See Igor’s most recent post above and my response, which I believe is what Mele20 is asking for also.
OK, can I set up v.5 in such a way that if I suspect a false positive I can tell it to allow a program-critical file to be used pending confirmation that it is infected? If so, how? If this isn’t possible then regardless of what terms you use to describe the action that Avast takes, the result is that I will be denied use of one of my programs, which doesn’t seem to me to be very smart.
first, there’s no confusion on my side, you’re confused about my interpretation: although the interface itself would be somewhat confusing due to an improper wording, it’s not anymore once you’ve tested it with an Eicar file and seen what it does. To put it simply, the “ignore” command doesn’t exist at all. Don’t tell me how it was in V4, I have no idea anymore, I tested it once or twice ages ago with Eicar had one FP two years ago so…and no infection in the meantime.
This said, you cannot assimilate “no action” to “ignore” or “block” to “no action” because this wording doesn’t make any sense…not in “real” languages anyway 
Also, “no action” for manual scans gives you the option in the result panel to “do nothing” if you want, when “no action” when set in file system shield will block files automatically, so there’s a major behavior difference. Give it a try
Again, what’s needed is a “real” ignore option, that as VLK suggested yesterday, could be called an “add to exclusion list” and avoid the pain of having to restore hundreds of FPs (from Chest, when it works…) in the case of an incident like yesterday. You seem to be very unwilling to add this “real ignore option” from the beginning of the beta testing, referring to dangerous fast clicks for noobs, sorry but we’re running our own computers and I do not accept to be left with the choice between, sending to chest, block or delete. In the end the data is mine, and I wanna do what I want with it, especially when it can instantly save my system from being crippled with 10000 FPs… once numerous FPs are in Chest, restoring (again, when it works…) won’t necessarily work, especially with systems files…>>> system lockups…reboot… system lockups again etc…etc…I’d rather avoid my system to break than having to attempt a repair through avast Chest sorry…
It’s been suggested to many yesterday to wait…no panic…wait and wait…attempt to restore from Chest…you must be kidding ;D My system wasn’t affected I got luck, but if it had happened, you seriously think I would have trusted a system composed with thousands of files restored from the Chest ??? I would have attempted a sys restore, and if not good enough or fail, reinstalled Windows + programs in no time and waited for the update correction before reinstalling avast. I would have lost two hours, not a minute more. Better than wasting the whole day looking for solutions on the forum.
You know, unfortunately, a majority of the users who logged in to complain yesterday were people who don’t have a freaking clue about how to run a computer. For many of them Windows was just broken (really broken) and they will have to pay someone to reinstall their OS. You’ll be surprised: I won’'t blame Avast for this. these guys must understand that buying a PC is not buying a TV…I guess they’ll never make…this difference. Many of them just didn’t catch that an FP slaughter was going on, and instead of dealing accordingly, they launched a full scan with Avast, or worse, a bootscan :
So may be you can help them, may be you can’t, but in all case leave to those who know what a computer is the option to decide what to do when something’s detected >>>> IGNORE OPTION… again, thanks.
adding: a useless alternative to “send to chest” is this non-sense called “no action” blocking files for real time shields. How the hell do you unblock files then…again, the option doesn’t exist…other then adding the whole system in the exclusion list may be…??? also, did you notice that once a file is sent to Chest, after a manual scan, it’s just sent to Chest, but when it is by a real time shield, it leaves a zero byte file in the original location? why is that?
just another thing, apart from the fact that there’s been a mistake, a database that wasn’t checked before being posted, we haven’t been told yet what sort of error that was…can’t be heuristics as heuristics, what what I’ve read, wasn’t very advanced in avast 4, so what was that if I may ask ?
(don’t get me wrong, I’m not looking at all for a culprit, I couldn’t care less about who’s fault it was. I was deeply shocked when Comodo CEO mentioned publicly how he dealt with the person responsible for their AV disaster a few weeks ago). What interests me is what went wrong technically in the database…
Well, it’s not as simple as clicking a single button, but, you can specify files. folders, and paths not to be scanned/tested in the Standard Shield/Customize settings. This worked very well for me and I was able to continue using the computer normally until Avast came out with a new update.
Where is that set, I mean, where can I change from “auto” to “ask” in Avast?
And by the way, I had no FP’s that day, it seems I got luck.
Thank you!
Please delete.
Like Bellzemos, I would like to know where that setting is? I run version 4.8 and always left the settings at default. Anyone have a better suggestion for an “average” user?
BTW, I lucked out also with no warnings or damage.
Thanks…
John in STL
Well…
Most of the people who just posted flames and complaints about Avast are either greenhorn computer users or impatient ones who can’t be bothered to make a few web searches to find solutions and as such, want to “solve” their problems using different programs or anti-virus solutions.
Just to make it clear… Avast!‘s boot-time scan is a very powerful tool not available to many of the major names in anti-virus solutions. The catch about it is: It is meant for users with reasonable knowledge of the Windows operating systems’ inner workings AND prior experience in malware removal.
