I have a program that Avast keeps flagging as suspicious due to low prevalence (not surprising - it’s a program that only our company uses). The program is now listed several times in the exclusions list, but I keep getting prompted each time it runs (which creates another exclusion entry). The only extra detail I can think of is that I’m calling the program multiple times via a batch file rather than directly.
How do I make sure this program doesn’t trigger an alert?
For the moment, I’ve disabled “The file prevalence/reputation is low” in the REASONS FOR AUTOSANDBOXING dialogue, and that’s stopped it constantly flagging the program.
Ah! It’s not removable, but it is a mounted encrypted disk - would that do it?
Incidentally, whatever the case, there is something odd about the multiple entries in the whitelist (which is then ignored) - should I document it and file a bug report?
I’m not sure. Is the disk mounted on boot-up and do you have access to it’s contents immediately after logging into Windows? If you have to enter a separate password to access the encrypted disk, that’s possibly the cause. Hopefully, Avast staff will see this thread and provide some insight.
It’s mounted after I log in to windows XP - a standard TrueCrypt drive.
I can see the logic of excluding it from the exclusions - after all, several CDs could contain different autorun.exes. The bits that don’t make sense or could be improved are:
To keep adding the same file to the exclusions and then ignoring it
No obvious way to prevent the prompting during a session without turning off that particular criteria
I’d suggest that the file should not be added to the exclusions (since it’s going to be ignored), and that a file on removable media should only trigger one warning until the media is changed.
I have, but the problem is that my batch file calls the program several times, and each time I need to give permission, and each time it adds a new instance of the program to the exclusions list.
That said, I’ve now resolved the issue by moving the exe to my C drive (where it should probably live anyway - it’s only the confidential data I need on the encrypted drive).