Hi there, i have some questions to the avast team (not mods but everyone is welcomed to post ).
1.Why on the “Contact us” page the virus lab button (the one for submitting files) leads just to a regular page for support. Why there is no special submit system on your site like Avira’s one or the one’s of Kaspersky, Bitdefender, G Data, Comodo, AVG? You see the point. Don’t just stay, take this as motivation from your clients and just do it. 8)
2.Submitting malware through that system takes much time for reaction. I have submitted samples more than once and the last two times it was 1 month till you send the sample and reply and 1 day after you sent it for analysis to the labs to reply again that it is detected as PUP.
3.Allow submission of URLs as well.
1.Avast’s help says that CyberCapture kicks in when Avast detects that a file is suspicious by static analysis such as file properties/heuristic analysis of that file. For example, when a file has some threshold after heuristic examination but it is not enough for blocking it it will be submitted for Cybercapture analysis. Is that true or it just kicks in when a file’s reputation is poor and/or the file is unknown yet?
2.Avast’s help says that Hardened mode on Moderate blocks files with poor reputation, on Aggressive allows only whitelisted files. When Hardened mode is enabled the checkbox of CyberCapture remains checked. Does that mean that if i activate Hardened mode on Moderate 3.Avast for example will block files with poor reputation but will still submit files with a set threshold after heuristic/file properties static analysis for CyberCapture analysis?
These are technical questions that only avast team/ engineers can answer, but it is very important to be answered. If you are a mod and don’t know the answer i will be very thankful to make avast team/ engineers come and read this.
In my vision Hardened mode should not prevent CyberCapture, it should work just as in this post. Newer files with not good reputation can be blocked if hardened mode is moderate and allowed to run if reputation is good. Independently of this if a file’s properties after static analysis are suspicious and above some threshold, file will be blocked right away. if it is above another threshold which is lower that the first one, it will be submitted for CyberCapture analysis. I believe this is a good way for Avast to do. Please, if you are just a moderator who don’t have an inside of how avast technically works but have a connection to the engineering team / malware labs, drop them a message to come and take a look. It can only be a good thing to do and you won’t lose much time. Even if Avast doesn’t work that way as i posted, please please call someone from the team to take a look.
And last question. The option "monitor files for suspicious behavior is HIPS or Behavior Blocker. And if it is a HIPS, retain it and integrate AVG Identity Protection behavior blocker in the future.
Now thanks for each one who reads that line of text now, that means you’ve taken time of your precious life to read everything above, which in not little. :-* :-* :-*
1.Why on the "Contact us" page the virus lab button (the one for submitting files) leads just to a regular page for support. Why there is no special submit system on your site like Avira's one or the one's of Kaspersky, Bitdefender, G Data, Comodo, AVG? You see the point. Don't just stay, take this as motivation from your clients and just do it. 8)
2.Submitting malware through that system takes much time for reaction. I have submitted samples more than once and the last two times it was 1 month till you send the sample and reply and 1 day after you sent it for analysis to the labs to reply again that it is detected as PUP.
3.Allow submission of URLs as well.
How to submit >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
1.Avast's help says that CyberCapture kicks in when Avast detects that a file is suspicious by static analysis such as file properties/heuristic analysis of that file. For example, when a file has some threshold after heuristic examination but it is not enough for blocking it it will be submitted for Cybercapture analysis. Is that true or it just kicks in when a file's reputation is poor and/or the file is unknown yet?
Yes i know how CyberCapture works. But my post was a little bit different. It was about is Avast working the way i posted it, and if not for the team responsible for engineering to take a look. Can i ask you to tell someone from the team to look at it? See the button in the screenshot, click it and take a note where it leads you. No such platform like the one for FPs. Don’t kill me, this is useful criticism and kind of motivation. If your goals are to help the fight against malware and you want Avast to function better you will understand me. Friends? Will you help me reach my goal of getting this into the eyes of developers?
See the button in the screenshot, click it and take a note where it leads you. No such platform like the one for FPs. Don't kill me, this is useful criticism and kind of motivation. If your goals are to help the fight against malware and you want Avast to function better you will understand me. Friends?
Yes, but the form for malware files and FPs should be unified. Take a look at the other vendors systems. They are direct systems specifically created for this. I have given links to some examples. This one is for general issues and i have no idea why there is a special form for FPs but not for Malware samples. I have submitted files that way and it takes more time than needed. There has been times when it took 1 month for the support tickets created that way till someone looks them and sends the file to labs. After someone sends it to labs it’s fast, about half a day or 1 day. There has been times when a support person told me that my submission has been sent to the wrong department and they are sorry for the delayed response. But WTF, i have explicitly used the contact virus lab button. There is a NEED for Avast to take some actions for this.
