- Dec 23, 2014
The case 7 behaves just like Avast blocked obfuscated script run via Office macro.If you look at the Detection/Blocking stages table, you will find Avast (AVG) does not simply block all obfuscated scripts. In case 7 and 10, Avast blocked immediately after the threat has been run. In case 9, Avast blocked after the threat has been run, and its actions have been recognised.
The case 10 has nothing to do with scripts.
In the case 9 the CmdLine in .lnk file managed to download the PowerShell payload (obfuscated script) and the payload was blocked by Avast.
There is an error in the online report (wrong numeration of scenarios). So my answer about scenarios 9 and 10 is in fact about scenarios 10 and 11. The corrected answer is here: