Scan for viruses - List of exceptions doesnt keep Avast from false Alarms

Hello,

i am using Avast Free for many years now inside a Win7 virtual machine. Over time, after running into quite some false alarms in my downloads-Folder, i began to obey to a customized naming convention for those, so i could have Avast keep its hands and eyes off the files, i had checked myself.

After a while, that did no longer work, Avast kept complaining about those files - obviously ignoring my exceptions list(s). Next, i switched to placing them outside of Avast’s reach on the host (which is a linux computer), connecting that place via a readonly network connection to the VM. Every once in a while - for safety checking - i keep Avast scanning this network area. But lately, i get overwhelmed with complaints, most of which are false alarms and misleading, and ALL OF THEM are coming from files, that should have been excluded by the exceptions lists according to the configuration.

All in all, i am close to reconsidering my choice of Antivirus strategy, between a rock and a hard place: Win10 as well as Avast seem to offer little gain at a high cost. At least, that is how it is looking to me, a user, who is interested in keeping most - if not all - of its data safe and private, not interested in software, that overrules the users intentions - for whatever reason - !

Any suggestions are appreciated.
Thank you

And what does avast say about those file(s)

Have you tested files at www.virustotal.com ?

As an example:
https://www.virustotal.com/en/file/1b2eea4c28e7fcb3429a922ce6957bc7d82100199ff8fa6889916d708d981151/analysis/
Nirsoft Password Recovery (not malicious)

But isnt that irrelevant? - If i chose to keep the file, rename it, and still scan the rest, why does Avast complain about it?

Analysis date: 2014-10-19 16:22:40 UTC ( 1 year, 3 months ago )

always post fresh result by clicking the rescan button :wink:

any help in this?

Avast Antivirus 2016: How to exclude certain files, programs, or websites from scanning https://www.avast.com/faq.php?article=AVKB168#artTitle

reboot after you have sett it >> https://forum.avast.com/index.php?topic=182180.msg1287326#msg1287326

Thanks for pointing out, the analysis was out of date. True.

And i consider this to be a moot point. Even if it were a virus, i still consider it to be an exception, that Avast fails to respect.

from exclusions.ini:
ExcludeFiles=““ENCRYPTED .”;”*.$x$“;“INFECTED .”;“CAREFUL .””

And what exactly got detected (as reported by the detection toaster, or by the corresponding report file)?

Certain tools from Nirsoft sure do need to be detected as malicious.
e.g. the password recovery tools.
Cracking/hacking passwords is illegal.
If they aren’t be detected as malicious, you could also say it is ok if I crack/hack your passwords.

Grow up, this tool if used properly, helps you access your legal registration information.
There is nothing wrong with this tool.

There is nothing wrong with this tool.
as said by several of the detection names given

however it can be used for good or bad, and was first uploaded to VT almost 6 years ago, so if any vendor did not think it is a risktool, detection would have been removed by now

Grow up yourself and open your eyes Bob.

We live in the 21st century now.

Thanks all for the discussion and the input.

Interestingly, many involved themselves into answering the question: “Is this software malicious or not?”, thus completely missing the point, as this was only an example (many more files concerned) and it was used to demonstrate the way, the configuration failed to get respected.

Today, i am happy to share: This - by now - is a moot point too, since the scan is now working as intended, no longer emitting spurious messages.

What changed?
Not sure, maybe Avast deployed an update? - Or some strange side effect happened, as i changed the configuration somewhat, which seemed to not affect the scan. But after SAVING the configuration for the sake of an explicit backup, the very next scan succeeded. - So all in all, the problem no longer shows itself on my VM and i am a happy customer. :wink:

Just to help you to improve…
I found: the scheduled scan respects the exceptions for the time being.
whereas: if i start the exact same scan manually, the exception list/-configuration still fails to get respected.

And i can live with that, but think: this is weird and should be resolved.

By a manual scan do you mean, a right click scan from explorer (Explorer Scan) ?

If so, I don’t know if that follows the avastUI > Settings > General > Exclusions (though this is a meant to be a Global Exclusion) as it is considered a Special Scan and it has its own Settings and Exclusions.

No

I use
avastUI > Menu > Scan > Scan for Viruses > (all previous options are localized, though) and select the exact same Scan, that is invoked by the schedule otherwise.

Sorry for late answer: was hospitalized and just missed your Q

Since you used the AvastUI > Settings > General > Exclusions, that ‘should’ have applied to your on-demand scan.

If this still doesn’t work ?
Can you copy the text that you entered into the exclusion.

I trust you are now on the mend.

Ah!
… much easier to look at the decompressed configuration files from *.avastconfig … and they in fact look weird.

I did not try to resolve the problem just yet, but i can see outdated content in there, and contradictory settings. I would be confused :slight_smile:
Is there a proper description of the meaning of those files (avast.ini, exclusions.ini and more)?
They got messed up, probably way in the past, much earlier, than my first backup is.

Or is there a faster way to clean those up without the need to reinspect each and every dialog by hand?

You could try Restoring Factory Defaults - AvastUI > Settings > Troubleshooting.

WOW, even after all those years, i missed this option! Thank you. Of course, i was intending to avoid that initially…
…but since the config was messed up big time after so many updates/years, i chose to revisit every dialog after cleaning up.

And so far, all seems well.
Thank you very much for this great reminder!!!