Ive upgraded to the latest avast free 17.3.2291 and Im having a problem with exclusions that ive never had before.
Ive added an exclusion to c:* and said that exclusion applies only to read and execute. Exclusion does not apply to write. Please see the attached screenshot.
Then i disabled web shield and proceed to download eicar from eicar.org.
Firefox was successfully able to save eicar to disk. This should not happen! How can eicar be allowed to be saved to disk when write exclusion was not allowed?
Then to test the other exclusions i allowed read and write exclusions. This allowed saving eicar to disk and editing eicar in notepad. It did not allow executing eicar from windows explorer by double clicking.
Then I enabled all exclusions. As expected I was able to write eicar to disk, read it and even execute it from windows explorer.
So it appears that the NOT enabling the write exclusion is not working properly. It allows eicar to be saved to disk even when write exclusion is not enabled.
Please advise if I have not understood the exclusions correctly, or is it a bug?
You have disabled web shield, so eicar file will be written on disc. File system shield scan for writting only some file types by default. You can temporaliry enable test all files in file system shileld writting options, but dont forget disable it. You lose perfomance if you keep enabled it.
Yes, it is enabled. I always enable scan all files, pups and whole files and high sensitivity, when I exclude read and execute from scanning. It gives me a better performance-risk tradeoff.
Still the on-write scanning doesnt detect eicar (and possibly other viruses). You can check it yourself.
Attaching screenshot where scan all files is enabled.
File system shield from version 17.1 has hidden some exceptions which was visible in previous versions. It is .txt, .log, pagefile and etc. This is maybe reason why it not detect. (Try save .inf, it is never been excluded in any version). Also having enabled scanning all files is bad idea, because your system will be slowed down for no reason. Also high heuristic leads only to false positives, because known malware will be detected even heuristic disabled. Default settings is most balanced and recommended.
Ive been using avast for more than 15 years and enabling read and execute exclusions and scan all files and heuristics max have worked very well for me all these years. I cant afford tons of RAM and an SSD, so these settings are the best for the slightly older machines that i have. Anwyay I dont want to get into discussing opinions and experiences.
My problem is that avast allows eicar.com to be written to disk when write exclusion is NOT enabled.
It would be helpful if you could check and confirm the behaviour at your end.