Advice Request Avast IS - EICAR question

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Windows Defender Shill

Level 7
Thread author
Verified
Well-known
Apr 28, 2017
326
I performed a EICAR test following the instructions from Avast test FAQ page Avast FAQ | Avast Antivirus: Testing whether Avast Antivirus protects your PC against malware

First part of the test was to test the Web Shield - It of course instantly blocked the download and it never got into the download folder.

Second part of the test (this where my question is) was to disable Web Shield and test the File System Shield by downloading EICAR again. With the Web Shield disabled the EICAR file was placed into the download folder with no reaction from Avast. Until I either scanned the file or attempted to execute it, at which point Avast did block it.

Should Avast have detected the file before a manual scan or execution attempt?
 
  • Like
Reactions: Syafiq

kiric96

Level 19
Verified
Well-known
Jul 10, 2014
917
this depends of every AV vendor, some state that doing an "on access detection" some times leads to consume more resources, other people say that while a threat is inactive in the disk doing nothing it is not a hazard to the system, so it can be there until some other program or the user try to open it.

for instance i think that you can change sensitivity of the scanning engine in avast settings (notice that your pc may slow down, this is due to the fact that the scanner will look for every single file you access with explorer.exe).

PDT:some products like eset do detect objects on access and it never slow down the pc, how they do, i dont know :v
 

Windows Defender Shill

Level 7
Thread author
Verified
Well-known
Apr 28, 2017
326
this depends of every AV vendor, some state that doing an "on access detection" some times leads to consume more resources, other people say that while a threat is inactive in the disk doing nothing it is not a hazard to the system, so it can be there until some other program or the user try to open it.

for instance i think that you can change sensitivity of the scanning engine in avast settings (notice tho that your pc may slow down, this is due to the fact that the scanner will look for every single file you access with explorer.exe).

PDT:some products like eset do detect objecto on access and it never slow down the pc, how they do, i dont know :v
Yes that's what I'm thinking also.

But the Avast test FAQ page didn't say anything about executing or scanning the file, it gave me the impression it was supposed to be blocked after I clicked the download button.
 

Syafiq

Level 11
Verified
Top Poster
Well-known
May 8, 2017
536
I performed a EICAR test following the instructions from Avast test FAQ page Avast FAQ | Avast Antivirus: Testing whether Avast Antivirus protects your PC against malware

First part of the test was to test the Web Shield - It of course instantly blocked the download and it never got into the download folder.

Second part of the test (this where my question is) was to disable Web Shield and test the File System Shield by downloading EICAR again. With the Web Shield disabled the EICAR file was placed into the download folder with no reaction from Avast. Until I either scanned the file or attempted to execute it, at which point Avast did block it.

Should Avast have detected the file before a manual scan or execution attempt?
At the default settings, avast's web shield is set to scans anything that downloaded from the internet. But, the file system shield is set to scan only extension that set by the developer(to avoid performance slowdowns). Maybe the ".com" extension and ".txt" extension are not included on the list of extension.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top