Suspicious program - how do I exclude?

I have a program that Avast keeps flagging as suspicious due to low prevalence (not surprising - it’s a program that only our company uses). The program is now listed several times in the exclusions list, but I keep getting prompted each time it runs (which creates another exclusion entry). The only extra detail I can think of is that I’m calling the program multiple times via a batch file rather than directly.

How do I make sure this program doesn’t trigger an alert?

Well, can you write down what is in the exclusion list?

About 10 of these:

X:\updt_to_sql\cmdUPDT_to_SQL.exe

For the moment, I’ve disabled “The file prevalence/reputation is low” in the REASONS FOR AUTOSANDBOXING dialogue, and that’s stopped it constantly flagging the program.

If the file is run from removable media, then I don’t think it can be excluded from autosandboxing.

Ah! It’s not removable, but it is a mounted encrypted disk - would that do it?

Incidentally, whatever the case, there is something odd about the multiple entries in the whitelist (which is then ignored) - should I document it and file a bug report?

I’m not sure. Is the disk mounted on boot-up and do you have access to it’s contents immediately after logging into Windows? If you have to enter a separate password to access the encrypted disk, that’s possibly the cause. Hopefully, Avast staff will see this thread and provide some insight.

It’s mounted after I log in to windows XP - a standard TrueCrypt drive.

I can see the logic of excluding it from the exclusions - after all, several CDs could contain different autorun.exes. The bits that don’t make sense or could be improved are:

  • To keep adding the same file to the exclusions and then ignoring it
  • No obvious way to prevent the prompting during a session without turning off that particular criteria

I’d suggest that the file should not be added to the exclusions (since it’s going to be ignored), and that a file on removable media should only trigger one warning until the media is changed.

Set the AutoSandbox to “Ask”, that should help.

I have, but the problem is that my batch file calls the program several times, and each time I need to give permission, and each time it adds a new instance of the program to the exclusions list.

That said, I’ve now resolved the issue by moving the exe to my C drive (where it should probably live anyway - it’s only the confidential data I need on the encrypted drive).

It sounds like Avast considers the program a new program every time that it is decrypted to run when it is called by your batch file.