You can have the pricey Symantec’s 360 or Kapersky’s Internet security or McAffee’s run thousands of times in safe mode and never get rid of some trojans, or just have Trojan remover & Avast!'s boot-time scan and get the job done properly in two runs at the worst.
Sorry to say, but Avast! is for POWER USERS who know what they are doing when it comes to insidious malware removal… If you are not, you are ENCOURAGED to ask a computer expert FIRST or make a web search about your problem PRIOR to moving or deleting ANYTHING.
Besides… Making some many complaints about an anti-virus solution MANY of you haven’t even paid for is not only rude, but UNBECOMING.
Ditto!
Hi chachazero-tan,
And also these users forget that they have a treasure house of knowledge here in the avast forums waiting for them to keep them secure and a lot of expertise from the volunteers that give a lot of free time to help them whenever in a security predicament, but there are always those that will turn a blind eye to these facts, they do not realize how privileged they are, my friend,
polonus
I think that they ment it for the boot scan, because normal scan always asks you what to do with the infected file(s) if I’m correct. Can anyone verify that?
You can set “auto” to “ask” for the boot-scan if you follow this procedure:
http://www.digitalred.com/avast-boot-time.php
At point 5 you see that you can set it any way you prefer.
I must have really lucked out, or, maybe it’s because I don’t have my resident protection detection settings set to “anal”, but it only tagged one file in spyware doctor, which I always assume is a false pos, since avast doesnt like SD too much.
I think my main complaint is the options it leaves you when it finds a positive… namely, the “rename” option. I like having this option, actually, because it still allows me physical access to the file, without having to muck about in quarantine. The protocol is that it will simply add a .vir extension to the file, making it inaccessible. What it doesn’t mention is that if suspect file is regarded in DOS abbreviated syntax (i.e. SDCONT~1.DLL, as opposed to SDContextExt.dll) it will re-name the entire file. This can cause problems if you need to name it back to the original file name, especially since it never gave you the full name of the file to begin with, so you don’t know what to change the filename back to.)
Of course, when I got the false positive, avast froze my explorer, so I couldn’t actually get into the file system or a command prompt to find out what the full filename is. I actually had to go to the pctools forum and ask people what this file might be called.
Fortunately, the pctools user forum is as responsive as the avast forum, so I got an answer within minutes.
Im still sticking around for now. I have some pretty strict guidelines about where I throw my money, and some of those guidelines have to do with how strong the user forums are. Especially when it comes to response time, as well as communication with development. (i.e. do any of the mods talk to them, for instance.) Avast, pctools and zonelabs are all super good at this, which is why I stay with their products. (plus the fact that they are good products overall)
I think I speak for a lot of avast users out here that we like to know pretty much everything that is going on, and we have been around long enough to know better than to take any alert message from any security software for granted, because heuristics can cause false positives. As such, please… let us have better access to the file information… please… pretty please… (especially since for users like myself, I always like to submit the suspect file to virustotal for a second opinion, so I need access.) Especially since, if the full path + filename was given in the alert box, (instead of C:\SPYWA~1\SDCONT~1.DLL) we might be more informed about whether or not its a good idea to quarantine the file, rename it, or leave it alone.
So, key word here being transparency.
Also, as much of a nightmare as this false pos was, thank god for the forums. As previously stated, one of the reasons I stick around.
OOps I deleted some OA files
I caught the FPs virus on a computer and deleted some OA files
http://forum.avast.com/index.php?topic=51647.0
So I was in same position as users who got caught with the FP alerts. Being a tech I should know better, but I do these things. There’s a lesson to be learnt. As davidR says ‘you have none left’ (say no more).
In this case I think it was hard on the average users. And I feel put out that I didn’t post earlier, with my mind elsewhere, not knowing the extent of the threat. Afraid I’m in with the newbies on this one.
First computer I speculated supposed OA files and was wrong. I deleted that files that my OA needed. I have since disabled OA. I have added WinPatrol to fill the gap.
http://forum.avast.com/index.php?topic=51664.msg437254#msg437254
Virus hit in Programs - FPs thrown up amongst various programs, mine started with OA. Virus chest refuses to take file at same time Avast prompted me to Restart with scan. I took this option. I scan OA on Restart and got alert, so went to update with alert still showing on screen. Avast updated and I restarted then went to OA and scanned it and it came up clean.
My OA is premium so its paid. Bit more to the reinstall than with the freeware, but done it before with OA.
I watched the boot time scan through so have good look at sequence. There seemed to be no FPs amongst the Windows files. I’m going to base a report on the threat and the first computer and post it on a thread. http://forum.avast.com/index.php?topic=51664.msg437900#msg437900
I’ve returned the computer to best performance. still to run a full checkup. But no malware.
Yeah,well I made it some of my FB.
We are not at the book burning stage yet.
THANK YOU! I agree with every word in your post. You have explained it much better than I did.
I have an old, harmless file detected by both Avast and Avira (about 30% of scanners at VirusTotal detect it) as VBS.malware.gen. I use it like I would Eicar for testing purposes with the scanners that do detect it. With Avast 5, if I right click scan it with the on demand scanner, I get options with “do nothing” as one of them. So, that is acceptable.
