New beta version 22.6.6017

Consumer Products Public Beta Avast Antivirus Beta
21

Here is what I’ve been able to isolate to the best of my abilities, not knowing the inner workings of Avast. First, I have to reboot and before starting any apps, disable all shields via the notification area icon. If I start any apps that would activate the shields (like my browser - Web Shield - or my email client - Mail Shield), then the problem always occurs. I’m guessing that starting an app that would cause a particular shield to be activated, like the email client activating the Mail Shield, causes all the shields to be activated.

After disabling all shields, then my VMs run without error.

I then enable Web Shield and Mail Shield; again the VMs run without error. In addition, Avast adds 5 Notifications for the following shields being disabled:

[ol]- Ransomware Shield

  • Behavior Shield
  • File Shield
  • Anti-Rootkit Shield
  • Anti-Exploit Shield[/ol]

I next enabled Ransomware, Behavior and File Shields; again the VMs run without error. Finally, I enabled Anti-Rootkit, and the problem occurs. In another series of tests, I tried enabling Anti-Exploit, but that also enabled Anti-Rootkit. The problem occurs, but I believe that is because of Anti-Rootkit, not Anti-Exploit. So Anti-Rootkit appears to be cause of this issue.

I generated the support file as instructed. I included a screenshot of the error message that pops up when the problem occurs; I’ll also attach that screenshot here. SupportTool prompted me for a ticket number which I don’t have, so I left that blank. I hope this helps. Let me know if I can do anything else to help isolate this problem.

[EDIT 6/20/22] Since posting this, I discovered how to turn on and off the Anti-Rootkit Shield and Anti-Exploit Shield through the Avast UI: Menu → Settings → Protection → Core Shields → Enable Anti-Rootkit Shield / Enable Anti-Exploit Shield. Using that, I was able to enable the Anti-Rootkit Shield but leave the Anti-Exploit Shield disabled. My VMs continued to run without error. When I enabled Anti-Exploit Shield, the VMs failed as described. So, I now believe the real source of the problem is the Anti-Exploit Shield.

22

Hello everybody. Please let us inform you about an issue with starting hf5.exe process from Hide Folders 5 application we discovered based on report from one of our BETA users (https://forum.avast.com/index.php?topic=319869.msg1688960#msg1688960).

After analysis we belive the issue is with checking event of created user session by Hide Folder application service fsproflt2 (SERVICE_CONTROL_SESSIONCHANGE) which may be affected after the Windows Avast Antivirus installation (changing boot timing). In other words, it may happen after installation of any other application (not only Avast Antivirus) too and therefore needs to be addressed in the Hide Folders code.

Also note that on Windows 10 there is Privacy setting “Use my sign-in info to automatically finish setting up my device after an update or restart” which is enabled by default - we belive that turning off this option will solve the issue too (but as it is on by default by MS, it would require each affected client to do so).

23

Hi guy.rouillier, thank you for your time and information provided - I created ticket for devs to look at it further. Could you please share the ID of the package from the support tool? The package can be found here: c:\Users<your_username>\AppData\Local\AvastSupport - so its filename would be great to know. Thank you.

24

Hello ccm582.

1/ Answered in one of my previous posts :wink:

2a/ Ok, this is pretty fresh configuration export. We will test it more thoroughly next week.

3/ Yes, Avast One tends to be lighter than standard Antivirus but there are also other components related to privacy, performance etc. We will look more at the UI and Firewall rules to see whether we can induce something similar.

4a/ Avast One and dark mode - although it is available in the Antivirus, it is not planned in the Avast One at the moment (it seems simple, but it is actually not).
4b/ Avast One and antifingerprinting - it is available in the Avast One while not in the Essential (Free) edition. I shared this with the product manager of the Avast One (I am sure he is aware of this and there is a good reason for it).
4c/ Avast One vs standard AV exceptions configuration - can you tell me why would you like to have exception for e.g. shields while not for scan? I mean once the scan is done in folder not in exception for scan, it could be quarantined etc. I am not saying we cannot do this, but would like to understand the story behind :wink:

6a/ EICAR detection and disinfection
Well, EICAR test file is I would say simple definition detection and as a such does not required any disinfection simply because it is not needed. In more advanced threats, detected especially by the Behaviour Shield, there is system disinfection usually required and performed.

