scheme is a problem for me, but I have to play with it more to be sure.
No problem glad I could help.