detection floater - disabled options

[shocked 60]

in v8 and now in v9, i have noticed that when SS detects something and the information window is activated, only the "copy to quarantine" is active. the other options are not.

why?

[Marcos 5,070]

1, Submit for analysis - this option is rather deprecated. It made sense in older versions where ThreatSense.Net was used instead of LiveGrid. I'll discuss its removal with developers.

2,3, Exclude (signature) from detection - these options are available for PUA detections.

[shocked 60]

since ask toolbar was detected upon starting the real times installer, why the exclude options weren't activated?

[planet 232]

since ask toolbar was detected upon starting the real times installer, why the exclude options weren't activated?

 

From your screenshot it looks like the bundled Ask Toolbar is detected as a Potentially Unsafe Application instead of a Potentially Unwanted Application and that could be the reason why it's not activated, unless it is an actual UI bug - Is there difference between unsafe and unwanted @Marcos for the options to be available (since the options aren't available for this unsafe detection)?

[shocked 60]

imo unsafe and unwanted might be the same thing

[stackz 112]

I just reproduced the alert that pavilion_alex is seeing.

When the initial notification is displayed, 'Copy to Quarantine' is the only option that can be unchecked or checked, but if you click 'Ignore'

you'll get another notification where 'Copy to Quarantine', 'Exclude from detection' and 'Exclude signature from detection' are all available to select.

Edited October 17, 2015 by stackz

[Marcos 5,070]

You're right.The first detection came from web protection,hence Exclude from detection was unavailable (it works if a PUA is detected on a disk).As for excluding the signature,I think it should be available regardless of the protection module.I'll discuss it with our engineers.

[shocked 60]

yeah, after i clicked ignore it opened again with all the options available.

btw i think all the options should be available regardless on where the detection was occurred.

 

the 'exclude signature' mean the file's unique signature or the virus signature?

[Dakmp 0]

It's quite intrusive, please allow those options from the first popup. Exclude by signature should be based on SHA or similar so doesn't bother you again even if you move to file to another location.

 

Also, improve exclude dialogs to have a pick dialog instead of entering the path directly.

 

I perform a full check of my system the I uninstall the antivirus, bothers me too much! The option to disable until next reboot is not enough for me. I need an option to disable permanently until I choose the opposite.

[Marcos 5,070]

It's quite intrusive, please allow those options from the first popup. Exclude by signature should be based on SHA or similar so doesn't bother you again even if you move to file to another location.

 

The "Exclude signature from detection" is applied for any path.