6b/ Basically, once the AV drivers are loaded (during the system boot) there is nothing that would escape them so although the AV application itself could be started “at some point” after the computer start (processes, services, etc.) the computer is protected already.

7/ Avast Firewall untrusted (public) network profile does not mean to block all the incoming connections. It is a much more strict profile of course then applied for trusted networks, but there are some exceptions for incoming traffic.
The flow for the incoming traffic is as follows and it is evaluated in this order: Traffic → Network rules → App Rules → (Ask dialog, if enabled) → App/System. In the section Firewall - Firewall settings - View Firewall Rules - Network rules you can see the rules that are above the rule “Public Tcp/Udp In Block” (which blocks all the incoming connections on TCP and UDP protocol). These rules are above which means they are evaluated first.
In your case, I would say that the incoming connection was allowed by the rules above the “Public Tcp/Udp In Block” and as long as Firewall did not find the existing rule in Application rules the Ask dialog was triggered. If you want to adjust the setting, it is possible to do it on the page with Basic Rules or you can create your own Firewall rules on the Network/Application Rules page.

Response to the Behavior / Ransomware Shield will be answered later :wink:

Have a nice day! Petr

25

Thank you, petr, for your detailed reply. After reading it, it resolved many doubts I have about Avast.

I will reinstall Avast before my Hide Folders trial expires and try the Privacy setting. Will let you know when I do so. I’m sure you tested it before recommending it.

My reply to your questions and points raised:

4b. I deliberately put Eicar and a few harmless malware into a folder. So I would select all the exceptions i.e. File Shield, Behaviour Shield and Scans to prevent quarantine.

But sometimes Avast may think a program is suspicious and want to quarantine it although the program is perfectly fine. So it is a false positive. It may take a long time for Avast to find it to be ok. So I set it to excluded from all Shields except Scan. When I scan it, I will know whether Avast still think it is malware. If by then it is cleared of suspicion, I can remove the exception. Avast Free allows me to do that but Avast One will exclude the folder from all shields and scans. This is one reason I prefer Avast Free.

In Avast One, you may not need to have exactly the same Exception options (Scan, File Shield…) as Avast Free. There are already checkboxes there. In addition to ‘Remove’ button at bottom, how about ‘Enable/Disable’ button at bottom too. Then we don’t have to delete the Exception to scan, then add it back again.

4c. I think Avast One excludes anti-fingerprinting to encourage Premium sales. I can live without anti-fingerprinting because Firefox and Brave browsers have it built in. There are also many browser extensions that do this so I don’t think anyone would buy Premium just for this. This is similar to Avast One’s VPN with Killswitch for Premium only. There are free VPNs that offer more data and Killswitch together which is why I don’t use Avast VPN. A VPN without Killswitch is not safe.

6a. I have never seen Avast disinfection in progress as I never got any serious malware or ransomware. Are you saying that if a serious ransomware hits, Avast will block, quarantine it and then do a ‘disinfection’ to see whether it did any damage? If so, can it reverse the damage?

6b. If my internet is on during boot-up, does Avast Firewall also stop my ‘blocked applications’ from accessing the internet if Avast starts AFTER the blocked app?

  1. In Avast Free or One, it is stated that Untrusted networks will block incoming connections. This may cause misunderstanding so perhaps you may want to re-word it.

Your explanation makes many things clear now. I used Comodo Firewall before which has a network rule of blocking all incoming connections after allowing outgoing connections and allowing a couple of ICMP incoming connections. I suppose I can create a Network Rule to block all incoming connections and put it at the top. BTW, creating a Rule places it at the bottom. Then I have to drag it all the way past many rules to put it at the top. Any chance of a checkbox with go up/down/top/bottom arrows?

I look forward to your Ransomware/Behaviour Shield replies that I’m sure will answer many points raised in this Forum.

