Note: For option (d) don’t reply to your own ticket or it will be pushed back in the line. Expect replies from Avast Support within 5-7 working days. Tickets are handled first come first serve.
As for your your comment:
“Before I can click Submit, I have to check ‘‘I know what I’m doing’’.
Being not entirely convinced I do know, I’d like to ask;
What is there to know?”
It just wants you to tell you that you are certainly sure of the file in question is harmless and avast detected it as a false positive and not a malware and that you know where the file came from i.e. trusted source.
To further note:
Scanning both files from within Chest = no virus.
Restore, AND Restore and add to Exclusions, doesn’t seem to be working.
Cyberlink update (which appears often enough to make me suspicious anyhow) doesn’t work any more - ERR_CONNECTION_RESET.
And, the other one I think probably essential, DBRUpdate.exe doesn’t work now - followed location path and clicked it directly. Nothing happens beyond Windows admin prompt.
Well… Temporarily disabling avast! shields allowed cyberlink update to proceed.
So, my conclusion would be it wasn’t properly added to Exclusions.
It may be the Dell Backup and Recovery Update.exe wasn’t either.
So you are saying that the Cyberlink update is causing a false positive from your avast program? Ok, since your cyberlink has now been properly updated when your avast shields were disabled, check for vps updates for avast and do a full system scan and see if Avast flags your cyberlink update/program as false positive.
What is your Windows Operating system and Service pack?
What edition of Avast do you have Free/Pro/IS? What program version do you have? What vps version do you have?
@ CCV
The problem now is that there are differences in the on-demand scan and that of the on-access scan.
I have a file in the chest, which isn’t detected by right clicking on the file in the chest and having it scanned. The reason this was detected by the file shield (on-access, real time scan) as it can run DeepScreen and or access the avast cloud for information on the file. Either of which could flag it as malware, as these two functions don’t happen on an on-demand scan.
See attached image of a file which in the chest isn’t detected, yet it is on the file shield scan, this is also why it isn’t detected by the VT scan as that is only on-demand scanning.
So what was the malware name assigned by avast when it was detected ?
I did, as well, download and reinstall Dell Backup & Recovery program. Clicking DBRUpdate.exe directly doesn’t do anything much anyway.
But, now, when I open the utilility it goes through the motion of updating - which I haven’t noticed it doing for as long as I can remember - and the (warning) notification icon is gone. yay
Did a full system scan, as suggested. No ‘infection’ found, but a whole bunch of files couldn’t be scanned - mostly, like, Installshield Information and some other files related to Cyberlink installation and a fair lot related to DBRupdate. Log files, as far as I can make out. ???
Avast Internet Security (licensed) 2015.10.2.2218, vps 150606-1
Windows 8.1 with automatic updates.
I can’t tell now what malware name was assigned, since I did scans within Virus Chest it sez ‘no virus’.
From memory, it was Win32Gen somethingorother - or similar, for both.
Sorry, DavidR, I forgot to mention when detected.
Under ‘‘Transfer time’’ the date for DBRUpdate.exe is 20/04/2015. Btw… I seem to recall reading something about DBR being regarded as a PUP (by Malwarebytes, possibly) at about the time, so wasn’t especially surprised that avast! tagged it. Tho I wouldn’t think it was really a virus now.
For a file named E762.tmp, the date is 06/06/2015 - the date of the attempted Cyberlink update.
If it had been detected by MBAM activity (scan on the tmp file) that could have been the trigger for avast to scan in real time and the higher level of scanning.
Otherwise avast may not have scanned it until it in itself was active, though its file type and location may also have been considered suspicious. Ordinarily avast doesn’t scan for PUPs (web shield being an exception) unless you change the default settings.
Avast! still Aborting Connection when automatic update for Dell Backup and Recovery is attempted.
Reported as False Positive directly from pop up, and ‘I know what I’m doing’.
Don’t see why Additional Comments is a required field. It’s not marked as such, but I kept getting ‘incorrect information’ message until I wrote something there.
For Cyberlink updates, avast! Hardened Mode active during install (several pop ups) and again during first launch.
Best practice, for this and other programs affected by Hardened Mode, seems to be temporarily disable File Shield.
Some don’t install correctly, despite Add Exclusion, otherwise.
Personally I wouldn’t disable the File System Shield for Cyberlink updates, but try disabling the Hardened Mode (which isn’t enabled by default) and see if that has a more positive impact without having to disable the FSS.
Dell Backup and Recovery possibly is a PUP. Not sure if that is how avast! rates it…
However, I did find Web Shield was set to Abort Connection for PUPs - changed it to Ask.
I don’t remember setting the Web Shield to Abort PUPs… What’s the default there?
I have Scan set to check for PUPs. That’s the only thing I remember changing.
If you are using the Add to Exclusions option in the alert window, that may be recorded elsewhere. Otherwise it should be in the avastUI > Settings > General - scroll down to and expand the Exclusions section > Hardened Mode tab. If it isn’t there try manually setting the exclusion there.
Because I’m on a different machine where I’m sure I haven’t touched this setting, default Web Shield action for PUPs is Abort Connection - same for Suspicious.
The web shield effectively has only one option, Abort Connection - whilst there is Ask the only option in Ask is Abort Connection.
I have all of my shields 1st option set to Ask as I want to be in control of any action taken, even if it is the web shield, it gives me time to gather any analysis information before Aborting the Connection.