Exlusions on CyberCapture for entire folder?

Asyn · 2017-04-02T20:56:57.000Z

Which Avast…? (Free/Pro/IS/Premier)
Which version…?
OS…? (32/64 Bit…? - which SP/Build…?)
Other security related software installed…?

system · 2017-04-03T16:45:52.000Z

Avast Free Antivirus
Version: 17.2.2288 (build 17.2.3419.64)
OS: Windows 7 Enterprise, 64 bit, SP 1 (strange, I have updates on)
Other security (non-standard): EMET 5.52.6156.38091

Asyn · 2017-04-04T03:28:43.000Z

Update to the latest version (17.3.2291): https://forum.avast.com/index.php?topic=199715.0

Lisandro · 2017-04-04T11:11:25.000Z

Aren’t we talking about Behavior Shield instead of CyberCapture?
CC only manages PE executables downloaded from web.

DavidR · 2017-04-04T12:57:21.000Z

Lisandro post:9:

Aren’t we talking about Behavior Shield instead of CyberCapture?
CC only manages PE executables downloaded from web.

I had been thinking this, it could be the Behaviour Shield as the CyberCapture function as far as I can remember is to stop a file from running put a block on it, send the sample to avast for deeper analysis.

Whereas the Behaviour Shield can send it to the virus chest in 2 of 3 options.

system · 2017-04-04T20:16:48.000Z

It was a blue border around my console program having the title “CyberCapture”. See screenshot. I made this after updating to 17.3.2291

DavidR · 2017-04-04T21:27:39.000Z

That is certainly somewhat strange, as Lisandro mentioned, we thought that the CyberCapture function only dealt with executables downloaded from the internet. Whilst we understood that this restriction to only that would be expanded at some point, but I hadn’t seen anything to say that its scope had changed.

This is certainly the first that I have seen outside of executables downloaded from the internet.

This needs feedback from avast developers.

Lisandro · 2017-04-05T00:47:28.000Z

DavidR post:12:

That is certainly somewhat strange, as Lisandro mentioned, we thought that the CyberCapture function only dealt with executables downloaded from the internet. Whilst we understood that this restriction to only that would be expanded at some point, but I hadn’t seen anything to say that its scope had changed.

This is certainly the first that I have seen outside of executables downloaded from the internet.

This needs feedback from avast developers.

I make mine these David words. Anyway, have you uploaded the executables and then downloaded them to use?

DavidR · 2017-04-05T07:34:46.000Z

I have reported the topic to see if we can get some clarity.

Asyn · 2017-04-05T07:40:03.000Z

Reply from the devs: He needs to make sure that he has * at the end of the path to ensure the exclusion works such that if I want to exclude all files in D:\test I need to add exclusion as D:\test*

DavidR · 2017-04-05T07:45:34.000Z

Asyn post:15:

Reply from the devs: He needs to make sure that he has * at the end of the path to ensure the exclusion works such that if I want to exclude all files in D:\test I need to add exclusion as D:\test*

So this I take it is also confirmation that the CyberCapture function doesn’t only dealt with executables downloaded from the internet and has been expanded ?

If so it would be nice to know its scope now, what files and areas are covered ?

Asyn · 2017-04-05T08:06:46.000Z

DR: First of all it is not CyberCapture, but DeepScreen (sandbox)

DavidR · 2017-04-05T09:17:38.000Z

Asyn post:17:

DR: First of all it is not CyberCapture, but DeepScreen (sandbox)

Pretty damn confusing then having the “CyberCapture” Blue tab at the top of the window.

Lisandro · 2017-04-05T11:03:50.000Z

I’ve got the following official clarification:

Deepscreen (sandbox) is now also called CyberCapture (it's displayed in the blue border around scanned app's windows). It's because both DeepScreen and CyberCapture are enabled/disabled by the same checkbox in the UI. So the user's issue is that the files are getting into Deepscreen rather than CyberCapture.

DavidR · 2017-04-05T13:17:53.000Z

Thanks for that.

Should we also be changing the DeepScreen reference in the avastUI > Settings > Exclusions and calling it CyberCapture to avoid confusion.

Also we still don’t have clarification on the expansion of CyberCapture scans as it would appear it doesn’t only dealt with executables downloaded from the internet and has been expanded.

It would be nice to know its scope now, what files and areas are covered ?

Lisandro · 2017-04-05T16:58:17.000Z

DavidR post:20:

Thanks for that.

Should we also be changing the DeepScreen reference in the avastUI > Settings > Exclusions and calling it CyberCapture to avoid confusion.

Also we still don’t have clarification on the expansion of CyberCapture scans as it would appear it doesn’t only dealt with executables downloaded from the internet and has been expanded.

It would be nice to know its scope now, what files and areas are covered ?

Only downloaded PE (portable executables).

DavidR · 2017-04-05T17:16:53.000Z

Lisandro post:21:

DavidR post:20:

Thanks for that.

Should we also be changing the DeepScreen reference in the avastUI > Settings > Exclusions and calling it CyberCapture to avoid confusion.

Also we still don’t have clarification on the expansion of CyberCapture scans as it would appear it doesn’t only dealt with executables downloaded from the internet and has been expanded.

It would be nice to know its scope now, what files and areas are covered ?

Only downloaded PE (portable executables).

Then someone has to answer how/why it was scanning a ‘local’ visual studio file as in the OP’s image in Reply #10.

Whilst Asyn is suggesting that this is DeepScreen (in sandbox) at work at the very lease it is confusing users. Even more so when there is no mention of DeepScreen in the General or Components section of avast settings.

Asyn · 2017-04-06T03:34:27.000Z

DavidR post:20:

Should we also be changing the DeepScreen reference in the avastUI > Settings > Exclusions and calling it CyberCapture to avoid confusion.

Hi Dave, it has been changed already.

PS: DR is short for dev-reply.

DavidR · 2017-04-06T08:01:37.000Z

Asyn post:23:

DavidR post:20:

Should we also be changing the DeepScreen reference in the avastUI > Settings > Exclusions and calling it CyberCapture to avoid confusion.

Hi Dave, it has been changed already.

PS: DR is short for dev-reply.

Good - thanks, it certainly needed action.
I gathered that, but as we haven’t seen anyone posting the new change, it was just hanging in limbo.

Asyn · 2017-04-06T08:11:12.000Z

DavidR post:24:

Good - thanks, it certainly needed action.

You’re welcome.

Announcements