Nirsoft-tools considered as malware even if PUPs declared as allowed!

How to globally allow all NirSoft-Tools (including all password-recovery-tools) so that AVAST does not consider them as malware?

In the AVAST-settings, PUPs are explicitely allowed and not considered as “malware”, but even then some of the tools are considered as malware and blocked.

The only possibility to use them is globally disable all AVAST protection … and THAT cannot be a valuable solution!

Btw: there is some problem in dialogue for the “actions”: the setting “first ask, if asking fails then put to chest, else no action” should result in the behaviour: - if at “ask” there was manually declaration of “no danger” then it should stop the process of putting to chest. But as you don’t offer “ignore” at asking, pressing “escape” or clicking on the close-x assumingly is considered as “fail”, so the next step is done, i.e. “put to chest”. But that “put to chest” should only come to action if “ask” really fails; i.e. if “ask is not answered” (or something like that). If “ask” is answered with “allowed/no danger” then the operation is over (i.e. “no action”).

Ofcourse some of the tools are blocked as they are malicious.

https://virusscan.jotti.org/nl-NL/filescanjob/cokv82munv

Many of the Nirsoft tools are considered as PUPs because of the things they can do can mimic what malware might do.

I presume this is for on-access scans, as the Scan for PUPs in on-demand scans is disabled by default. That setting however, doesn’t apply to on-access scanning. PUPS are scanned for in the Web Shield by default, so could be picked up on download.

I don’t know where you find that:

In the AVAST-settings, PUPs are [b]explicitly[/b] allowed and [b]not considered as "malware"[/b], but even then some of the tools are considered as malware and blocked.

I can find no such setting in the File System Shield Actions section - PUP Options/Actions, see image. No Action in this context doesn’t mean they are explicitly allowed - all that means is - none of the other actions will be taken (and the file remains in place), but it still won’t allow what is considered a PUP (or other malware) run.

Personally I only ever use Two Actions, Ask then No Action, the reason I say that Ask should be sat waiting for a response. I don’t know how that can fail and proceed to another action. I don’t want anything sent to the chest without my explicit action.

There is no additional option in the drop down list of Ask, from that of the other Actions to select.