Exclusions not working

I use EPS with SOA console. The other day, I had a false positive on a file which is an integral part of a mission critical program. I went to every single computer in the building, restored the file from the virus chest, created an exclusion on my system scan job, and thought the problem would be resolved. However, the next day the same file was once again detected. Furthermore, I had a few more detections under a folder which I long ago excluded. Do exclusions work at all? Here are the exlusions as I have them set:

c:\windows\winsxs*
%allusersprofile%\bluezone\adpinit.exe

Do environmental variables and wildcards work in avast? Also, is there any way to push a mass restore command to all clients from SOA? I’m not looking forward to having to go to every computer in the building each day until the false positive report I submitted gets resolved…

edit Forgot to mention that I also added %allusersprofile%\bluezone\adpinit.exe as an file shield exclusion after the initial false positive two days ago.

Hi,
where you’ve put the exclusion? Only under the system scan job?
You must put the exclusion also under the group->shield settings->file system shield->exclusion
I’ll suggest you also to use these type of exclusion
*\bluezone\adpinit.exe
and
*\windows\winsxs*

%allusersprofile%\bluezone\adpinit.exe couldn’t work properly

Hello,
you can send the detected files to virus@avast.com and put “False positive” to email subject.

Milos

Thanks for the help. I’m still not certain why c:\windows\winsxs* hasn’t been working. I understand why it may be better (generally speaking) to use the wildcard instead of the drive letter, but every computer I manage uses C as the system drive, so there’s no reason this should not be working. I also have these exclusions set under the file system shield, but it’s the scheduled scans which are detecting them nonetheless. I have now added *\windows\winsxs* to the global exclusions as well. Hopefully that will help.

So, environmental variables don’t work?

The mask is matched “as is” - i.e. if the false detection was shown as “%allusersprofile%\bluezone\adpinit.exe”, then it would work. If it’s shown as “C:\ProgramData\bluezone\adpinit.exe”, then it wouldn’t.
c:\windows\winsxs* should work though (if it’s detected this way).

Really disappointed in this. I have tried every combination I can think of on the winsxs folder, with no success. I have tried the full path, *\windows\winsxs*, *\winsxs*, winsxs, everything I can think of, and yet I still get almost daily detections in this folder. I have applied these settings to scheduled scans, file shield, and global exclusions, and none of these work. I have checked with the client computers, and these exclusions are being propagated; they simply don’t work.

Is there anyone out there who has actually gotten an exclusion to work using SOA? As far as I can tell, exclusions are completely broken.

Good Morning All,

I don’t want to start a new topic since this was almost the 1st Google result I got on this subject “avast exclusion not working”.

Program Version: 2015.10.2.2218

Here is my fix - this worked after messing with the application so long. It’s buried.

Right Click on Avast in Taskbar and select “Open Avast User Interface”

On the bottom left you should have a menu item called “Settings” - Click on that

A new window will pop up - On the top left you should have a “Active Protection” option - Click on that

Now click on “File System Shield” > “Customize”

Now on the left hand side, click on “Exclusions” and finally “Add”

BINGO - Works for me!!! 8)