Yes, but the form for malware files and FPs should be unified. Take a look at the other vendors systems. They are direct systems specifically created for this. I have given links to some examples. This one is for general issues and i have no idea why there is a special form for FPs but not for Malware samples. I have submitted files that way and it takes more time than needed. There has been times when it took 1 month for the support tickets created that way till someone looks them and sends the file to labs. After someone sends it to labs it's fast, about half a day or 1 day. There has been times when a support person told me that my submission has been sent to the wrong department and they are sorry for the delayed response. But WTF, i have explicitly used the contact virus lab button. There is a NEED for Avast to take some actions for this.
Hello liubomirwm!
Do you have the ticket ID for such cases? I would like to review it. The requests sent through the “Report a FP file” have the highest priority and shouldn’t wait for more than 24 hours.
For malware samples we have a different process, explained here https://www.avast.com/faq.php?article=AVKB258
Why we don’t have a unified form for FP and malware samples? Because we need to manually check each FP report and to reply to the reporter, whereas by the time we receive a malware sample on most of the cases we had already added it to our detections, and the reporters don’t necessarily need a reply.
PS: You could have gotten a faster reply if the name of your thread would have better described your question Please consider changing the subject to something more meaningful
Ticket #213310. There were other tickets but i think they were submitted with another Avast account with a different email.
Look HERE and see what i mean. Take a look at the different vendors links for submission in my above post. They all have good systems for malware sample submissions, some even very good. You have to create one and replace the link for “Contact virus” button.
I also have another question, which i think i have discovered the answer for and i don’t think that it’s the best thing you can create. I know i’m just a user (one of the many), but if you want to be a successful company not only in earning money but also in technologies and customer satisfaction, you should listen to your clients (the better word is people, don’t you think? ) ideas and opinions and what they need and try to make the golden mean between them and you.
In my vision Hardened mode should not prevent CyberCapture, it should work just as in my above post.(Aggressive mode is a whitelist and won’t be discussed here). If hardened mode is moderate newer files with unknown reputation will be blocked right away and allowed to run if reputation is good. If it’s off, then files with unknown reputation will not be blocked right away. Independently of this setting If a file’s properties after static analysis (file properties and heuristics) are suspicious and above some threshold, file will be blocked right away if it’s reputation is unknown or bad (but allowed if reputation is good even when they have suspicious static properties). If it is above another threshold which is lower that the first one, it will be submitted for CyberCapture analysis no matter the way hardened mode is set (but will be blocked locally if moderate). I believe this is a good way for Avast to do. I can try to write down a picture of the way the decisions will be taken because i really want to understand my vision and for you to think about it and improve your product if needed.
[url=https://support.avast.com/support/tickets/213310]Ticket #213310[/url]. There were other tickets but i think they were submitted with another Avast account with a different email.
Look [url=https://s31.postimg.org/9m65skzd7/Screen_Shot_20160718143103.png]HERE[/url] and see what i mean. Take a look at the different vendors links for submission in my above post. They all have good systems for malware sample submissions, some even very good. You have to create one and replace the link for "Contact virus" button. ;)
I must be missing something, I don’t see where in that ticket you are told that you contacted the wrong department. Are you sure you are not confusing it with your ticket #205880 ?
Regarding the form, due to our technology and the process of our virus laboratory (described here) we do not expect to receive samples from our users, as other vendors do, and for the same reason we do not encourage it through a form like theirs.
About CyberCapture, I will pass your feedback to the devs
Yes, my mistake. It’s #205880. I don’t think that such a form will be bad anyway, just make the incoming files to go to the same checks and places as ones from clients. Also, please send the devs THIS picture. .
Also, there is an option to “Monitor files for suspicious behavior”. I know this is HIPS, isn’t it? Please combine it with AVG’s Identity protection behavior blocker once you are able to. :
).
But my post was a little bit different. It was about is Avast working the way i posted it, and if not for the team responsible for engineering to take a look. Can i ask you to tell someone from the team to look at it? See the button in the screenshot, click it and take a note where it leads you. No such platform like the one for FPs. Don’t kill me, this is useful criticism and kind of motivation. If your goals are to help the fight against malware and you want Avast to function better you will understand me. Friends? Will you help me reach my goal of getting this into the eyes of developers?
Please consider changing the subject to something more meaningful 
