Living in a fool's paradise?

I have been using Avast 8 free for some time and believed it had been protecting me well.

Just to be sure I routinely ran Malawarebytes and found PUP.Optional.Tarma.A which I duly removed.

Wondering why Avast hadn’t detected this I decided to run the Eicar test files and got no detection response. I tried to repair the Avast installation but still no response to the test files. In desperation I uninstalled Avast completely and then reinstalled. The Eicar test files are now correctly detected.

I have revisited the settings and turned on PUP detection for all scans (I am unsure how this was previously set.)

Apart from regular testing how can I be confident Avast is doing its job?

http://www.avast.com/faq.php?article=AVKB32

Just the detection name on its own, isn’t sufficient to hazard a guess. The contents of the MBAM log might help us to help you.

MBAM detects stuff that avast isn’t even looking for in some cases, like this it could could be a file and PUPs aren’t scanned for by default. So that may be why, but MBAM also checks settings in the registry which if changed could be unwanted, though I think that this would produce a different warning.

PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.

Not all antivirus programs scan for PUPs and avast has it turned off by default (an exception being the boot-time scan). Generally the avast default settings provide a good balance between protection and performance.

They also try not to have the user involved in too many decisions, when PUP scanning is enabled this is more likely to happen (not directly). Avast would still seek to have the Shield settings Action set to Move to chest.

However, in the on-demand scan the detections would be listed at the end of the scan and this is where the user may decide to change the action from Move to chest to another action. This is where the problem lies to be able to make that decision an informed decision needs to be made and you need the knowledge on the file/program being detected to make that decision. This is I believe why avast doesn’t enable scanning for PUPs by default (other than the boot-time scan previously mentioned).

Clean, quarantine or delete
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

By the way detecting of PUPs is disabled by default, you have to enable it in the Settings. :slight_smile:

Which is mentioned in my post.

Thanks to those who have replied and I hope the replies help others in the future.

I think I had already implemented most of the advice offered as indicated in my original post. Please find the mbam log attached. At this stage it is probably only of academic interest.

I don’t believe anyone has answered my final question on maintaining confidence in Avast continuing to work correctly. It looks as if there is no alternative to regular testing with the Eicar files (http://www.avast.com/faq.php?article=AVKB32).

Actually, there is.

http://www.avast.com/eng/test-url-blocker.html This tests the Network Shield scanner in real-time. As this is only a test file, it is similar to EICAR.

EICAR is designed more for static scanning similar to using File System Shield when running a manual scan of the hard drive.

[EDIT:] Thanks to Asyn for providing the url test file some time ago. I’ve bookmarked the resulting page in my browser and sometimes use that to check for proper operation that way. See attached below to see what to expect.

We have answered the question as far as we could without more information (now provided) avast isn’t scanning for PUPs by default, you can enable this option.

However, be prepared to get alerts to which you can’t really don’t know much about, you need some knowledge of what is installed on your system, what it does and why it might be considered a PUP as outlined in my first reply.

As for the Tarma Installer, this may well have been installed with some other software, lots of hits when you search for it uk.search.yahoo.com/search?p=Tarma+Installer. Seems to be some consider it a PUP/spyware, but many legit download sites have it.

[EDIT:] Removed entire contents of this post as url link provided when clicked would cause flash player embedded in vendor site to crash. While urlquery.net does not have a current alert at this site, many prior alerts in July, so link was removed for member safety.