Recommended Web Shield setting : UNCHECK "Do not scan trusted sites".

Rednose · 2017-05-20T00:27:42.000Z

Hi Guys

Recently we had a discussion with Avast about the default Web Shield setting “Do not scan trusted sites” :

Avast - Settings - Components - Web Shield - Customise - Main Settings - Do not scan trusted sites.

As this is mainly a performance setting, we recommend to UNCHECK this to improve your Web Shield security.

Greetz, Red.

system · 2017-05-20T06:45:49.000Z

Thanks for the heads-up. Done!

DavidR · 2017-05-20T08:06:54.000Z

If that is the advice from Avast, presumably this setting will be unchecked/removed from future releases of avast ?

Rednose · 2017-05-20T09:13:34.000Z

Hi David

This is no advice from Avast but from a few of us discussing things with Avast on Slack, as so called “trusted sites” can be infected as well.

Greetz, Red.

DavidR · 2017-05-20T09:54:11.000Z

Well the problem as I see it is who decides what is a trusted site and what is the criteria to become a trusted site.

We have seen lots of sites being blocked in the past and not all of them are small sites. Some very large sites have been blocked at times, I think even google, yahoo and youtube, etc. Now if they are getting blocked/alerted on, it must mean they aren’t on the list, which would be strange.

Rednose · 2017-05-21T00:25:51.000Z

Hi David

We didn’t get an clear answer from Avast about that either.
But in my personal opinion Avast ( Web ) Shield settings should be set by default to protect you.
And performance settings should be optional.

Greetz, Red.

Eddy · 2017-05-21T00:28:40.000Z

Can a site ever be trusted ?
I would say no as well known sites also can get infected.

Having that option by default set to “don’t” is a security risk which we don’t want.

stibi · 2017-05-21T17:11:38.000Z

That’s the point, Eddy! I wouldn’t trust anybody blindly in this business

bob3160 · 2017-05-22T15:08:32.000Z

These are the settings I’ve saved and always restore after a clean install:

http://screencast-o-matic.com/screenshots/u/Lh/1495465668623-67716.png

I don’t really notice any difference in speed but feel safer.

Rednose · 2017-05-22T22:00:09.000Z

Yes

The option “Warn when downloading files with poor reputation” is not selected by default, and it is recommended to select it.
But I think that is common knowledge ( but maybe I am wrong ).

Greetz, Red.

Alikhan · 2017-05-22T22:07:33.000Z

Rednose post:10:

Yes

The option “Warn when downloading files with poor reputation” is not selected by default, and it is recommended to select it.
But I think that is common knowledge ( but maybe I am wrong ).

Greetz, Red.

It has two sides to it. It will ofcourse warn when downloading files with poor reputation but sometimes it will flag legitimate programs such as Windows Update so is disabled by default.

It just depends on the experience of the user.

DavidR · 2017-05-22T22:51:44.000Z

Alikhan post:11:

Rednose post:10:

Yes

The option “Warn when downloading files with poor reputation” is not selected by default, and it is recommended to select it.
But I think that is common knowledge ( but maybe I am wrong ).

Greetz, Red.

It has two sides to it. It will ofcourse warn when downloading files with poor reputation but sometimes it will flag legitimate programs such as Windows Update so is disabled by default.

It just depends on the experience of the user.

There is certainly a case for both options:
Having a poor reputation doesn’t necessarily mean it is malicious or the web shield would be throwing up a different alert.
Who defines what the bad reputation is.

And finally as Alikhan mentioned, user experience; whilst this wouldn’t unduly concern an experienced user, but might spook an inexperienced user (probably a majority of avast users).

Rednose · 2017-05-22T23:26:42.000Z

Hi Ali and David

As far as I know the Avast Web Shield reputation uses objective criteria, such as :

From which domain is the file downloaded from.
Is the file digitally signed.
etc.
…

Greetz, Red.

DavidR · 2017-05-22T23:37:12.000Z

Thanks Red.

Rednose · 2017-05-22T23:55:14.000Z

I think you have to realise that Avast Web Shield reputation is something different than Avast website reputation

Greetz, Red.

Announcements