Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


February 4th, 2010

What happened to the automatic actions in the Boot-time scan?

Since the release of avast v5.0, we have heard quite a few times the question “where do I set up the automatic actions for the boot-time scan”? As a matter of fact, we decided to remove this feature from avast 5 and this short post will try to explain why.

The reason why the boot-time scan (BTS) in v5 doesn’t support automatic actions is that the feature (at least for now) is very dangerous. In the past, we have seen a worrying number of users who accidentally deleted critical system files by means of the boot-time scanner set up to take automatic actions.

Let me explain this in a bit more detail. Avast has a number of measures designed to fight with false positive issues. False positives, no matter how hard the AV companies try, were always here, are here, and will be here. However, there are many ways to mitigate this issue.

One of the most powerful anti-FP measures is that whenever avast detects a virus, it also consults the whitelist of well-known good applications, and files digitally signed by trusted publishers (such as the binaries belonging to the operating system itself). And whenever it finds out that a detection was made on a whitelisted/trusted file, it basically assumes that it’s a false positive and doesn’t really report the file as infected (and, more importantly, doesn’t take any actions!); it only suggests the user to submit the file to our virus lab for further analysis. Now, this feature was already present in avast 4.8 and has actually saved our bacon quite a few times in the past. For example, about 18 months ago, we had an ugly FP in svchost.exe and only thanks to this feature, the vast majority of our users didn’t really even notice before the problem was fixed).

Now, the problem is that this feature is currently unavailable during the boot-time scans. We are working on implementing it, but it is a lot of work (this is mainly because the Windows crypto subsystems are not yet available at the stage of boot in which the BTS is running). We plan to have this feature ready for v5.1 though (as well as other improvements in the boot-time scanner, such as 64-bit compatibility).

The boot-time scanner is an expert feature, and was designed to be used when there’s something bad going on on the system. And in these cases, I’d say that having to actually select the actions manually is a small price to pay.

Categories: Uncategorized Tags:
  • http://warbandit.exteen.com Petit

    I didn’t have any problem with BTS since I use Avast.
    Keep up for fix other’s problem ^^

  • Cahya

    I didn’t use BTS to often when still on 4.8. So just let ALWIL take their time :)

  • Pingback: avast! BLOG en tuantivirus.es» Blog Archive » ¿Qué ha ocurrido con las acciones automáticas en el análisis durante el arranque?

  • http://www.alice.it onad

    Ancora sperimentale.grazie a tutto Innanzitutto un grande grazie a osare antivirus gratis eccezionale l’uno Gente che non si puo ‘permettere di spendere tanti soldi.vorrei capire se avast5 si puo’ avast ad Sostituire 4.8, o se e ‘il gruppo di avast .

  • http://www.ppinfotek.com Yanto Chiang

    onad :
    Ancora sperimentale.grazie a tutto Innanzitutto un grande grazie a osare antivirus gratis eccezionale l’uno Gente che non si puo ‘permettere di spendere tanti soldi.vorrei capire se avast5 si puo’ avast ad Sostituire 4.8, o se e ‘il gruppo di avast .

    Bienvenido a avast ONAD, seguro de que sería lanzar la nueva versión.

  • Zantonian

    hey i’m having a problem with installing the updates that i download,
    when i take them home to install them on my home pc, errors occur
    i’m using avast vs5, and don’t use internet at home, so auto update is not a option for me. i download the update at work and take them home to install on my pc,
    can anyone tel me why or help?????
    PLEASE

  • Zantonian

    Hey i’m having a problem with installing the updates that i download,
    when i take them home to install them on my home pc, errors occur
    i’m using avast vs5, and don’t use internet at home, so auto update is not a option for me. i download the update at work and take them home to install on my pc,
    can anyone tel me why or help?????
    PLEASE

  • spg SCOTT

    @Zantonian
    If you haven’t already, I would suggest that you visit the forum ( forum.avast.com ) as that would be the best and easiest place to find help.

    I’m pretty sure that ALWIL would like to reduce the amount of requests for help here, and keep that in the forum, as it does make it easier (for both them and you)

    Make sure you are downloading the update file for version 5, as it wont work other wise.

    When you do go to the forum, please report any error messages that you receive as this will help somewhat.

    @Vlk,

    I am pretty sure that I mentioned this somewhere… ;)
    Good decision IMO…If your system is infected bad enough for a boot time scan, I think you really should be watching what gets flagged…

    -Scott-

  • faggiot

    64 bit compatibility please!!

  • spg SCOTT

    @faggiot

    The second last paragraph…

    We plan to have this feature ready for v5.1 though (as well as other improvements in the boot-time scanner, such as 64-bit compatibility).

