Shadow wrote:
It ignores the exception list. I use nirsoft a lot and it tries to
delete a lot of the files, even though I have marked the whole folder
to be ignored both in scan and shield. Hope they fix it soon.
Every time I have to save a video from youtube or display my current
ports through the "Nirsoft launcher", up comes the box warning I have
been infected with a virus. This has got a lot worse since the last
update. Nirsoft launcher is not malware, and should be on most
capable user's PCs, along with sysinternals.
As you noted, Avira has *two* exclusion lists. One exclusion list is
used by the on-demand scanner (configuration -> expert mode -> scanner
-> scan -> exception) and the other is for the on-access scanner (guard
-> scan -> exception). You have to enter the Nirsoft folder in two
exclusion lists. It's *stupid* that they have two independent exclusion
lists because it doubles your effort to maintain both of them to keep
them synchronized. Obviously these lists can get out of sync.
In some programs, the browse dialog doesn't end up putting the correct
filespec in the list. You still have to edit the entry added by the
browser dialog, like adding "/*" at the end of the folder selection to
actually specify any file within a folder. The folks in the Avira
forums would know better if a trick is needed to specify all files under
a folder after using the browser dialog. I'd first try specifying each
file (full path and filename) of each program on which Avira false
alerts to see if a fully spec'ed file is honored. The title in the
on-demand scanner's exclusion list is "File objects to be omitted for
the scanner" which means the list specifies files, not folders, hence
why I suspect you might have to use the browser dialog to pick the
folder but then edit the filespec it adds to include a trailing "/*" to
actually specify files.
Most AV's will categorize some Nirsoft tools as a PUP (Probably Unwanted
Program). You may be able to configure Avira to eliminate warning you
about PUPs. Don't hold your breath waiting for Avira to remove Nirsoft
from their PUP list. Won't happen. Users have complained for years
about this but Avira doesn't care and continues to list Nirsoft as
suspicious. In fact, as I recall, their response to me when notifying
them about their false alert on Nirsoft was that it could be used for
malware (gee, what OS utility can't, duh) and they continue to keep it
on their "bad" list.
I didn't like having to use workarounds to eliminate the adware-ness of
Avira. I used a SRP (software restriction policy) to get rid of the
avnotify.exe crap on an update that displays their adware window (the
other tricks of deleting or renaming the file or creating a zero-byte
version of it could be undone in an update) and having to modify the
startup entry for it in the registry to eliminate the adware splash
banner on its load. Avast is adware, too, but far more subtle in that
you only see it when you load their config GUI. About 3-4 years ago, I
got hit by the claimed rare bug that Avira would start to continually
poll floppy and external (USB-attached) drives at 1-minute intervals if
any program you used polled those drives (e.g., Speedfan or any program
that queried the drives for their type and looked at the SMART data).
Avira can't differentiate between querying a drive for type versus
accessing its media. The problem disappeared for awhile but then
returned in a recent version. It hits me on my platform and I'm not
interested in wearing out my floppy drive with continual accesses by
Avira and preventing my external drives from going into low-power mode.
Without this bug, and without the nuisance of having to use workarounds
to get around their in-your-face adware, I might still be using it;
however, there were other choices so I dumped Avira.
