Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: nana3 on August 12, 2014, 07:37:33 PM

Title: Avast detected Windows Update as malicious
Post by: nana3 on August 12, 2014, 07:37:33 PM
Latest Avast Free. 

1 update failed on today's patch Tuesday, believe it pertains to Microsoft.NET Framework.  Was put in chest.  I cannot remove it, exclude it or anything.  Just stays there in the chest.

Win3:Evo-gen (susp)

Please fix it asap!  Thanks. 
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 07:41:34 PM
Same thing happened with to me; it won't allow me to install the update.
Title: Re: Avast detected Windows Update as malicious
Post by: Pondus on August 12, 2014, 07:44:42 PM
Quote
Avast detected Windows Update as malicious
no .... suspicious ..... Win3:Evo-gen (susp) = Suspicious



You can report it using one of these options......you may add a link to this topic in case they reply here


You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21


Next time, please use Viruses and worms forum section for posting about Virus/False Positive     https://forum.avast.com/index.php?board=4.0


you may need to add exlusion   http://www.avast.com/en-eu/faq.php?q=exlusion#searchForm







Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 07:44:54 PM
Same here... avast really out did itself this time.

Ant then you know if you look into the results and look under virus, it says "no virus".  Between this and the "threat detected" bug and the numerous bugs that have gone unfixed with the software ever since 9 came out and the serious silence from Avast on any issues and no new versions in a while... and the poor av comparative scores... I really have to start wondering if this software is even doing anything anymore.
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 07:58:08 PM
Quote
Avast detected Windows Update as malicious
no .... suspicious ..... Win3:Evo-gen (susp) = Suspicious



You can report it using one of these options......you may add a link to this topic in case they reply here


You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21


Next time, please use Viruses and worms forum section for posting about Virus/False Positive     https://forum.avast.com/index.php?board=4.0


you may need to add exlusion   http://www.avast.com/en-eu/faq.php?q=exlusion#searchForm

In normal situations I would work with this. However this involves an update for .NET 3.5.1 for Windows 7.
The files in the chest are all .tmp files aka unzipped files to be used for the eventual update itself.

So normally good advice to report it as you wrote but this time it involves 51 *.tmp files. Hardly reportable as it is.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:01:50 PM
Hi CaptainLeonidas,
   What does that mean; should we just wait for Avast! to update their definitions?
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 08:02:49 PM
I am waiting till they (Avast) update their definitions.

Virus Definitions Current version: 140812-0
Program Current version: 2014.9.0.2021
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:03:21 PM
Hi CaptainLeonidas,
   What does that mean; should we just wait for Avast! to update their definitions?

Yes Avast needs to update their defintions... this is not applicable to virus's and worm's section... this is a major bug
Title: Re: Avast detected Windows Update as malicious
Post by: Pondus on August 12, 2014, 08:03:59 PM
first option can be used to report without uploading file ...... and give link to topic, then avast lab is notified

Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:08:41 PM
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.) 
Title: Re: Avast detected Windows Update as malicious
Post by: Pondus on August 12, 2014, 08:11:10 PM
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)
i would say yes ..... Microsoft could have waited with the release and you would not have known about them
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:11:18 PM
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

You're fine... you should actually be able to just take your computer offline, turn off avast, hit try again on windows update (the files have already downloaded) and it should install correct?
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:11:47 PM
I got this issue too, first time I ever seen Avast mark windows update as malicious
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 08:12:59 PM
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

The update can be re-installed.
If it fails to show you can always "trick" Windows into rescanning for updates.

Run -> type: Services.msc -> Stop: Windows Update service -> delete the update folder: C:\Windows\SoftwareDistribution -> Start: Windows Update service.
Recheck for update as always.

PS: You will loose your update history
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:13:53 PM
I turned off Avast and ran Windows update it installed fine. Running avast quick scan on it now.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:14:33 PM
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

You're fine

Thanks, dprout69!
Title: Re: Avast detected Windows Update as malicious
Post by: ky331 on August 12, 2014, 08:15:13 PM
Same issue here... which the avast team should easily be able to reproduce if necessary.

Windows Updates (I'm on Win7SP1x64) for DotNet Framework 3.5.1

I believe the specific update was kb2943357 (but it could have been kb 2937610).

The update was placing a plethora (20? 30? 40? who knows) of .TMP files on the hard drive, which were picked up as suspicious EVO-GEN.   Avast defs 14-08-12-0

There was no practical way to capture and upload all of these files for F/P testing.   There was also NO simple option to IGNORE these files, as I wanted to do (choices included fix, delete, repair, quarantine).   Since these were directly from Microsoft Update, I believed they were safe, and wanted to install them.

Basically, I believe/hope I x'd out each of the warning windows... and that doing so would "ignore" the warning, and allow the files to download/install.   I'm only hoping I didn't miss any... Windows Update indicates the installation was successful... but what if I clicked ignore on say, only 39 out of 40?  Could that still show as "successful"?   Would it be wise to try to re-install the update?
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 08:17:57 PM
https://support.microsoft.com/kb/2943357 is the update that is flagged yes.

Guess we could always suspend Avast for 30 minutes and install the update.

