1- Boot scan, searchs for the same malwares that a normal scan does? Boot scan scan all files at all drives? Or just specific files in drive C?
2- Is a normal behavior you be able to block downloads based on extansion with Firefox using webshield and not be able to do the same using IE? Or I am having a problem? I can block sites in IE not downloads…
3- If I download a malware in firefox, in the middle of the download the webshield will be warning me and disconnect from the download.
Its ok, but After it doe it, it leaves a “.part” file on the place where the download should put the file. This file is still detected as malware (it can be removed by standard shield without problem), wich makes me believe that the download was made succefully (or ate least part of it) and not blocked by webshield… Also, the true extension is not renamed… It remains “.part” wich helps the user to not get infected by mistake…
WebShield does not block any download. It scans it. I think the behavior is them same for IE and firefox.
Check the Internet settings of IE.
Your download manager (or even the internal Firefox extension) is doing that, i.e., saving the part file. In fact the file is ‘empty’, just reserving space for the final download. Are you sure the part file is being detected… if so, the download was clean until the specific string of the infection is detected by WebShield.
For example, in FF if I set webshield “*.scr” for the URL blocker, any try to download a “.scr” file will fail, appearing a message of avast as being a webpage…
The same setting in IE will not block the download the .scr file… However, if its not a download, webshield will block the url succefully… FireFox + Webshield URL blocker have the exactly behavior that I were looking for… To be able to block downloads… Better then this, only if IE would be capable to do the same…
About the webshield thing and the “.part” file:
The file is not empty, in my test it had 30Kb less that it should be (according to the download info)… And if you scan the “.part” file, it will find the same malware on it, and will be able to delete/quarantine the file… Of course, I am not thinking this time to run the malware file just to find out if got corrupeted by the webshield… heheh The last time I did it… I got infected… Even Avast having the definition for it… At least this time, I got webshield and standard shields warning…
Ps–> When Avast sucks with something, I say it sucks, but this time I must say that the behavior of Firefox + webshield really suprised me… I am very pleased with it
Ps1–> The new version 4.7 are really much lighter on resources then was 4.6… I must say too that it is above my expectatives… I didnt thought that Avast could really be light on resources keeping all the security providers… Congratulations alwill
I am a very boring guy about the usage of resource of a machine… And for me think that its ok, its because I think its very light really indeed… ;D
Ps2–> Its just impression, or from the last month Avast started to miss less malwares? Sometime ago it was having a big trouble with detection rate, and now, I am not seeing so much misses… (I believe that the response time for the malwares still sucks), but in general is detecting more… Maybe the generic detections are taking effect? ???
Elminster, I’m thinking if the Brazilian victory in Soccer World Cup is not messing my mind ;D
Well, IE + WebShield should have the same behavior of Firefox + WebShield… but, which download extension are you using in Firefox?
I can’t help you further as both behaviors (of the WebShield and the .part file) are strange for me…
Maybe someone from Alwil should give us a hand here…
Hehhee… Victory? 1x0 to me makes me fell like a half victory, I was expecting more… Lol
Anyway,
I set standard shield to high level… So now:
1- When the downloads gets to 503 KB the web shield start the warning. (the file has 544 Kb)
2- With the high setting of standard shield, a tmp file is detected on the Internet temp of firefox as being the same malware.
3- And for the last, a file “.part” with 503 Kb is saved on the location that I asked to. Standar shield also warns me.
with this high setting, Avast finds every place that firefox uses to save the file that i asked for… I must say that this way, its a full clean… ;D (By the way, I believe the file that is save in this two place is corrupted by the webshield action anyway)
I tested now with the same link again and I am sure… Firefox really blocks the download (like it was a URL) while IE allows me to download the file…
Maybe Alwill could say something about… I would like to check this behavior in IE too… It would be great!
avast! 4.7 is really light (fast in real-time performance) and hope that avast! will be optimized to be faster and faster in the future. On my machine, avast! is now lighter than CA eTrust EZ Antivirus and eTrust Antivirus that known be to a very light antivirus but avast! has many aspects which make it much more effective than eTrust. IMHO
Note: when I say “light” I mean “fast in real-time performance” not by just watching the amount of Mem Usage from the Windows Task Manager that I think it’s wrong and a bit nonsense.
This is what I’ve been wondered for a quite long time, I think the boot-time scanner is not as effective as the normal scanner, boot-time scanner may have some limitations as you’ll see that there’re some improvements (e.g. packers, archives) were added to the boot-time scanner from time to time. But I may be wrong, only Alwil team can tell you the truth.
