Hi,
I have a URL with malware, that isn’t blocked by WebShield.
If I scan from Windows Explorer, Avast detect it, so why WebShield doesn’t detect it?
hxxp://zhushou.52lishi.com/kuai8bd_14928.exe [no detected by WebShield]
Regards
Hi,
I have a URL with malware, that isn’t blocked by WebShield.
If I scan from Windows Explorer, Avast detect it, so why WebShield doesn’t detect it?
hxxp://zhushou.52lishi.com/kuai8bd_14928.exe [no detected by WebShield]
Regards
If I scan from Windows Explorer, Avast detect it, so why WebShield doesn't detect it?detecting a URL and detecting a file is not the same
just because avast detect a file, it does not necessarily block the URL that the file comes from … unless that URL is in avast blacklist
old PUP crap First submission 2014-08-16 00:16:55 UTC ( 3 months, 2 weeks ago )
https://www.virustotal.com/nb/file/2e13816f56e4f2311407e790de789921a136a1cadf873fe981ae5a2e2d21a0b7/analysis/1417391498/
But doesn’t the WebShield analyse all the files before it reach the PC? It couldn’t be just about the url is on the black list…
I have the WebShield default settings, plus PUP and High Heuristics sensitive…
I tried the link and had a warning from file shield + web shield which then aborted the connection.
Yep, with File Shield it could be detected, as by Windows Explorer context menu option, but Web Shield should detect it in the first place…
Some answer from Avast Reps?
Thanks
The web shield is detecting it when you try to download it, image1 (don’t know why the image turned out this way). Detection is FileRepMalware - which is initially a poor reputation.
Because firefox tries to download it before you actually choose Save it, because the web shield aborts the connection, the file can’t be saved. This throws up an error, image2, note the file name has the .part at the end, which is a temporary file awaiting final saving, when the .part at the end is dropped.
Now the File Shield gets in on the act, image3, but this is on the .part file name and not the w081p2ka.exe - which never got fully downloaded and saved. Note that the malware type has also changed to Win32:Adware-gen [Adw]
For me the detection and alert process appears to have worked as expected.