Using the Avast scanner or any other reputable AV scanner, I seldom have any PUP’s listed as threats. With Avast I have not had one PUP listed in all the times I have used it.
Using MBAM, this AV picks up many PUP’s all of which are not picked up with Avast. Auslogics defrag places many PUP’s on the system. Every time I use Auslogics and I use it often, many PUP’s enter my system which are apparently ignored by Avast and other AV’s.
After using Avast for a period, I then used MBAM and 532 PUP’s were listed as threats ! Obviously the accumulation of PUP’s during the Avast period of use.
May I please have an explanation why Avast ignored these PUP’s ?
If you know they are PUPs and you still allow them, then they aren’t unwanted, the crucial word in Potentially Unwanted Program.
There are many instances of programs that do things that some malware may do, like system tools getting information on your system, etc. For an AV, etc. trying to determine intent is the hardest thing, e.g. did you install it for a specific purpose or was it installed without your knowledge.
As for your comment “Auslogics defrag places many PUP’s on the system.” it isn’t placing PUPs on your system it is placing tools to do the job. The fact that MBAM is very fussy about what determines a pup, may differ from mine or Avasts, it is all about intent and that is what a user has to determine.
The PUP scan on some shields is off by default and for many people this is just fine as crucially they wouldn’t have knowledge of what the program does exactly to answer any interactive question raised by an AV alert.
Some security based software have a very different idea of what PUP encompasses
I would just add that the MBAM program does not pick up any PUP infections until it goes on the heuristic analysis. With MBAM, the heuristic analysis is a specified visual scan action, the files scan is immediately before that.
If Avast does not scan heuristics, then it will not pick the threats up which MBAM does, neither will other will AV programs. So heuristic PUP’s will simply accumulate until MBAM is run again.
avast is not as strict as to what they classify as PUP
Several years ago, I blogged that we would be increasing how aggressive we would be in detecting Potentially Unwanted Programs (PUPs) and our fantastic malware intelligence and research teams have delivered on that promise. Last year, we removed approximately 500 million traces of PUPs per month!
In response, a lot of the PUP developers are making efforts to circumvent our criteria and continue distributing their damaging software to users. This is why we are getting even more critical about what we call a PUP, and what we are going to be detecting and removing from user systems.
I have done absolutely nothing. I am simply using two different AV programs and stating a difference in the treatment of PUP’s, call them tools if you wish, the definition is in the mind of the beholder. How program technicians define a PUP is their business, not mine and everybody is well aware of MBAM’s crucial definition and treatment of PUP’s.
Bottom line - Whatever constitutes a PUP is either a threat or it is not a threat. There is no middle ground.
What I have been saying is determining the intent is in the eye of the beholder and a security based program may have a different decision on what is a PUP, but it can’t determine intent. That is why the word Potential is used. If it knew exactly if this was harmful then it wouldn’t be Potentially Unwanted Program.
AI in security based programs isn’t really available right now.
The threat as such, isn’t a threat until it is determined if it is Unwanted by the user. Did they install it, did they know what it does and do they want it on their system (Unwanted or not Unwanted).
I appreciate all you have said, but this controversy is a responsibility of the program vendors, nothing to do with me. I could not care less how a PUP is defined, I simply use the AV program.
From what is being said, it is obvious to me that there is a gross misunderstanding amongst the experts on how to define a PUP. This again does not bother me.
So, as the hundreds of “PUP’s” as defined by MBAM are of no value to the user, it is beneficial to delete them. Consequently, as using Avast or any other AV program will leave these useless files on the PC, I find it a simple technical choice to exclusively use a globally acknowledged and respected program like MBAM which deletes this redundant rubbish. If deleting these files does no good, it certainly does no harm.
There really is no way this can continue without details of what MBAM actually reported as PUPs.
I have seen MBAM report empty registry entries (a command without an associated file) as malicious. Without the file the command, etc. is inert.
Perhaps you can see why PUP scans ia disabled by default (on some shields/scans and not others) as the greatest majority of users can’t really make the determination on is this Unwanted or not.
Without details how can a user determine that “the hundreds of “PUP’s” as defined by MBAM are of no value to the user, it is beneficial to delete them.”
That’s me for this topic as one man’s PUP is another’s useful tool, we could bounce this around all day and that wouldn’t change.
Thank you so much for the constructive comments given on this controversial subject.
I get the message. My own conclusion is that if MBAM classify files as PUP’s then PUP’s they are.
All the hundreds of PUP’s I have been talking about are exclusively Auslogics. Well, they may be vital ingredients during the Auslogic defrag, but they are absolutely of no use afterwards, so deleting them is a beneficial action to take.
I have done absolutely nothing. I am simply using two different AV programs and stating a difference in the treatment of PUP's
Well, that is already one point where you are wrong.
MBam is not a av, it only scans executable files (which can be read on the MBam website).
What a tool detects a PUP depends on how the developers define a PUP, and MBam has made their rules for it a lot stricter recently.
If you read them than even avast should be considered as a PUP.
That is my thread on the MBAM Forum. I was trying to get their opinion of the huge number of Auslogics PUP’s that MBAM was finding each time I did defrag.
My question to Avast was to find out why Avast do not find the same amount of PUP’s.
The comments given only add to the controversy surrounding the classification of what a PUP actually is, a kind of Status Quo or limbo situation.
Thanks for the update,I also downloaded freemake video encoder a while ago and noticed it installs open candy so stopped installing,open candy was installed even after cancellation.
"Latest version of Auslogic, installs fine, but after the install it drops a trojan into a temp folder, and tries to offload payload onto your system. Verified the MD5, and download location is Auslogic themselves, on their server directly, with no MTM or diversion.
Trojan hits an IP address in Reston, VA which my sources claim is a CIA front server. When I do a deeper search I find the server is named MOE, which is a once famous CIA agent named “Moe Burg”, sort of a legend within the CIA I hear. So I wonder… Why is Auslogics offloading a trojan? Why does it call home to the CIA’s MOE server? If you wanted a ‘catalog’ of every file on someones system, a defragger that dials home would be a WONDERFUL tool.
The link below that says: Alternatively, click here to download from our website
is the one that offloads the trojan. Note, I am not linking the trojan, as this website is a WELL KNOWN defragmentation vendor. I am merely pointing out that they appear to be compromised, either knowingly, or unknowingly… Whichever, but people should be wanted. Unless you are port monitoring, you may not see what is going on."
