Add Exception for falsely detected registry key?

AVG Protection
4

Actually, I just found that this question has been asked before, at least more than 3 years ago, and a typical non-answer given.  AVG has in the past expressed no interest in adding such a feature, and has obviously maintained that poor decision.

I argue that it is a false assumption that the only registry keys that pose a threat are directly associated with an executable.   To tie registry detection only to keys with values that point to executables leaves a wide range of things open to undetected.

Example, you can modify something fun like the .exe CLASS key, and set it to open files with a some other extension and replace the default program that handles those other files with an opener for your new file type.  There is no direct link between the modified registry key and the modified executable.  The replaced program may itself simply be another valid system utility and not a virus at all, and likewise would not be detected.  It may be a virus but have the default registry key, and a detection on the virus might prompt a user to delete the default key and in so doing create a scenario that is advantageous for an attacker by having the system fall back to a different execution method.

Attackers can explot false assumptions, developer and user ignorance and laziness, and default fallback behaviours.

October 17, 2012 01:26
Add Registry Key To Exceptions #218647
Edwardj51
Novice
Join Date: 5.8.2009
Posts: 3

:disappointed: I see that files and folders can be added to "Exceptions List" but how about registry keys. I want to add a registry key to the exceptions.

October 29, 2012 09:12
Re: Add Registry Key To Exceptions #219458
Anonymous user
Administrator
Join Date: 29.11.2010
Posts: 8245

Hello Edwardj51,

Registry keys are detected only in case they are pointing to an infected file.

In case of false detection it should be sufficient to add file pointed in registry key to exceptions.

Thank you

5

Hello Warp,

Sorry for the delay in response. Pleased to inform you that such feature is indeed not available in AVG, however, we appreciate your feedback and we have shared this to our developers. Thank you.

1

Using AVG Free.  The heuristics detect a benign registry key.  But there is no way to add an exception.  At least none that I can see in the interface (add file or process, or a folder, but no mention of registry key).  I do not want to disable or lower settings to let actually malicious keys go undetected.  If this feature does exist, can you tell me how to make use of it?  If this feature does not yet exist, please add it in the soonest possible release.  It is a major oversight in the Exception area.

3

Hello Warp,

Sorry for the delay in response. Pleased to inform you that such feature is indeed not available in AVG, however, we appreciate your feedback and we have shared this to our developers. Thank you.

2

Actually, I just found that this question has been asked before, at least more than 3 years ago, and a typical non-answer given.  AVG has in the past expressed no interest in adding such a feature, and has obviously maintained that poor decision.

I argue that it is a false assumption that the only registry keys that pose a threat are directly associated with an executable.   To tie registry detection only to keys with values that point to executables leaves a wide range of things open to undetected.

Example, you can modify something fun like the .exe CLASS key, and set it to open files with a some other extension and replace the default program that handles those other files with an opener for your new file type.  There is no direct link between the modified registry key and the modified executable.  The replaced program may itself simply be another valid system utility and not a virus at all, and likewise would not be detected.  It may be a virus but have the default registry key, and a detection on the virus might prompt a user to delete the default key and in so doing create a scenario that is advantageous for an attacker by having the system fall back to a different execution method.

Attackers can explot false assumptions, developer and user ignorance and laziness, and default fallback behaviours.

October 17, 2012 01:26
Add Registry Key To Exceptions #218647
Edwardj51
Novice
Join Date: 5.8.2009
Posts: 3

:disappointed: I see that files and folders can be added to "Exceptions List" but how about registry keys. I want to add a registry key to the exceptions.

October 29, 2012 09:12
Re: Add Registry Key To Exceptions #219458
Anonymous user
Administrator
Join Date: 29.11.2010
Posts: 8245

Hello Edwardj51,

Registry keys are detected only in case they are pointing to an infected file.

In case of false detection it should be sufficient to add file pointed in registry key to exceptions.

Thank you