Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on June 22, 2014, 01:36:27 AM

Title: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: REDACTED on June 22, 2014, 01:36:27 AM

I've had a number of false positives show up today in the very same files I've had on my system for a long time.  Specifically:

Win32:Evo-gen [Susp]

Anyone know what sensitivity I can turn down to get past these?

As this is the false positive detection I've seen the most (maybe even exclusively) in all the recent history I can remember easily, maybe it would be nice if this particular heuristic (?) would be specifically configurable?

-Noel

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: Rich of Apex on June 22, 2014, 12:54:17 PM

I have the same problem. Got several hits yesterday. In fact, Win32:Evo-gen [Susp] is the reason that any files at all are in my Virus Chest--some moved there yesterday, some moved there as far back as April 2013. When I extract any of them and re-scan them with Avast, they are reported as clean.

Also annoying: is the link on the virus warning popup the only way to report a false positive in Avast? I don't know if a file has a real virus or is false positive until I can examine it, compare it with an original, a backup, or a copy on another computer. That takes a time--by then the popup is gone.

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: Pondus on June 22, 2014, 12:58:06 PM

Quote

  When I extract any of them and re-scan them with Avast, they are reported as clean.

Because ( Win32:Evo-gen [Susp] = suspicious ) is a on access only detection

You can send files to avast lab from chest....    http://www.avast.com/faq.php?article=AVKB21#

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: REDACTED on June 22, 2014, 04:34:48 PM

So how can we turn down the sensitivity?

My main goal in life is not necessarily to help Avast refine their database after they've made their detection too aggressive.

-Noel

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: REDACTED on June 22, 2014, 05:16:50 PM

Is there a sensitivity setting for Evo Gen only ? I don't think  :o

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: Secondmineboy on June 22, 2014, 05:17:55 PM

No, there is no setting.

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: REDACTED on June 22, 2014, 07:40:26 PM

I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: REDACTED on June 22, 2014, 07:59:27 PM

Quote from: NoelC on June 22, 2014, 07:40:26 PM

I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel

We don't know.

You could ask a wish for having an option (turned off by default) that allows users to turn off Evo Gen identifications.

Title: Re: What's with all the new Win32:Evo-gen [Susp] false positives?
Post by: REDACTED on June 22, 2014, 08:16:17 PM

Avast!  Consider it so wished!

-Noel