Stop detection of jailbreak items

Hello. I am an Avast user with a jailbroken iPhone. To clarify, Avast is running on my Mac, not on my phone.

As a user who has a jailbroken phone, I download jailbreak-related files on my Mac to sideload to my iPhone via a charging cable connecting the two. I would like to have Avast quit detecting and putting jailbreak-related files into the virus chest on my Mac.

I was wondering if this is possible (to specifically exclude detecting jailbreak-related files). If not, is there any place I can provide feedback to Avast about this?

Thanks!

(Note: I made a new post based on a recommendation made here: https://forum.avast.com/index.php?topic=231719.0)

Hi Bob,

Note: My experience is only with Avast! Windows. However, it should be possible to exclude folders and files.

See this article >> https://support.avast.com/en-ca/article/Antivirus-scan-exclusions

On a side note: Jailbreaking applications are likely detected due to their nature. They designed to bypass restrictions set by the manufacturer. It’s worth noting that jail broken applications can lay backdoors, credential stealers and more into your OS; hence the detection for them.

Let us know how you make out.

Hi, Michael.

That makes sense. However, one of the applications I use installs jailbreak-related files into the tmp directory temporarily before installing it to my iPhone. Whitelisting the tmp directory would probably not be advisable due to obvious reasons. Also, there isn’t really a way to whitelist specific files because the files are downloaded with temporary random names.

Also, I understand the risks that come with a jailbroken device, and I am willing to take the given risk because of the functionality I gain from jailbreaking. Additionally, I am very careful in what I download and run on my device.

So, if there is no way to exclude a “type” of detection, is there some place I can provide feedback to Avast to suggest the addition of this functionality?

The functionality likely already exists, just not in your product. What I mean by this is, it’s likely an advanced feature in a Business setting where a use case for this might be (more easily) justified. It’s worth noting that any such functionality in a Business or Corporate environment would rely on a central management system. Generally, in fact, almost always, it’s better business to deal with 100,000 users who want function X, then 1 user who wants function Y. Is there anything in common in the detected files (A common extension for example) that you can use as a way of excluding that?

You can always contact Avast! here (Premium Security) >> https://support.avast.com/en-ca/contact/paid_mac_avast-premium-security-for-mac

or (Avast! Security) https://support.avast.com/en-ca/contact/paid_mac_Avast-Security-for-Mac

Both rely off order IDs. If you’re using Mac Free, then I don’t know of an easy way to get ahold of them, aside from here.

Edit: Can you post a screenie of the detection, please?

That’s a good question. The file types tend to either by .ipa files or .app files (technically directories, I suppose).

Here is a sample screenshot for you:

https://i.imgur.com/4UK49dw.png

The async wait exploit is one of the methods unc0ver can use to jailbreak an iPhone.

The threat name can also be MacOS:Jailbreak-E [Trj] sometimes.

Hi, in our point of view this file is malware. Detection is correct.

https://www.virustotal.com/gui/file/ca4b2ea59d5eb6b1757ac715335cfce82ce3a37cebd4ab2f7ca9a2a6a0085b36/detection

I understand that, Vladimirz. It makes sense that jailbreak files are detected. Nevertheless, I believe my question still stands. You should still be able to exclude what you do not want detected. I am not questioning whether a jailbreak file should be detected for most users.

Just as you can make specific filepath exclusions to detections to Avast when you don’t want a file to be detected, I believe this falls under a similar umbrella.

Could someone explain more about whitelisting files by filetype? If I could whitelist .ipa files, that would partially solve my issue.

You can always disable shields for the duration of the crack. The use of the crack (and whitelisting the associated files it drops) negates any protection those shields would offer in the first place. This would be the simplest options in this instance. The risk of infection is normally posed by the files and websites you visit. You’ve already visited the website, and you’re disregarding the notices from Avast!.

To my knowledge, the functionality of whitelisting specific file types is not offered in most consumer AVs. It’s an option reserved for Enterprise solutions where you have a dedicated team to handle such security threats.

Yeah, I suppose disabling the shield while downloading such files is an option. If that is the only way to go about it as a free user, then so be it. Thanks!

Avast has already stated that in their opinion, this is malware.
If you want to bypass your protection, you do so at your own peril.

In such situation it would likely be necessary to disable the on-access scanning when you use your jailbreak software. Any AV is going to detect software using exploits wither avast or another vendor.