DavidR
38
Ignore is an option in the anti-rootkit scan that runs 8 minutes after boot.
Outside of that scan it is a normal on-access scan (not a specific anti-rootkit scan) alerting on a signature associated with a rootkit, in these cases the normal file system shield settings apply.
In all honesty exclusion isn’t the way to go if you consider something a false positive:
- confirm by using a multi-engine scanner, such as virustotal.com and report your findings.
- if avast is the only AV detecting this then, submit as a false positive for analysis and correction
- once the signature is corrected (if confirmed an FP) there is no need for exclusion. That not only helps you but all other avast users if they have the same file.