Author Topic: Avast - Is This A False Positive?  (Read 21465 times)

0 Members and 1 Guest are viewing this topic.

brhokla

  • Guest
Avast - Is This A False Positive?
« on: June 05, 2010, 04:56:48 AM »
Avast didn't pick this up on previous 3 scans but did today on a scan.  Did a new Definition update cause this?  Is it a safe file or a virus like Avast is showing?  I'm thinking its a false positive but I want to be sure.  Thanks and below is the information.

Location:    C:\HP\Bin       Name: EndProcess.exe    Avast 5.0 Pro picks it up as  Virus:  Win32:KillApp-W[PUP]  on a full scan but when I scan just the file it shows OK. 


Thanks

Brhokla

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast - Is This A False Positive?
« Reply #1 on: June 05, 2010, 05:36:34 AM »
No it isn't a false positive, you appear to have included the option to scan for PUPs (Potentially Unwanted Programs) and possibly didn't know the impact of that choice. This executable is designed to kill processes so it can be used for good or evil and that intent/purpose isn't something an AV can really decide.

The Full System Scan I suspect that you have changed the default settings as I mentioned and the right click scan has different settings.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

brhokla

  • Guest
Re: Avast - Is This A False Positive?
« Reply #2 on: June 05, 2010, 10:08:26 AM »
Thanks,  As I get use to the program more maybe this won't be an issue.  I appreciate your response.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast - Is This A False Positive?
« Reply #3 on: June 05, 2010, 03:22:21 PM »
No problem, glad I could help.

Given the files location, my guess it is part of the HP tools they load you could exclude this file from scans if you don't want it continually detected.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

brhokla

  • Guest
Re: Avast - Is This A False Positive?
« Reply #4 on: June 05, 2010, 04:52:59 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Avast - Is This A False Positive?
« Reply #5 on: June 05, 2010, 04:57:02 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again
Exclusion tab of settings...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast - Is This A False Positive?
« Reply #6 on: June 05, 2010, 05:06:45 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again

You're welcome.

Once you try as suggested by Tech, you will notice you can only exclude the folder in the initial selection. Once selected, in the screenshot posted by Tech, you can then edit the entry, changing the /* at the end of the exclusion path to /EndProcess.exe
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Saty

  • Guest
Re: Avast - Is This A False Positive?
« Reply #7 on: June 05, 2010, 06:30:17 PM »
I had the same exact thing happen to me two days ago.

 As DavidR said, its a HP file.

excluding it works.

Sat

brhokla

  • Guest
Re: Avast - Is This A False Positive?
« Reply #8 on: June 06, 2010, 04:37:07 AM »
Thanks all, I got the issue resolved and in the exceptions list.  Anybody have any clue when/why the boot time scanner for Win7 64 bit doesn't work?  Thanks

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast - Is This A False Positive?
« Reply #9 on: June 06, 2010, 05:06:33 AM »
It isn't that it doesn't work, but that it is complex and hasn't been introduced in 64bit versions of the OS. It is planned for inclusion in avast 5.1.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dayto

  • Guest
Re: Avast - Is This A False Positive?
« Reply #10 on: June 07, 2010, 01:26:19 AM »
umm i just got this same thing and i delted it is that bad will it do something bad to my computer and if so how can i fix

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast - Is This A False Positive?
« Reply #11 on: June 07, 2010, 02:07:58 AM »
Something like what, without the file name, location as given in the first post no one can say if it is bad or otherwise ?

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Mr.Agent

  • Guest
Re: Avast - Is This A False Positive?
« Reply #12 on: June 07, 2010, 11:04:02 PM »
Got the same detection but in KillIt.exe for me there no EndProcess.exe strange. Also nothing in chest so i dont know maybe if you had send it to virustotal we could know if its a virus or no...

So... avast! can you fix that pup detection on the HP KillIt.exe... I would be mad if the real time caught it and move it to chest and destroy my pc.

Thank,
Mr.Agent

Mr.Agent

  • Guest
Re: Avast - Is This A False Positive?
« Reply #13 on: June 07, 2010, 11:12:18 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again
Exclusion tab of settings...

Thx Tech its a usefull way for avast! to got this. But i hope if they can correct it then that they will do it...

Edit : Wow look KillIt.exe detection http://www.virustotal.com/analisis/0dfc621ceda95d297c34951272311e1f7f433d07810da65b233bf7241ada68ad-1275945232 That not normal that 6 scanners detect it why they dont correct the false positive... ?
« Last Edit: June 07, 2010, 11:29:27 PM by Mr.Agent »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast - Is This A False Positive?
« Reply #14 on: June 08, 2010, 12:15:57 AM »
There is nothing to fix, this is not really a false positive, it is a tool/program designed to kill applications/process, etc. depends on who/what installed or is using it (you/HP/malware, etc.), as it can be used for good or evil and avast can't determine intent,  'you' have to decide if it is Unwanted.

Even if you did move KillIt.exe to the chest, it won't destroy your PC as it is likely only to be used by HP if it is trying to do something like a restore, etc. It isn't a system file.
« Last Edit: June 08, 2010, 12:20:58 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security