I am running Avast Free AV with Windows FW, UAC Enabled & Router on Win 7 64 Laptop. This system is family’s system i.e everyone uses this system & are average or novices.
I am little confused with Avast’s PUP settings. I always go with products default settings. Avast’s default for PUP is disabled. On my XP laptop time to time I test few free AV’s like Comodo & Avast. In my test I keep PUP enabled in Avast & when Avast detects anythings as PUP I check it with VirusTotal & I have observed that Avast’s PUP detection is detected as Trojan by other vendors at VT.
As I said the users here are novices & average & I dont know if enabling PUP in Avast will increase false positives of legit programs. But given Avast’s PUP detection as Trojan detection by others it seems PUP should be enabled & Avast should also enable it by default.
Whats your opinion for my family’s laptop or average/novices system for PUP in Avast, Enable/Disable?
you may Enable PUP if you download lots of unknown software since some may be malware but the chance of false positive may also increase :a0
Most of the AV’s now enable PUP by default. Experts can always change it.
Why its disbled in Avast by default?
Is it coz enabling it gives FP’s on legit programs? or Coz PUP are not malicious by nature?
Why Avast detects as PUP & many other as Trojan?
I read the link. Its mentioned it will give fp on legit apps. But so do the malware signatures, they too give fps on legit apps.
And how can PUP detection give fp on legit apps? i.e yes there’s always a chance of fp with any detection service but dont you think it also depends on quality of signatures?
Most of the AV detects PUP by default but they dont say that it will give fp on legit apps. They say that some consider PUP as malicious & some dont. So for average users sake PUP is enabled by default & experts can always change it.
Some legit apps may be kinda similar to PUP but that doesn’t means they are PUP as there’s other factors too which make the app good or trusted like digital signatures, etc.
I consider Avast the best AV for average users & think that PUP should be enabled by default. Coz under PUP detection it misses trojans & other dangerous apps.
I had mentioned this in Avast forum with few VT links but they also mentioned that it increases fps on legit apps.
How can PUP detection increase fps on legit apps? The quality of PUP signatures should be good, like they carefully provide signatures for malware with rare or no fps.
Well, there is not an universal malware name coding, so the names diverges between the companies. But, indeed, a PUP should be a PUP and not a trojan. If you can post a specific VT link, it will be easier to analyze.
I suggest you keep the avast PUP settings ON.
It shouldn’t. It’s an avast mistake or error that the virus analyst should correct.
They try to do so. But detection will always give fp as they become more generic to get malware families.
The reason I have not enabled PUP coz I thought if its disabled by default then its behaviour/detection may be unacceptable i.e increased FP’s on legit apps or FP prone, if it were to be the acceptable behaviour then they would have enabled PUP by default.
For me default settings means carefully selected set of settings comfortable/usable for any/every type of users. Change in default settings may have adverse effect or the behaviour may not be acceptable/comfortable especially for average/novices.
But I want to enable PUP as I already mention in my previous post according to me & my little tests disabled PUP means missing detection of few trojans or malware.
Especially I want to know if PUP enabled can give FP’s on Windows Updates, System Files, Microsoft’s Products & Laptop Manufacturer’s Products like HP’s Laptop’s so HP’s Products? These are mainly the area of my concern with PUP enabled on average/novices systems.
Generally, if something is detected with these software it will be autosandboxed or blocked by the Behavior Shield.
They are not the focus of PUP detection.
Today I checked a thread in Avast forum & HP product or part of it was detected as PUP. I think Avast PUP detection is little problematic. I remember I have also seen a thread in wilders where Avast PUP detected safe & legit apps.
I will keep the default settings i.e PUP disabled.
In case of avast!, PUPs include things like:
- remote access tools (VNC, LogMeIn, TeamViewer etc)
- some admin tools (PsExec, PsKill etc)
- some cracks
Source: Avast Free AV | Wilders Security Forums
This thread in wilders is started by me so I know it
But seems you continue to spread the opposite…
No. Both the topics are same. You have directed to my last reply there. My last reply was PUP detects malware too but is disabled by default in Avast i.e I meant was I would like to see PUP enabled by default in Avast as PUP detects malware too.
And my question of PUP detecting legit apps too so I should keep it enable or disable is not different or opposite coz –
What I mean with all my discussions about PUP is that – If PUP is enabled by dafault in Avast then I will definitely use it Coz I always like to go with the default settings for average & novices & for me default settings mean carefully selected set or fine tuned settings for majority so if Avast will include PUP in default then they will also change a little PUP criteria/detection/things to be detected so that it is comfortable & at the same time effective for average/novices.
No, we’re going in circles. The PUP does NOT detect malware, only PUP.
The essence of PUP is being a program that depends: could be used for good/clean (admin tool) or could be used for bad/infected (■■■■■). So, of course, PUP detection will find good/clean programs because PUP could be good/clean, depending of the situation.
Naren, you can’t change the fact that PUP could be used for good or for bad. It’s not a matter of avast criteria. It’s about the nature of PUP.
If it was a problem on avast criteria, avast (or any other antivirus) should change the virus signature and correct the problem.
So why at VT app. 30 scanners detects a file as trojan & other dangerous names but only Avast detects it as PUP? So here 30 scanners are right or Avast?
Nowadays I am not doing any test as its little time consuming & coz of the low resources on the test system the system responds slow under VM. But if I test Avast again & find malware detected as PUP by Avast I will definitely post the links here.
Can you give us the VT link to judge?
If this happens like you’re saying, it’s most probably an avast error (although there isn’t an universal virus naming procedure).
I will definitely provide the links when I will test Avast again & find any malware detected as PUP.
I dont keep malware saved as I always test with the zeroday malware of the current date.