Exclusion function not working.

I have Snadboy’s Revelation on my hd. I find it to be a very USEFUL program with all the passwords I use. Avast! keeps flagging it as potentially dangerous. I added the utility’s EXE to the Exclusions list and Avast! continued to flag it when booting. I removed the EXE from the list and added the folder in which the utility resides and Avast! continued to flag it when booting. I added the folder, the EXE and the DLL to the list and Avast! continues to flag it when booting. It’s finally reached the annoying stage.

I have other files in the Exclusion list that Avast! no longer flags but this one doesn’t seem to take. It did originally, but something has changed and it doesn’t work any more. Revelation hasn’t changed, moved or been updated in years. It hasn’t even been used in a while.

Avast! Home edition, 4.7.942. Windows XP Home. Everything current.
Exclusion list’s entry for the utility: E:\MY UTILS\SnadBoy’s Revelation v2*;E:\MY UTILS\SnadBoy’s Revelation v2\Revelation.exe;E:\MY UTILS\SnadBoy’s Revelation v2\RevelationHelper.dll

hmmmm could the " ’ " be confusing Avast!? Do I need to manually edit the INI? (the Exclusion option doesn’t have an Edit button)

First, note that there are two exclusions list in avast! - one for the on-demand scanners (Simple UI, Explorer Extension, …), and another one for the Standard Shield resident provider.

Now, what exactly do you mean by “avast! flags it when booting”? Do you mean when you start the application (maybe you have it started automatically when Windows start?), or do you rather refer to avast! boot-time scanner?

What exactly does avast! show in the virus message (the full detected path)?

When I boot I see this:


http://img157.imageshack.us/img157/1160/avast1aqg0.png

and this:


http://img175.imageshack.us/img175/9148/avast1hz9.png

whereupon I click the No action button.

When I RIGHT click on the Taskbar’s Avast! icon I get this options menu:


http://img175.imageshack.us/img175/8595/avast2of3.png

And when I click on the Program Settings… option I get this:


http://img238.imageshack.us/img238/9140/avast3tv5.png

When I click on the Exclusions option I see this:


http://img238.imageshack.us/img238/4666/avast4yd4.png

As you can see the Revelations folder is there. The two partial entries seen below it are for the EXE and DLL files within the folder. There is no Edit button to prove the last two settings so you will have to take my word for them.

The Exclusions for the other files work fine. The top two have been sent in as false positives but will most likely never be removed from the list. They work now and will work if the patterns are updated so no need/desire to revisit them.

Does this help you see my problem? :slight_smile:

The small print says that the list you are updating affects all parts of avast except for resident protection. The list you are showing us is the one for the “on demand” scanner.

The exclusion list for resident protection “on access” scanner (the Standard Shield) is in the “Advanced” tab of the Standard Shield. The message you showed us says it is from the “On Access” scanner.

Wow alanrf!!! That resolved it. THANK YOU!!

I doubt I ever would have found that solution. On Access, On Demand sound VERY similar then throw in the term “resident protection” and I was lost.

I read your response at least 6 times before it began to sink in then I had to hunt for the Standard Shield.

Now my question turns to what/why/how is that utility getting accessed when I boot. It’s not showing up in MSCONFIG. hmmmmmm

Anyways, thanks again for your help.

Well, I can imagine that MSAV.exe uses some uncrypted virus signatures (i.e. it might not be a “real” false positive). What is that Netscape Communicator file, however?

MSCONFIG doesn’t show everything… I suggest to try HijackThis or Autoruns.

Very preceptive igor. :slight_smile: The Netscape file is:
F:\Online Services\Netscape\Communicator\Program\browser-handle-shellexecute

I agree MSCONFIG is limited and I am familiar with HiJackThis.

ZA is blocking the Revelation’s 'net access but eliminating the start might decrease the boot time by a second.

What does avast! detect in that file?

Since you asked… Avast! found these hits:

Ed	972	Sign of "Win32:Dialer-647 [Trj]" has been found in "F:\Online Services\Netscape\Communicator\Program\browser-handle-shellexecute\[UPX]" file.  
Ed	972	Sign of "Phoenix-800" has been found in "O:\WFWG (j)\System\DOS622\MSAV.EXE\[Exec]" file.

BTW I found NOTHING relating to Revelation starting at boot time. I used MSCONFIG, HiJackThis and the MS Autoruns. Does Avast! autoscan for files when booting under Windows?

What exactly do you mean, “autoscan for files”?
The resident protection scans files that are being started…

By “autoscan for files” I was asking if Avast! scanned for a specific list of file names when it started but your answer indicates it doesn’t which in turn brings me back to what the heck is starting this pgm when I boot.

Do you have anything that displays the icon of the program on the desktop? If so, then it may be that the program is being accessed to retrieve the icon for display.

Good thought, but unfortunately no. :frowning: It is in the Start menu but in an All Programs subfolder, not directly displayed.