The real time scanner is the problem. If I try to open this same file, the real time scanner pops up and states that “Avast has blocked a file. No further action is necessary”. I have the File System Shield configured as Actions/Virus/No Action. Please explain to me how “BLOCK” is “No Action”. “Block” is an action! I don’t want the file blocked. I want, in this case, for the scanner to IGNORE it. To make matters worse, after BLOCKING access to this file (even though I have No Action chosen), Avast tells me “No further action is necessary”. Well, heck, OF COURSE further action is necessary since I want the Shield to ignore the file so I can access it! I don’t want to put it in exclusions. I want an IGNORE button! Ignore button could be temporary. With Avira ignore is just for while you are right there. If you leave the area and do something else and then come back to where the file is located Avira will alert again (this confuses newbies and average users and I must have answered dozens and dozens of posts about it their forum over the years). So, ignore doesn’t have to be forever. I don’t care if it is, or is only for a short while, but I want the OPTION of IGNORE …at least for the time being.
When this current mess occured, I had File Shield configured on Actions to First “Ask” and if that failed then Second “Take No Action”. So, Avast rebooted with the bad definitions and beta 3 and immediately flagged HostsMan as a virus. OBVIOUSLY, ANYONE would know that was a False Positive. I had just started that computer after 4 days of no use. Avast did not object to HostsMan when I started the computer. I immediately did an an update of Avast which got me a program update to beta 3 and the bad definitions and Avast asked to reboot the computer. I allowed that and bam! HostsMan is now a trojan?! Well, of course, not! It had to be a FP. Yes, there was the slight possibility that Avast had not had a definition or heuristics to determine until now that HostsMan had a trojan but that was a very slight possibility and it was EXTREMELY likely that there was false detection of HostsMan.
So, I get a popup Asking what to do and I am given three options: move to chest, delete, or block! NONE of those, in this circumstance, was acceptable. Block is NOT ignore! Block would have kept HostsMan from running! That was UNACCEPTABLE. So, my choices were: Lose my hosts file or disable Avast both of which were unacceptable! Do you finally understand? Block is NOT ignore! I need IGNORE.
Avast has the same shortcoming that I and many others have complained about for years with Avira. I might be persuaded to use Exclusions in lieu of a missing Ignore button but Avast, like Avira, doesn’t make that easy. Why is there no box on the “Ask” popup for me to check to have that file AUTOMATICALLY excluded? Avira’s excuse is that the naive users might be harmed by such an option. Ugh. Make it slightly hidden then with a further click and a warning before one can check the box to automatically exclude the file.
As an aside, I NEVER put anything in quarantine. Why? Because many times antivirus applications screw up when restoring files. I had Avira recently put the files in MyPrivate Folder in quarantine. I had been helping someone in the forum and had changed my settings while helping them troubleshoot and I ran a rootkit scan with the altered settings forgetting I hadn’t changed them back as I usually have them. So, all those files ended up in quarantine as an automatic action (which is what the user needing help had the setting at). When I went to restore them they restored as corrupted. Avira is not the first antivirus I have had that has messed up at sometime with restore from quarantine so I don’t use it. I want BOTH IGNORE AND BLOCK OPTIONS. I will choose block for anything I am unsure about and then will submit to VirusTotal/Jotti/etc and to the vendor. For something I know is not a virus/malware (like the VBS file or HostsMan) I will choose ignore so that I can USE the program!
Please give us an ignore button in ver 5. I would like to continue using Avast on at least one computer. I was impressed today when I read the blog and the lengthy explanation in the forum about the details of how this huge mess happened and why. I very much appreciate any vendor who is open and honest about mistakes and who pledges to keep the customers fully informed as to what actions are taken to prevent such problems in the future. But I still have to have an ignore button!
hehe, Sophos deleted the exe files for our POS software last week. Luckily it was only related to one site. Why thier IT guy set it to delete is beyond me.
Greetings I am new to the forum and like many here I was affected by the avast error, but not going to uninstall with more reason I stay with him, is that people Alwil not to let this happen again:)
It makes me laugh people who say they uninstalled avast and never use it again, but recently there is a problem with a Windows update that of a black screen and not see them writing that they will stop using windows, or the generic error host process for win32 services of xp
Excuse my English do not write very fluid, so I use the google translator xD
Nothing wrong with your English.A lot better than my Venezuelan.And I agree with what you say.
lol…lol actually I find it funny!
When I found so much viruses in my computer,my common sense told that it is impossible that there is so much virus!
I was totally sure about my pc’s security with my avast,firewall and malwarebytes.
Well I was thinking yesterday not virus and now lots of viruses that was not normal and so I just ignore it!
Then after an update at my surprised things were fixed and when I went to the forum at my surprise it was an error made by one of awil software^^!
But whatever happen as soon as it can be forgiven I’ll stay with avast!
By the way I suggest you not to use AVG!!!
It completely damaged my whole pc don’t talk about software with its reboot removal arggghhh I can’t even log in my computer it took me a lot a money to fix that thing!