    -Scott-

  • Wim

    standard i choose no automatic actions, because i NEED to know what is getting deleted BEFORE it is deleted… if its up to me, the automatic actions stay out of it

    maybe another approach would be letting the BTM scan the whole system and at the end come up with the infections it found and choose the actions to be taken.
    This way the whole disk can be scanned unattended and wait for actions when the user returns (on huge disks with heuristic unpacking scanning im not planning to stay and sit there waiting for a virus to be found, but i want to have the control over what is deleted), the user can then choose per infection what to do or choose to delete all in 1 time (semi automatic)

  • Oblio A

    Despite having Avast on system, computer got infected with malware called “Security Tool”. Ran Avast 5 Boot Scan and it failed to removed the malware. Had to then download and install a specific ‘anti-malware’ product which successfully removed the malware. This severely reduces my faith in Avast’s ability to deal with malware.

  • Stig Friis

    I im muissing the BTS for 64 bit Win 7.
    I am helping a lot of people with virus in the computer, and its my best tool.Could it be an optional hided away feature, so you dont use i by an mistake.

  • ananthnag

    its good but i ve just encountered with a problem that, my pc was installed with the latest version of avast but booting is notworking antivirus support is good now what should i do now???????

  • Tech

    Hmmm… the user is still able to choose “delete” all files for instance… So the automatic actions will follow the first detection. Is a”workaround” only…
    Hope you can improve it.
    Also, the Chest access at boot time could be a good feature.

  • Andy

    If you whitelist all system files, couldn’t you have a feature to remove files automatically? Even if a false positive was detected it could just be restored from the chest.

  • marc

    ive got a question my antivirus (avast! 4.8) says my auto updating will end next year what is that gonna mean? it wont update itself anymore?

  • http://Mozilla Glenda Jasper

    I believe in Avast to be one of the most outstanding Anti Virus Solutions in a decade of miserable explanations before to having Avast tell it like it is 100% Boot Scan is remarkable having a terrible time in fixing my Virus infected Computer due to lack of ~ Boot Scan wiped my thought of anything to be in error therefore again. High Five Avast you totally ROCK!

  • http://Mozilla Glenda Jasper

    @Oblio A
    If knowing you had Malware in the beginning possibly it would been easier to download another substance of removing Malware then performing a Boot Scan to complete your path in assuring your recovery.

  • http://noweb fardeen

    i really miss the automatic actions, alteast could u implement an option to pre define a set of actions for boot time scan such as moving to chest for scan for all malwares first and then giving the user an option to remove the virus. i don’t like to wait in front of pc for hours just to wait for it to detect a virus, or sometimes leaving the pc unattended for hours only to find out that the virus scanning stopped because it found 1 virus in the early stage of scanning. it would be appreciated if this part of the antivirus could be improved. avast 5 is already gr8

  • TheLoch

    This is really STUPID !!!
    The only one good option in avast is off now…
    As Fardeen says, how can you imagine to stay for HOURS in front of the PC ?
    This only because a few NOOBS deleted some boot files…

    Bye bye Avast, so long…

  • Erik

    I agree with users that this is a serious backstep. I often leave computers running overnight doing BootScans. Neither I (being an IT professional who bills hourly), nor my clients have the time to wait in front of their PC for a prompt. Maybe a suggestion would be to remove the option from the GUI, but tell advanced users how to customize the scan settings in the registry, so we can set it accordingly. Having a false positive is a chance with any antivirus, but it’s a chance we’re (I think) willing to take for a bit of convenience. Anyone else agree? Hide the setting if you must, but don’t dumb down the software!

  • gaurav

    hello ,
    i`m gaurav khatri from india ,
    2 months before i purchased the avast antivirus 2010 home edition , but now for the last 2 days my system is infected from the virus .
    now avast is useless for me .

    i talked to the maya software company on their helpline no.but they said that we can`t do anything in that case & suggest me to send you email which i have done ( maya is the distributer of this software in delhi – india ) .

    now i want its solution ,
    avast gives gud result , no doubt but when virus comes from pendrives with the autorun file , then avast can`t handle .

    i also want that those customer purchased avast antivirus , company should provide their field executives for these customer , in the case of complain these executive reach on that location wheather its home or office these executives solve the problem of customer .

    customer buy the products because they believe in the protection & satisfaction , which is provided by the company . if customers will not be satisfied & their system is still infected after using avast then they will never deal with it

  • Ajaz

    What about scanning automatically after a Download Manager like DAP has completed a download. The feature was working in 4.8, but in v5 ashquick.exe dows not seem to scan after download completion. Is that also a deliberate change?