I’ve just had a series of small downloads blocked by AVAST because they were “suspicious”. I’m pretty sure they OK and that the culprits are two Linux tools designed for use with a games’ console. These are tools I’ve downloaded in the past without AVAST having an issue with them. In this case they also happen to be in a larger tool set I wanted to download.
The problem is that despite me changing the settings on Web Shield to ‘Ask’ Avast must be messing up the downloads by temporary blocking them. Part of the zipped file gets through but is shown as corrupted when you try to extract the contents.
So what is the point of ‘Ask’ if Avast interrupts the download and in doing so corrupts it anyway?
The solution, I assume, is temporarily to add the web addresses of the downloads to the exclusions list and hope there’s nothing else nasty attached.
right click avast tray icon and pause shields …
download file…upload and test it at www.virustotal.com if tested before, click rescan for a fresh result
you find extra file info under the “file detail” and “additional info” tabs … who made the file, digitally signed, first upload …
Thanks for the reply and information. Very helpful.
There is still the question though about the point of selecting the ‘Ask’ option.
What Avast did is allow the download to proceed, let most of it through then blocked the part it didn’t like thus corrupting the whole thing. Not exactly helpful or logical, as it makes the ‘Ask’ option, in the case of a download, pointless as far as I can see.
Ask in the Web Shield isn’t very good (unlike the other shields), as from ask it only has Abort Connection. Essentially there is nothing that avast can do to clean an infection in a download and the safe choice is to abort the connection, which is the default if you hadn’t set the Web Shield to Ask.
This is a little like the fact avast won’t let you allow an infected file to run if detected by the file system shield - it is a deliberate act to exclude the file if you ‘know’ it isn’t infected. That way you are assuming the risk in making that call.
So you could make an exclusion in the web shield, but again you are accepting the risk that may come with that decision.
Remember in the web shield settings you have it set to ‘Use intelligent stream scanning,’ a default action. This means scan the file as it is being downloaded not to wait until the download has completed. This is what you are seeing in action.
Would it be safe to untick “intelligent stream scanning”? Pros/cons?
Being a bit paranoid I, almost religiously :), manually double scan anything downloaded to my computer with both Avast and MalwareBytes often rescanning them after extraction too if they’re compressed (.zip/.rar).
Personally I wouldn’t uncheck the option - earlier detection I feel is better.
The web shield unpacks and scans archive files (exception being those with valid digital signatures), I don’t really feel the need for double scanning.
On-demand scans by default don’t unpack and scan archives (some exceptions, self extracting archives) as archives are by their nature inert, until they are unpacked and the files run they don’t present a risk. Before that happens the file shield would scan newly created files (the unpacked files) and it would also scan executables before they are allowed to run.