AIS detectes aswclear5.exe-FP?

[JuninhoSlo]

Hi

AIS detectes aswclear5.exe as threat:(Win32:Malware-gen) Could be this a FP detection?

Thank you. Lep pozdrav

[vecchio]

Seens it will fixed in next v def up

[Silk0]

Also for avast! Free (v 6.0 beta).

[DavidR]

It has already been acknowledged as an FP in another topic and will be resolved in the next VPS update.

[JuninhoSlo]

Thank you DavidR. What is the reason for this FP?

Bye. Lep pozdrav 

[DavidR]

I don't know, most likely the tweaking of the Win32:Malware-gen (generic) signature in a recent virus definitions update.

There is a fine line between detecting new variants of malware and alerting on something legit. When you consider what aswClear does it is always possible that it might be wrongly detected.

The other point is that this file isn't one that should really be lying around on most peoples systems, though I have a copy on my system
Since I don't do frequent on-demand scans (weekly Quick, monthly Full) I haven't had any alert.

[Nesivos]

This is what I just got on my daily 1:00 PM scans on my three computers, networked.



This happened on all three of my computers during their 1:00 PM scan today

In each case AIS moved the file to the Virus Chest

When I deleted the file from the Virus Chest I got another threat notice on all three computers and a different file moved to the Virus Chest as a result of the second threat warning.



When I deleted the above file from the Virus Chest it seemed to delete okay with no further threat notifications up until now

I then proceeded to delete all copies of AWSClear5.exe from my computers.

I will have an update either later today if something else pops up today that is related

If not, I will post an update tomorrow on the results of my Nightly scans tonight.

[Nesivos]

I don't know, most likely the tweaking of the Win32:Malware-gen (generic) signature in a recent virus definitions update.

There is a fine line between detecting new variants of malware and alerting on something legit. When you consider what aswClear does it is always possible that it might be wrongly detected.

The other point is that this file isn't one that should really be lying around on most peoples systems, though I have a copy on my system
Since I don't do frequent on-demand scans (weekly Quick, monthly Full) I haven't had any alert.

Why not?

Is there a technical reason for not keeping it on your system?

For example one of the problems with using cloud AV programs as a second opinion to Avast can be in the Cloud AV program design.  For example the virus definition file of the ClamAV includes files that are identified by AIS as a Trojan.

That happens because the design of ClamAV necessitates the inclusion of files in their signature database that AIS detects as Trojans though of course in this case they are not at least from my research though I could be wrong.

Serious answer only please

[DavidR]

Well to start with it doesn't serve any detection purpose, it is just the uninstall utility. So the cloudAV comparison doesn't apply as this isn't an av cleaning tool just an uninstaller utility for avast.

Most people aren't using it all the time and like most things old/dated tools and may not do the job as the were previously designed to do.

So if it is updated or there are changes to the current program then the old uninstall utility won't reflect that and avast 6 is a case in point as and when that goes live the avast uninstall utility will also need an update.

As a side note the last VPS update resolved the FP.

[Nesivos]

Well to start with it doesn't serve any detection purpose, it is just the uninstall utility. So the cloudAV comparison doesn't apply as this isn't an av cleaning tool just an uninstaller utility for avast.

Most people aren't using it all the time and like most things old/dated tools and may not do the job as the were previously designed to do.

So if it is updated or there are changes to the current program then the old uninstall utility won't reflect that and avast 6 is a case in point as and when that goes live the avast uninstall utility will also need an update.

As a side note the last VPS update resolved the FP.

Fair enough on your point about always using the latest AISClearX.exe file to uninstall

However the Avast6 comment is not applicable if you are still running AIS 5.x especially since you have to still uninstall AIS 5.x before installing AIS 6.X until we are able to upgrade to AIS 6.X from the AIS 5.X GUI.

The Cloud ClamAV is a valid comparison because in both cases the threat notification resulted from what was/is in the virus definition database.

[DavidR]

It is applicable in ensuring that you always download the latest version and not hang on to old versions. There may be changes in the program that you are unaware of so it is always best to download the latest version if you are going to run the uninstall utility.