since 2 days we have Avast armageddon

Avast Business
1
  1. Since feburary 28th Avast is detecting many .doc files (MW97:CVE-2006-2492) → Case has been opened
  2. As of this morning Avast behavior shield is going crazy! We have detections in an amount that we never had before. Something must have been change from Avast! Short Workaround: disableing behavior shield within the global policies…
2

Update:

After disableing the behavior shield last week (which worked so far) we see it still running on customer clients right away with detections of it.

This is really a mess Avast!

Action: Create a case → revering to case 15814728 and informing contacts at Avast… hope we can speed up some things here…

3

Reported to Avast.

4

Hello,

fix for this issue has been released in virus definitions update 230302-00, can you still reproduce it with current virus definitions?

5

To which problem of the two shall this apply? DOC or behavior shield?

Regardless of any definition updates: Those would not explain why behavoir shield is active again although disabled within global policies…

6

I’m sorry, I missed the behavior shield question, only detections on DOC files were solved by virus definitions update.

We’re currently working on resolving the behavior shield issue.

7

As per case 17592044 this problem (behavior shield) was also fixed…

At least as of today we do not have suche a great amount of detection/blocking mails from the hub. This indicates that it could be fixed indeed.

I’ll keep an eye on this!

8

Negative: I enabled BS within our global client policy, right after that a bunch of Hub detection mails where sent…

This has definitely not been solved!!!

Again I disabled BS since customers can’t work with this and we still have 15814728 unsolved.

God this is so bad work guys! >:(

9

Hi Tom610,

the issue was fixed but there may be some pending detections for some reason. There are 2 other shields running in the process which may have some impact on the results after the BS restart.

Could you please restart the devices before enabling the BS?

Thanks,
PDI

10

I have activated BS as of today 10.57 a.m german time.

We’ll see next week how it goes with this.

11

Update: Seems that Avast has solved both problems. Hub has calm down… armageddon is over… ::slight_smile: