Igor (& everyone else), I found out what happens.
I put “File System Shield Settings → Scan when writing → Scan all files” ON.
Download eicar.com with Firefox. And then an Avast warning comes up (attached image). Check out the extension of that downloaded “object”!!
Firefox downloads ALL files with added “.part” suffix until the whole download is ready. Then Firefox renames the file back & moves it to the users download folder.
So, the problem is: why Avast FSS ignores the renaming of the object from .part to an executable file, AND moving of that object from the download cache/temp folder to the actual “download” folder? (when FSS is set to “scan files with default extensions” in the “Scan when writing” FSS settings (this is the DEFAULT setting))
And the second problem (very likely related to the 1st problem) is: after a file gets into the system through that 1st loophole, the DEFAULT ON setting of “Optimize scanning during file copy option” in FSS advanced settings allows the file to be copied further ANYWHERE in the system.
Is the “.part” file put to a transient or persistent cache? Or something similar happens?
I just put OFF transient & persistent caching in FSS. I’ll have to wait for a definition DB update to check if those have any relation to these problems. I’ll be back tomorrow.