Suggestions for paid versions

[1] What about to add to paid/free version of avast! function to enable disabled Task manager or infected explorer.exe ?
Or even create a standalone utility (like aswmbr) with these functions.

[2] Add Rescue disc for paid version like ESET and other antiviruses has.

I’m not sure what “enable infected explorer.exe” means, but yes, some registry repairs will probably appear in the future.

As for the Rescue disc… I thought it can be (or not yet?) purchased when purchasing the paid version… which is basically similar to [2], without having to make the paid version more expensive to pay for the CD OS license :slight_smile:

I didn’t mean “enable infected explorer” but repair infected explorer :stuck_out_tongue:

I have next suggestions ;D

  1. Adding the detection of files that contains macro’s
  2. Adding the detection of files with double extension

So your going to have avast alert on all Word and Excel documents as they could all have macros, depending how your default .doc, .xls, etc, are set, not to mentions and word or excel documents you might be sent legitimately that have macros in them.

I think not.

Avast already scans word/excel documents, etc.

Also, . is frequently used as a delimiter (instead of space) for portability reasons. Such as

This.Is.My.Kinda.Long.Filename.With.Important.Information.doc

Producing false warnings on this would be totally unacceptable.

Maybe you-know-what.avast.com will be the place :wink:
For me,

  1. No. I use files with macros and so what? They’re clean.
  2. No. What’s the problem on the double extension. This will not increase detection, just bring a security sensation, rather than security itself.

I was looking at AVG, you know ;D

;D

If the macros are being used in MSFT Office documents this might be of value with respect to macro security

https://office.microsoft.com/en-us/excel-help/enable-or-disable-macros-in-office-documents-HA010031071.aspx?CTT=5&origin=HP010096919

Actually, I believe some double extensions are detected in specific situations (don’t ask me for details, I don’t know them).

yeah I think that Vlk mentioned once that this was detected…

Yes, by the double extension I mean this:
myphoto.jpg.vbs, detection should be for the people who have option for hiding of known extensions.

These more paranoid and generic settings should be available as part of antivirus settings but disabled by default.

For example:

  • double extensions (example.jpg.scr or example.pdf.exe)
  • large whitespace sequnces (example.jpg .exe)
  • large whitespace sequences in combination with suspicious double extensions

In theory this could be easily done using Behavior Shield with pretty high accuracy. Throw in whitespace sequences check and with positions of extensions and fake extensions in the name and i don’t think you’d ever get any false positive even with this feature enabled at all times. They’d just have to check non english and for example islamic (is this right) sequences since they write and read from right to left and that might work different for this detection).

The whitespace check is already there in mail shield (and would be pretty much pointless for anything else).

Yes I meaned that like you.
Just when you will want to open file with dangerous double extension the behavior shield will pop-up

I added poll ;D (I bet that It will be total fail in voting :D)