File Exceptions not working

Avast One
1

I had the same following problem with avast so I upgraded to avast one and same issue.
When I try to open word or excel or a word or excel file it says we’ve secured winword.exe because it was infected with win32:malwarex-gen(trj).
This began about 2 avast updates ago on all my computers. I get it back from quarantine and add exceptions all over in ransomware and the virus scan areas but when I click on word or excel I get the same error even though it’s still in the exceptions. I have to go get it back from quarantine.
The only way to open word or excel is to deactivate avast.

2

Test the file at VT (https://www.virustotal.com) and post the link to the result here.

3

Security Vendors’ Analysis
ClamAV

Win.Virus.Sality-6824368-0
Kingsoft

Win32.Malware.Heur_Generic.B.(kcloud)
SecureAge APEX

Malicious
Acronis (Static ML)

Undetected
Ad-Aware

Undetected
AhnLab-V3

Undetected
Alibaba

Undetected
ALYac

Undetected
Antiy-AVL

Undetected
Arcabit

Undetected
Avast

Undetected
Avira (no cloud)

Undetected
Baidu

Undetected
BitDefender

Undetected
BitDefenderTheta

Undetected
Bkav Pro

Undetected
CMC

Undetected
Comodo

Undetected
CrowdStrike Falcon

Undetected
Cybereason

Undetected
Cylance

Undetected
Cynet

Undetected
Cyren

Undetected
DrWeb

Undetected
Elastic

Undetected
Emsisoft

Undetected
eScan

Undetected
ESET-NOD32

Undetected
F-Secure

Undetected
Fortinet

Undetected
GData

Undetected
Gridinsoft

Undetected
Ikarus

Undetected
Jiangmin

Undetected
K7AntiVirus

Undetected
K7GW

Undetected
Kaspersky

Undetected
Lionic

Undetected
Malwarebytes

Undetected
MAX

Undetected
MaxSecure

Undetected
McAfee

Undetected
McAfee-GW-Edition

Undetected
Microsoft

Undetected
NANO-Antivirus

Undetected
Palo Alto Networks

Undetected
QuickHeal

Undetected
Rising

Undetected
Sangfor Engine Zero

Undetected
SentinelOne (Static ML)

Undetected
Sophos

Undetected
SUPERAntiSpyware

Undetected
Symantec

Undetected
TACHYON

Undetected
TEHTRIS

Undetected
Tencent

Undetected
Trapmine

Undetected
Trellix (FireEye)

Undetected
TrendMicro

Undetected
TrendMicro-HouseCall

Undetected
VBA32

Undetected
VirIT

Undetected
ViRobot

Undetected
Webroot

Undetected
Yandex

Undetected
Zillya

Undetected
ZoneAlarm by Check Point

Undetected
Zoner

Undetected
Avast-Mobile

Unable to process file type
BitDefenderFalx

Unable to process file type
Symantec Mobile Insight

Unable to process file type
Trustlook

Unable to process file type

4

It would have been much easier just to post the VT link to the analysis.

5

sorry, didn’t know if it would give you a blank page if I did that not the results.
Here it is…
https://www.virustotal.com/gui/file/e7dc21f75eb5c709d315b3bc24c2453c259369d6e31508b4d6689bc5e12557b0

6

No problem, it’s just that the link gives more information, that link was from 20 days ago, so unless you refresh it it just shows the last scan.

I refreshed the scan - https://www.virustotal.com/gui/file/e7dc21f75eb5c709d315b3bc24c2453c259369d6e31508b4d6689bc5e12557b0?nocache=1
It still has the same three detecting it and strangely Avast isn’t one of them.

I think part of this is down to this is a very old Microsoft file that isn’t digitally signed. Most old files like this (in that time frame) weren’t digitally signed.

If it is in quarantine open the now send it to Avast for Analysis (images 1&2 below, click to expand) - In the remarks give a brief description of the problem - probably more important give a link back to this topic.

Your Ransomware exclusion wouldn’t stop this alert, I don’t think the exclusions for the ‘virus scan areas’ would work either as neither of these are responsible for the alert. The area it would need to be in would most probably be the Avast > Settings > General > Exceptions (image 3 below).