I installed Avast Free Antivirus 2014.9.0.2018 on new Win8.1(.1) laptop and EICAR test files are NOT detected by the file system shield!?!?
I only installed the file system shield, everything else disabled. Rebooted after install (was not offered nor instructed but did it anyways). Definitions are up to date. Windows Action Center says that Avast is protecting for viruses & spyware. No warnings of any kind anywhere.
file system shield is on and it’s settings:
scan when executing is on
scan when writing is on
When I go to http://www.eicar.org/85-0-Download.html with Firefox and download all the 4 files from “standard protocol http” area, everything gets downloaded fine, Avast is quiet!! Should be detecting at least some of the files already (writing scan on)!!
Then when I browse to the files, I CAN OPEN THEM ALL WITHOUT AVAST DOING ANYTHING!!!
If I do Avast explorer scan on the files, Avast detects all.
SO, what the bleep is happening?!?! I don’t know if I can trust Avast anymore. Unbelievable. Is this the reason why Avast detection rates have been falling awfully in recent AV-tests?!
If you have a 64bit OS (which I assume but don’t know), then there’s no “execute” of the eicar test file (because it’s a “COM”, old 16bit code and 64bit OSes doesn’t have the 16bit subsystem) - so eicar cannot be detected on execution on 64bit OSes. (So Eicar is not very useful as a test file these days.)
However, if you are able e.g. to copy an eicar.com file from one folder into another without any detection, then there’s something wrong here (just to be sure, I’d disable the “Optimize scanning during file copy option” in File System Shield Settings / Advanced).
64-bit yes, that would explain the execute-protection, but why isn’t the write-protection of the file system shield acting on this? That is what my old laptop WinXP & Avast 8.0.1497 does!!
If I extract the eicar.zip file, avast acts on the extracted eicar.com file immediately and shows a popup window to choose action (I have set the options to do that, I don’t want any automatic actions). So in this case the write-protection of the file system shield does work.
Yes, I can perfectly copy the eicar.com file anywhere I like, Avast does nothing.
If I turn off the “Optimize scanning during file copy option”, Avast stops file copy process. Seems to me that there’s a loophole in the protection with this setting set to “on”. Worrying.
BUT, that option still “off”, downloading the eicar.com file yields NO action from Avast. I find this a bit odd. There, in my download folder is a (fake)virus and Avast did nothing.
All four EICAR files were detected by WebShield here, something you specifically say you’ve not got installed. All detections are in http: and using FF 30.0 version.
See attached below:
Fail to understand why only File System Shield is installed, is there a specific reason for that? As that is one area these two systems differ.
All EICAR files downloaded under SSL secure protocol (https:) will not be detected as avast! does not scan https: connections. Without WebShield installed, it cannot scan and block http: connections, for malware, as it is being downloaded. Having WebShield installed is added protection on top of what File System Shield offers.
So, the expectation that FSS will do the same thing as WS is maybe not realistic? FSS has to do with the actual files when opened and blocks malicious code inside or manual scan, WS monitors and blocks http: connections for suspicious or detected files as they are downloaded. WS is more of a real-time scanner than FSS is, at least in this scenario. It also detects and blocks infected web domains, some of which many other a/v’s do not detect.
Because that’s all I need. I don’t need superfluous, marketing gimmicks (though in this case since it’s free, it’s not that obvious). File System Shield is the only one needed to keep you clean.
I’m sorry but this is totally wrong. FSS has a thing called “scan when writing”, which states: “the following settings determine files that should be scanned at the moment they are created or modified”… maybe you should check out the settings more closely and learn what everything does.
See the attached image, it’s from WinXP running Avast 8.0.1497 and trying to download the eicar.com file with Firefox, notice the texts what it says: “file system shield … threat was detected and blocked when the file was created or modified”… this is what should happen with Avast 2014.9.0.2018 on Win8.1(.1) with Firefox, but the file system shield is totally silent (with IE it works). And to make things worse, the default “on” option of “Optimize scanning during file copy option” allowed the (fake)virus to be copied everywhere in the system without Avast making a single peep.
There’s something wrong with the new Avast. Creating a new malware file to the system through Firefox yields NO warning whatsoever, and subsequently Avast allows copying (=making new files) of that file everywhere in the system IF “Optimize scanning during file copy option” setting is on. With IE, Avast blocks the malware download (=creating a new file). Something is not right with Avast.
P.S. You might want to google about the WOT you’re using and advertizing. It’s not working properly, the system can be manipulated and can’t be trusted, it gives a false sense of security. Just as a side note & a tip, let’s not get into conversation about it in this topic.
Because that's all I need. I don't need superfluous, marketing gimmicks (though in this case since it's free, it's not that obvious). File System Shield is the only one needed to keep you clean.
Then i guess ClamWin/ClamSentinel is the AV for you ...
Oh god, Avast nerds have been insulted. : Please, that statement is so wrong on many levels… please, try to put your emotions aside and think straight. Or are you trying to say that ClamWin + ClamSentinel has the same or better level of malware detection than Avast? In that case, I might try it. You know, it could have… Avast has been scoring very badly on AV-tests lately.
No WebShield, no detections or blocks. It’s like you’re bringing only one big gun to the party when you could have two, (or more) and you’re surrounded by vicious malware monsters who will kill you if you don’t kill them first. You won’t be able to see them if you’re not proactively armed with the appropriate weapon.
No, we’re not avast nerds and no, not insulted. Sooner or later, a web-based threat is going to get you w/o webshield in place. For example, downloading an EICAR test file(s) is web-based, just so you know.
Correct, it is your system.
Again, why only FSS in place? ???
[EDIT:] Warning: Don’t click any hXXp://killmalware.com/ links posted by Pondus as they have live Trojan links that will only be blocked by avast! only if WebShield is installed. You click those links, you will be infected. Just so you know.
You obviously didn’t read my posts here. Here’s one with crucial info that will blow your erroneous whining away. Read closely the part where I tell how previous 8 version of Avast handles things in WinXP. And in Win8.1.1, newest Avast, FSS STOPS eicar.com when downloaded with IE, like it should, and all without your little darling webshield… with Firefox (and god knows with how many other programs), Avast tumbles & falls badly. Read & learn… and stop spamming your false info here, thanks.
What you’re doing is comparing two different versions:
[ol]- Avast 8.0.1497
Avast 2014.9.0.2018[/ol]
and expecting them to perform in the same way.
They don’t.
8.0 has most of the same features but some of those features were moved over to WebShield in the latest version. Better to block than allow the malware to download and install, eh?
As they say, one can lead a horse to water, but one cannot make it drink.
Like Pondus, I run 5 a/v’s at once. Just so you know.
Your solution: Run only 8.0 version if that is what makes you happy.