PS: The update is rated "Important" according to: https://technet.microsoft.com/library/security/ms14-aug
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:21:05 PM
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

You're fine... you should actually be able to just take your computer offline, turn off avast, hit try again on windows update (the files have already downloaded) and it should install correct?

Just read your edit. I didn't realize the update file had already been downloaded, I've just been rerunning the Windows Update. I'll try your suggestion.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:25:50 PM
https://support.microsoft.com/kb/2943357 is the update that is flagged yes.

Guess we could always suspend Avast for 30 minutes and install the update.

Mine shows that kb2943344 is the problem; maybe it varies depending on the computer?
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 08:27:33 PM
Vista? > update if not mistaken Microsoft .NET Framework 3.0 Service Pack 2 (2943344) (Important)

I run Windows 7 (x64)
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:28:23 PM
Yes.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:29:45 PM
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)
i would say yes ..... Microsoft could have waited with the release and you would not have known about them

HUH ?
Are you saying MS should change their Patch Tuesday update schedule based on Avast definition updates ?
 ??? 
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 08:30:35 PM
Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug
Title: Re: Avast detected Windows Update as malicious
Post by: Pondus on August 12, 2014, 08:31:32 PM
Quote
HUH ?
Are you saying MS should change their Patch Tuesday update schedule based on Avast definition updates ?
No that is not what i am saying.....

Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:35:42 PM
Then what are you saying ?
Title: Re: Avast detected Windows Update as malicious
Post by: Pondus on August 12, 2014, 08:37:08 PM
Then what are you saying ?
go back and read my post again .... edited
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:37:18 PM
Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

As long as everything is fixed once the definitions have been updated, I'll try not to worry too much over which Windows update is causing the issue (it seems to be more or less the same problem for everyone). All the other updates installed smoothly.  :)
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 08:41:31 PM
Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

As long as everything is fixed once the definitions have been updated, I'll try not to worry too much over which Windows update is causing the issue (it seems to be more or less the same problem for everyone). All the other updates installed smoothly.  :)

I will monitor the update though. The link for the KB2943344 following: This update resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization (ASLR) security feature if a user goes to a specially crafted website.

Same for the Windows 7 version I had issue's with. I just hope EMET 5.0 mitigates this issue till the patch becomes installable.
Avast is not flagging the updates for Windows 8.1 Pro (x64) Tested this on a Microsoft Surface Pro tablet PC.

For the record the .NET updates for Windows 2012 Essentials without Avast runs just fine. So it is Avast issue for sure.
Title: Re: Avast detected Windows Update as malicious
Post by: abruptum on August 12, 2014, 08:47:55 PM
After this FP warning I was not able to install KB2937610 (update for NET framework 3.5.1).
Finally,after fifth attempt,update was installed successfully.Of course I had to disable Avast during WU installation.
Thank you Avast.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:49:22 PM
Then what are you saying ?
go back and read my post again .... edited

OK, now with your edit I understand your answer (and intent) ...
thanks,
David
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:49:54 PM
It's a bit off to find my post on this issue has been removed. I started writing it before this thread started. I did have a question about the .tmp files that were moved to the virus chest.

I wonder now why I bothered.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:50:12 PM
Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

As long as everything is fixed once the definitions have been updated, I'll try not to worry too much over which Windows update is causing the issue (it seems to be more or less the same problem for everyone). All the other updates installed smoothly.  :)

I will monitor the update though. The link for the KB2943344 following: This update resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization (ASLR) security feature if a user goes to a specially crafted website.

Same for the Windows 7 version I had issue's with. I just hope EMET 5.0 mitigates this issue till the patch becomes installable.

For the record the .NET updates for Windows 2012 Essentials without Avast runs just fine. So it is Avast issue for sure.

Thank you for the info, CaptainLeonidas. I'll just use my ipad till the Avast! update is released.
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 08:50:49 PM
Update is out (140812-2). Time to test the waters again....

Update:
All good now

Patch installed on Windows 7 (checked)
Patch installed on Vista (checked)
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 08:59:14 PM
Installed beautifully for me too. *phew*  :)
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 09:00:37 PM
Installed beautifully for me too. *phew*  :)

Good. hehehe. My VMware Workstation 10 with the Windows Vista guest is a little slow.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 09:06:08 PM
Vista sometimes needs an extra cup of coffee. :D
Title: Re: Avast detected Windows Update as malicious
Post by: essexboy on August 12, 2014, 09:08:44 PM
No problems observed on 8.1
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 09:11:24 PM
No problems observed on 8.1


I already mentioned this in Reply 28 hehehe
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 12, 2014, 09:13:50 PM
So what do we do with all the files in the chest now?
Title: Re: Avast detected Windows Update as malicious
Post by: CaptainLeonidas on August 12, 2014, 09:14:24 PM
Remove them. They are temp files anyway I shoud add.
Title: Re: Avast detected Windows Update as malicious
Post by: REDACTED on August 13, 2014, 04:11:23 AM
All Windows 8.1 Pro x64 Updates went in here this afternoon without a hitch, and with Avast on task the whole time.

For what it's worth, all of Visual Studio Update 3 went in without any false positives either.  And that dwarfed the Windows Updates at 4 GB of download!

Microsoft didn't break anything I can see either.  All in all a pretty good day.

-Noel