26

Hi ccm582, just for the Hide Folders - well, some of us were not able to induce the issue at all as it is matter of timing. For me personally, the Privacy configuration did not help. We also contacted vendor of the software and they recommended the following:

In Registry Explorer browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsproflt2 and change Group value from UIGroup to Event Log. This helped on my machine but I would not consider it as “final” solution as it requires user interaction to solve the problem (not even talking about working with registry etc.).

However, the only way to solve the issue for all is from the vendor to change the code :wink:

I will look at your reply next week and get back to you. Have a nice weekend! Petr

27

I believe you are referring to the name of the generated zip file. If so, that is: 20220617_0407_YNQ3B_930869535.zip

After uploading the file, I received an email from Manigandan Mohan on The Avast Support Team, gently asking “What’s this?” :slight_smile: I will reply to him with a link to this post. If you could provide me the ticket number, I’ll send him that as well. I have an Avast account with an email address if you would prefer to send the ticket number privately.

Thanks.

28

Hi Petr,

I had some time today and so I tested with both Avast One and Avast Free both version 22.6.6019 Beta.

The Registry solution worked. Hide Folders 5 now start up with both Avast Free and One.

Ransomware Shield sometimes work and sometimes doesn’t. In Avast One, for external drives, Ransomware Shield displayed this behaviour:

On PC reboot with external drive plugged in:

  • RS doesn’t work
  • files deleted from external drive goes to its Recycle Bin.

If I pull out the external drive and plug it back in again,

  • RS works
  • files deleted are deleted permanently and doesn’t go into Recycle Bin. RS makes the external hard disk into a flash drive where there is no Recycle Bin.

I then uninstalled Avast Free because of its UI problems, and Avast One because I want my deleted files to go into Recycle Bin instead of being deleted permanently.

29

Yes, as the name includes the File-ID, so the devs can find it on the server. :wink:

30

I wanted to close the loop and report that my issue seems to have been fixed with the latest beta 6020. With all Avast Shields enabled, I am able to run VirtualBox VMs without crashing. I’ll report on the 6020 thread on this forum if I encounter any more problems.

Thanks for the help.

31

Petr,

Please reply.

32

Hi, I would say this is not Anti Ransomware feature, it seems more like a Avast Shredder (https://support.avast.com/en-us/article/use-antivirus-data-shredder/)

33

The above refers to problem with only Avast One and only after importing Settings. This problem doesn’t exist in Avast Free. Avast Shredder is a Premium feature while I used free version, so it is disabled. So I don’t think it is problem with Shredder.

I found the cause of this problem. Restoring settings from an earlier version of Avast One, and then restarting the PC, cause external hard disks to be treated as flash drives without Recycle Bin after they are unplugged and inserted later.

34

Earlier I tried Avast Free and its Ransomware Shield sometimes work and sometimes doesn’t. But in latest beta 22.6.6021 (build 22.6.7351.528) of Avast Free, Ransomware Shield works fine even in protected folders on external drives. Thank you for fixing it.

35

Hello ccm582, I reminded it to my colleague from the team responsible for this features so the answer is more precise. Stay tuned :wink:

36

Petr,

Please read some of my posts here since you were away esp. the Registry solution worked. Hide Folders 5 now start up with both Avast Free and One. TQ for the solution.

I installed Avast Free 22.6.6022 (build 22.6.7355.528) and it seems to work better than before. It can send malware to Quarantine faster than before. But every time I add, change or delete a Firewall Rule, the UI hangs for a few minutes. Hope your team can fix this soon.

37

Disappointing that no one replied as promised.

Anyway, I think I know the answer from the Youtube tests. Ransomware Shield and Behaviour Shield alone isn’t very effective. But AV-Comparatives said they tested Avast with all the Shields turned on and it performed well at malware detection. So I suppose that Avast is to work with all the Core Shields turned on which means that it depends on the definitions either online or offline. But I do have concerns about zero day malware/ransomware.

38

Hi ccm582,

I’m working at FSPro Labs (a developer of Hide Folders 5) and we probably have fixed an incompatibility problem between Avast and HF5.
Download the latest version of our program and check if autostart works for you. If not, please contact our support team.