Author Topic: How to Ignore/Exclude False Positive  (Read 2823 times)

Offline beyondo

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
How to Ignore/Exclude False Positive
« on: October 09, 2010, 09:57:44 AM »
After a recent update, I started getting a "detection" of an 8 year old game "no cd" patch
as Malware Gen.  It's never caused a problem and never tried to access the internet.

So, I want to permanently suppress the detection of this file, while not changing it's location
in the filesystem or preventing me from running it (i.e. blocking it).

When I search the archives, I see people asking for an "ignore" option on the result
screen (i.e., instead of chosing "move to chest," so you can choose "ignore").
Although they own the computer, they're told they really don't know what they're doing
and don't want that option.  Well I do know what I'm doing and do want that option,
which MBAM provides, for example.  The customer is always right.

I did try the "exclude" mechanism, but the exclude list for the real time file list
doesn't seem to affect the "scan now" on demand scan, and the "scan now"'s exclude
list is only for folders, not files.  (I did manage to trick it into accepting a file
name, but didn't work--the exe in question was still "detected".)  I don't want to
move the file into a different directory.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: How to Ignore/Exclude False Positive
« Reply #1 on: October 09, 2010, 12:07:53 PM »
As a workaround, you can add these files to the Files Shield exclusion list.
Left click the 'a' orange icon, click on the Real-Time Shields folder at left > File Shield > Expert Settings > Exclusions > Add.
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

You can also add it to the general exclusion list (on demand scannings). Left click the 'a' orange icon, click on Settings button > Exclusions > Add.

Maybe you can check the file against www.virustotal.com before.
The best things in life are free.

Offline beyondo

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: How to Ignore/Exclude False Positive
« Reply #2 on: October 11, 2010, 05:46:31 PM »
As I mentioned, I can't add an individual file to the "on demand scanning" exclusion list;
I can only add folders.  I'd have to add the entire folder containing the executable.

Why can't an "ignore" option be added for each detected potential bad file?

Offline Milos

  • avast! team
  • Advanced Poster
  • *
  • Posts: 1081
  • Gender: Male
    • Personal Message (Offline)
Re: How to Ignore/Exclude False Positive
« Reply #3 on: October 11, 2010, 06:08:01 PM »
As I mentioned, I can't add an individual file to the "on demand scanning" exclusion list;
I can only add folders.  I'd have to add the entire folder containing the executable.

Why can't an "ignore" option be added for each detected potential bad file?

Hello,
last paragraph in:
http://forum.avast.com/index.php?topic=52322.msg442870#msg442870

Milos

Offline beyondo

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: How to Ignore/Exclude False Positive
« Reply #4 on: October 15, 2010, 04:08:22 PM »
As I mentioned, I can't add an individual file to the "on demand scanning" exclusion list;
I can only add folders.  I'd have to add the entire folder containing the executable.

Why can't an "ignore" option be added for each detected potential bad file?

Hello,
last paragraph in:
http://forum.avast.com/index.php?topic=52322.msg442870#msg442870

Milos

That's an unacceptable attitude for a software vendor to have.  I want control over
the software.  As the customer, my decision should be the important one.  If I want
the precision to shoot my own foot off (in your view) I should be allowed to do it.

Software that is not configurable or customizable is faulty software.  If I wanted
someone else controlling me, I'd buy a Mac.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: How to Ignore/Exclude False Positive
« Reply #5 on: October 15, 2010, 05:29:10 PM »
That's an unacceptable attitude for a software vendor to have.
On contrary, the security is for experts not for allowing everyone to do everything.
avast is very configurable, but it is running a user base of 130+ million... You can't act irresponsible.
I have things that, personally, I do not agree with avast. But I understand the decision taken.
The best things in life are free.

Offline gdv

  • Newbie
  • *
  • Posts: 10
  • imaplatypus ;-)
    • Personal Message (Offline)
Re: How to Ignore/Exclude False Positive
« Reply #6 on: October 15, 2010, 10:03:06 PM »
As I mentioned, I can't add an individual file to the "on demand scanning" exclusion list;
I can only add folders.  I'd have to add the entire folder containing the executable.
Maybe I'm missing something here, but it seems to me you can exclude not only folders, but any individual file you want (in both Scan Now and in the File System Shield), simply by specifying the file at the end of the path statement in the exclusions (and in the File System Shield, you can specify whether you want the exclusion to apply to Read, Write, and/or Execute).

E.g.:  C:\MyGameFolder\8_year_old_game.exe

Please let me know if I'm missing something.  Otherwise, maybe this would take care of the problem.

Cheers! :)
"If it ain't broke, keep fixing it til it is." -- Geek Handbook

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now