Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Bellzemos on October 30, 2013, 05:20:50 PM
-
Hello!
Since yesterday Avast finds a FP in a game file executable (sw.exe) - Shadow Warrior (2013, GOG Edition) is the game in question (I had it installed long before and all was always fine).
The file itself has 0/47 (zero) detections on VirusTotal.com (even Avast doesn't detect it), but on my computer it says that it's a suspicious file when I try to run it and Avast blocks it so I can't use it. This is happening from the VPS update 131029-0 on (before that it was all fine). This is the name it displays when it detects it: Win32:Evo-gen [Susp].
I have sent the file to Avast submit virus mail yesterday but got no reply. The problem is still here with the new VPS update. Since Avast doesn't detect this as a virus when I manually scan it but only when I try to run it - could that mean that it's the Behaviour Shield detecting it? Mayne it's some incompatibility issue with Sandboxie instead of the VSP FP, it's possible, right?
Where can I disable Behaviour Shield in the new Avast v9 (2014)? I want to try and solve this problem ASAP.
Thank you!
-
I think its in Settings > Active Protection.
I've been getting too many false positives. For the first time in years I'm thinking about getting rid of AVAST.
-
The behavior shield is now part of the file shield. See the FAQ (http://www.avast.com/faq.php?article=AVKB89#idt_02) for more information.
What are you using for the settings? Are you using default settings?
If you are sure it's a false positive you may make the proper exclusions.
GUI>Settings>Antivirus>Exclusions :)
-
The behavior shield as was is integrated into the file system shield. avastUI > Settings > Antivirus - scroll down to the Exclusions. The File Paths would apply to the file sustem shield and the DeepScreen and Hardened mode tabs speak for themselves.
Can you attach a screen shot of the alert window as I suspect that this may be the new functionality in the file system shield (not necessarily behavior element), possibly the hardened mode or deep screen.
-
(http://shrani.si/f/3f/U4/2ShKaL9C/untitled.png)
There's sadly no "Ignore" option so I had put the whole folder where the game is to Avast File Shield exclusions to be able to play the game and upload the file to Virus Total and send it to Avast team.
I don't want to have stuff in exclusions, I never needed that in older Avast versions. I'd rather turn off or change settings in the Behaviour Shiled because I suspect this being an incompatibility issue between Avast and Sandboxie.
Please help :)
PS: This si what it found during the installation of the game. I didn't want to include the game folder back because last time Avast deleted the file in question (sw.exe) and I had to reinstall the whole game.
-
If you want our malware experts to double check follow the guide here (http://forum.avast.com/index.php?topic=53253.msg451454#msg451454).
I say that because of your screenshot showing "Win32:Evo-Gen[Susp(icious)].
At least you will know one way or another whether is an infection or a false positive. :)
-
No, thank you, I'm pretty sure it's a FP:
https://www.virustotal.com/sl/file/f772bac4bf11b14b56f7132107ed3f8ce32a1d73b01b47d1084c936984c694aa/analysis/1383161309/ (https://www.virustotal.com/sl/file/f772bac4bf11b14b56f7132107ed3f8ce32a1d73b01b47d1084c936984c694aa/analysis/1383161309/)
What I would like to know is how can I disable the Behaviour Shiled in Avast, is it possible in the new version?
-
As previously stated the behavior shield is now part of the file shield. There are "no" behavior shield settings.
As per my screenshot above you can make the proper exclusions.
GUI>Settings>Active Protection>click on the "gear" symbol. :)
Did you read the FAQ link as I provided? ???
Virustotal is a good start but it does not cover every possibility of malware.
For this a certified malware expert would be better equipt to assist you.
-
I've read the part of FAQ dealing with Behaviour Shield being integrated in the File System Shield now. So the exclusion is the only way then... Well, I guess I'll have to live with that. I hope there won't be too many problems like that in the future. I still suspect the Behaviour (now File Shield) conflicting with Sandboxie.
Does it matter if I type the exclusion folder path into the Settings\Antivirus\Exclusions or into the Settings\Active Protection\File System Shield\Exclusions ?
Thank you for help! :)
-
Anyone, please? :)
-
Guess not. Well, I can only wish then that Avast and Sandboxie solve the compatibility issues sometime in the future...
-
Did you update to 9.0.2007 yet..??
-
I updated just now after I read your comment and THE PROBLEM IS GONE! :D
Thank you! I wonder what was that they changed that got rid of the problem, but what really matters is it's gone! I'm happy, thank you! :)
-
You're welcome.