Granting permissions before opening a program because of previous alert

Due to my stupidity, I clicked on the wrong button during a trojan alert and I was unable to use the program. The program in question is Ultrasurf. I know there isn’t consensus about whether it’s a false positive or truly malware but I’ve been using it for a year and my system hasn’t been compromised to my knowledge.

After my faux-pas I decided to completely uninstall Avast, used regedit and then restarted by PC then installed the latest version of Avast. So, I would like to use Ultrasurf again but I’m pretty sure that if I try to run the latest version, it will give me an alert.

What I would like to know is, is there anything I can do with respect to permissions, exceptions prior to launching the program(sorry if I’m using the wrong terminology) so that I don’t get that warning. I use Ultrasurf everyday or at least I used to and would like to again.

If there isn’t, what do I do once I click “no action?” Won’t my system still not grant me permission or is it an issue aside from Avast? I’m running Comodo Firewall as well.

Any help would be greatly appreciated.


Which version of avast are you using?


Thanks for replying. I have the latest free version I believe v5.0.677.

I was impatient and decided to launch US and I have had no issues. But, I’m still curious about whether I can prevent this problem by tinkering with permissions first.

Rather than exclude, it is best to first confirm (one way or another) and if an False Positive (FP) then report it so that the virus signature can be adjusted (for all avast users who might have this).

You could check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

  • In the meantime (if you accept the risk), add the full path to the file to the exclusions lists:
    File System Shield, Expert Settings, Exclusions, Add and
    avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.