Recommended Web Shield setting : UNCHECK "Do not scan trusted sites".

Hi Guys :slight_smile:

Recently we had a discussion with Avast about the default Web Shield setting “Do not scan trusted sites” :

Avast - Settings - Components - Web Shield - Customise - Main Settings - Do not scan trusted sites.

As this is mainly a performance setting, we recommend to UNCHECK this to improve your Web Shield security.

Greetz, Red.

Thanks for the heads-up. Done!

If that is the advice from Avast, presumably this setting will be unchecked/removed from future releases of avast ?

Hi David :slight_smile:

This is no advice from Avast but from a few of us discussing things with Avast on Slack, as so called “trusted sites” can be infected as well.

Greetz, Red.

Well the problem as I see it is who decides what is a trusted site and what is the criteria to become a trusted site.

We have seen lots of sites being blocked in the past and not all of them are small sites. Some very large sites have been blocked at times, I think even google, yahoo and youtube, etc. Now if they are getting blocked/alerted on, it must mean they aren’t on the list, which would be strange.

Hi David :slight_smile:

We didn’t get an clear answer from Avast about that either.
But in my personal opinion Avast ( Web ) Shield settings should be set by default to protect you.
And performance settings should be optional.

Greetz, Red.

Can a site ever be trusted ?
I would say no as well known sites also can get infected.

Having that option by default set to “don’t” is a security risk which we don’t want.

That’s the point, Eddy! I wouldn’t trust anybody blindly in this business :wink:

These are the settings I’ve saved and always restore after a clean install:

http://screencast-o-matic.com/screenshots/u/Lh/1495465668623-67716.png

I don’t really notice any difference in speed but feel safer. :slight_smile:

Yes :slight_smile:

The option “Warn when downloading files with poor reputation” is not selected by default, and it is recommended to select it.
But I think that is common knowledge ( but maybe I am wrong ).

Greetz, Red.

It has two sides to it. It will ofcourse warn when downloading files with poor reputation but sometimes it will flag legitimate programs such as Windows Update so is disabled by default.

It just depends on the experience of the user.

There is certainly a case for both options:
Having a poor reputation doesn’t necessarily mean it is malicious or the web shield would be throwing up a different alert.
Who defines what the bad reputation is.

And finally as Alikhan mentioned, user experience; whilst this wouldn’t unduly concern an experienced user, but might spook an inexperienced user (probably a majority of avast users).

Hi Ali and David :slight_smile:

As far as I know the Avast Web Shield reputation uses objective criteria, such as :

  • From which domain is the file downloaded from.
  • Is the file digitally signed.
  • etc.

Greetz, Red.

Thanks Red.

I think you have to realise that Avast Web Shield reputation is something different than Avast website reputation :slight_smile:

Greetz, Red.