Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: m.massimo on September 16, 2013, 08:18:35 PM

Title: pivot.sys from PortraitDisplays as a false positive
Post by: m.massimo on September 16, 2013, 08:18:35 PM: I'm running Avast 8.0.1497 on XP-SP3 machine with a Samsung display rotated 90° and using PivotPro from PortraitDisplay v.7.61 to do that (OEM). A couple of days ago Avast started to delete pivot.sys from system32/drivers causing a real mess in my display setup. The file was identified as a malware but was clearly a false positive. I was forced to reinstall a recent Reflect image to have the system properly working and disable automatic definition file update in order to maintain 130907-0 that works smooth. Placing the pivot.sys file in Global Exclusion do not solve the problem.
Anyone else?
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: Milos on September 16, 2013, 09:47:47 PM: Hello,
send us (virus@avast.com) the file to analyze, please. Put "False positive" to email subject.

Milos
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: dark_skeleton on September 16, 2013, 09:57:19 PM: I have a similar problem, except Avast deleted all my startup executables (like mouse, keyboard drivers, defrag, dropbox, truecrypt, firewall etc). So, in a way, you're actually lucky :)

As Milos said, send them those files, but for now I'd recommend uninstalling your avast and installing the previous version (I think it was .1489)
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: m.massimo on September 17, 2013, 08:01:10 AM: Quote from: Milos on September 16, 2013, 09:47:47 PM
Hello,
send us (virus@avast.com) the file to analyze, please. Put "False positive" to email subject.

Milos

Just done, thanks
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: m.massimo on September 17, 2013, 08:05:36 AM: Quote from: dark_skeleton on September 16, 2013, 09:57:19 PM
As Milos said, send them those files, but for now I'd recommend uninstalling your avast and installing the previous version (I think it was .1489)

I suspect the misbehaviour is not related to program version but to definition file. I'm currently running 8.0.1497 with 130907-0 with no problem, as before.
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: dark_skeleton on September 17, 2013, 10:20:55 AM: I hope it's true, but I had already survived 3 definition file updates and it still kept deleting files.
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: Milos on September 17, 2013, 10:33:45 AM: Quote from: dark_skeleton on September 17, 2013, 10:20:55 AM
I hope it's true, but I had already survived 3 definition file updates and it still kept deleting files.
Hello,
did you send the files to virus@avast.com to analyze?

Milos
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: dark_skeleton on September 17, 2013, 10:59:42 AM: Yes of course :) I have created a separate topic here for my case and have gotten quite a few responses and hints, received no answer as to why this could've happened (except for "for some reason, it treats those unrelated files as a virus"), and what is avast doing to prevent such cases and deletions in the future.

I am now running newest avast with newest AVS and so far so good.
Title: Re: pivot.sys from PortraitDisplays as a false positive
Post by: m.massimo on September 28, 2013, 11:51:29 AM: An update

I manually updated the definition file this morning (after a Reflect partition image just to avoid any hassle) just to see if the problem I encountered with pivot.sys from Portrait Displays was fixed.
The definition file is 928-0 now and the pivot.sys is not recognized as a malware anymore (927.1 was good as well).