virus warnings interrupt other programs

system · 2006-11-07T12:46:50.000Z

I have the free version of avast and I find that as soon as it finds a virus the “options” screen pops up and interrupts all other programs.
I know of the “check for fullscreen apps” option but somehow avast does not seem to think of anything as a fullscreen app.
This problem is immensely irritating and screws with my work since I do realtime updates from home and really cant afford to get interrupted once every five minutes.
Avast is the best virus protection software I have found, yes even better than Norton, and it would be a shame if I had to stop using it because of a minor complication.
Thanks
//Kn Martin Tjernström

igor0 · 2006-11-07T12:50:00.000Z

The “check for fulscreen apps” is related to informational popups (such as “Virus database update” - i.e. something you can consider a common thing). Virus detection should not be such a common thing on an ordinary computer… where do these warnings come from? I mean, are they viruses detected in e-mail, or on disk, or… ?

DavidR · 2006-11-07T13:18:24.000Z

If you are getting interrupted once every five minutes by virus alerts you have a serious problem, as igor mentions more information about them would help. With this kind of frequency, you may have a trojan downloader or a backdoor and web shield is detecting and blocking these downloads, this is however, speculation as you have given no information on what is being detected and by what (which avast shield/provider, etc.).

These advanced automated options (dealing with a detection automatically in the background, etc.) are only available in the Pro version. If things are this important to you perhaps you would be better off with the more flexible Pro version.

You only have a limited option in the Home (free) version, to send the infected file to the virus Chest (silent mode, with general answer no, see below).

My own feeling on this is you should use the default interactive action. This way you know exactly what is going on with your system. If you are getting so many warnings, that you want to automate this process, I believe you should review your security practice - filter emails at source, delete from server rather than download them, review the sites they visit, etc.

See the avast help file, Resident Protection: Standard Shield Provider Settings - “Advanced” Page.
Click on Standard Shield and then on Customize.
Go to Advanced tab and select Silent Mode and the General answer No.
Again this is dependant on which provider is alerting you.

Leave the file in the chest for a week or two (it can do no harm from there) to ensure no adverse effect from being moved to the chest. Then scan the file again in the chest to ensure it is still detected as infected and if so delete it from the chest.

system · 2006-11-07T16:19:29.000Z

You are absolutely right when you say I have a serious problem, unfortunately my ISP is of the lower grade and these viruses seem to be originating from someone on the same net segment as me as I get several warnings for dcom exploits from someone with a ip provided by the local proxy server.
When I contacted them about it they gave me the token answer that I should get a firewall (already have one, but it slows my connection down to almost nothing) or buy the upgraded security package from them at quite an extra cost.
The only other option is to switch isp and see if another company provides more security but with the physical net beloning to my current company the cost of having another ISP on that wiring is also quite enormous.
I will try the “silent mode” advice, though, as it seems to be what I was looking for.
Thanks again for all the advice.

//Kn Martin Tjernström

Lisandro · 2006-11-07T16:22:05.000Z

RandomAdmiral post:4:

I get several warnings for dcom exploits from someone with a ip provided by the local proxy server.

Stange… this warnings generally reveal a non-updated Windows installation :

DavidR · 2006-11-07T16:52:08.000Z

RandomAdmiral post:4:

You are absolutely right when you say I have a serious problem, unfortunately my ISP is of the lower grade and these viruses seem to be originating from someone on the same net segment as me as I get several warnings for dcom exploits from someone with a ip provided by the local proxy server.

This usually indicates speculative attacks (usually from someone whose system is infected) not that your OS isn’t up to date, the attempt to exploit doesn’t know the OS, much less if it is up to date. But it does indicate that the avast Network Shield seems to be catching it when this happens it is because your firewall isn’t intercepting these exploit attempts.

What is your firewall ?
What Operating System are you using ? is it up to date ?

RandomAdmiral post:4:

When I contacted them about it they gave me the token answer that I should get a firewall (already have one, but it slows my connection down to almost nothing) or buy the upgraded security package from them at quite an extra cost.

This is the price of protection, life is about compromise, and a good firewall is an absolute must, but it shouldn’t get in the way so as to noticeably slow your connection, answering the what firewall do you use will help. I personally wouldn’t take them up on the offer of the upgraded security package either as I feel their support is severely lacking already and there are many good firewalls out there at a reasonable price or even free.

RandomAdmiral post:4:

The only other option is to switch isp and see if another company provides more security but with the physical net beloning to my current company the cost of having another ISP on that wiring is also quite enormous.
I will try the “silent mode” advice, though, as it seems to be what I was looking for.
Thanks again for all the advice.

//Kn Martin Tjernström

I would say switching ISP isn’t an option, but take responsibility for your own protection, no ISP can provide workstation protection from a server based security option. You have to have the security programs installed on your system and I also wouldn’t take any ISP security package as IMHO they don’t select the best package for you, rather the best package for them.

As I said the silent mode option isn’t recommended, that is only masking the possible symptoms, not treating the disease and we haven’t even established which provider is alerting you. If they are all dcom style attacks then I suspect they are Network Shield alerts.

If you can provide us with a sample of the alerts (common groups), check out the avast! log viewer (right click the avast icon and select it) and look in the warning section. We want the virus name, file name and location, either HDD path or Web URL, etc.

Announcements