Avast WEBforum
Other => General Topics => Topic started by: REDACTED on December 18, 2014, 10:33:45 AM
-
Drep detection whenver i download an executable from my own website http://whatsapphubstatus.com (http://whatsapphubstatus.com) . It a clean software i made by own. but why this detection occuring? can any body tell me how to avoid it?
-
-> http://sitecheck.sucuri.net/results/whatsapphubstatus.com/
-> http://zulu.zscaler.com/submission/show/97d4be4f2a1a687fb66ccd32bc0f82fe-1418895637
You can report a possible FP here: http://www.avast.com/contact-us.php?subject=VIRUS-FILE
-
Issues here http://www.dnsinspect.com/whatsapphubstatus.com/1418913738
Sinks here http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwhatsapphubstatus.com
Fine here http://dnscheck.pingdom.com/?domain=whatsapphubstatus.com×tamp=1418913726&view=1
http://www.ipvoid.com/scan/198.46.81.170/
http://mxtoolbox.com/SuperTool.aspx?action=mx%3awhatsapphubstatus.com&run=toolpage
-
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.
Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza
-
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.
Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza
Isn't this a bit like the chicken and the egg (which came first) - how are you to download the file from the site if it hasn't met any of the conditions to build up a reputation of avast users.
The only way I can see this happening would be if the file was signed, otherwise the file and or domain name would remain blocked.
-
Is it possible to turn off DomainRep ?
-
That's a nice feature considering the fact that avast will allow a file when doesnt meet even 1 of those situations even it meets the other two.Hopefully,we will see this being worked on in a week or so.
-
Metascan is doing the same with an executale download pre-scan but with real scan results, avast classification is a bit like the french law method, scan verdict is malign until proven benign, as suspects are guilty until their innocence has been proven above doubt. FPs could cumulate, on the other hand unknown malign executales are caught before they can infest.
polonus
-
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.
Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza
Isn't this a bit like the chicken and the egg (which came first) - how are you to download the file from the site if it hasn't met any of the conditions to build up a reputation of avast users.
The only way I can see this happening would be if the file was signed, otherwise the file and or domain name would remain blocked.
I'm wondering the same thing actually...
-
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.
Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza
OK. So, what does this mean for sites like portal.nbed.nb.ca (My School Domain) in which Students can transfer files? The idea behind this sounds Fantastic, but there ought to be measures in place (Hopefully) in which I can manually add certain sites (Like that one) to a Whitelist?
-
<snip quote>
OK. So, what does this mean for sites like portal.nbed.nb.ca (My School Domain) in which Students can transfer files? The idea behind this sounds Fantastic, but there ought to be measures in place (Hopefully) in which I can manually add certain sites (Like that one) to a Whitelist?
Essentially the school domain is more likely to be recognised as in point 2. so the remainder should fall into place as only one condition needs to be met to allow the download to take place.
I don't know if in placing the school domain in the URL exclusions would achieve that, not scanned.
-
David, the thing is. That is how I transfer my Projects (Coding Projects) like EXE and .SLN files. There needs to be a way, in which I can have Avast! not auto scan and flag those items.
In case you're curious to why I do not use USB's at school. The security there sucks. There is nothing active short of Windows Firewall and Microsoft Security Essentials. (And since MCShield usually flags EXE and VB related files, I'd have to disable any security there).
Even aside from that.... Our local Technicians at school know jackcrap about how to remove an infection (Which is, slightly frustrating)....
1) The file, wouldn't be recognized by Avast!. (Even as it is now, most of the time they are still "flagged" by something, whether it be Hardened Mode, The Evo-Gen detections of something else)
2) The portal isn't very known. Most teachers don't even know about it, let alone to students.
3) None of my files are digitally signed.
-
Lets put it this way, if this function is already in place as appears to be the case given this topic - then simply try downloading some of the files you have up there and see.
-
Something must be satisfying avast!, because it's not currently complaining. (Although Chrome does).
-
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.
Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza
Isn't this a bit like the chicken and the egg (which came first) - how are you to download the file from the site if it hasn't met any of the conditions to build up a reputation of avast users.
The only way I can see this happening would be if the file was signed, otherwise the file and or domain name would remain blocked.
I'm wondering the same thing actually...
Same here. Also, can/should this be reported as FP (if proven clean) or not..??
-
Something must be satisfying avast!, because it's not currently complaining. (Although Chrome does).
Why chrome would be different is beyond me when other browsers aren't alerting.
Are you sure this is avast alerting in chrome and not something like google safe browsing ?
-
No, Google Chrome flags the download. ("This file is not commonly downloaded and May be malicious").
Very annoying.
-
No, Google Chrome flags the download. ("This file is not commonly downloaded and May be malicious").
Very annoying.
So avast isn't alerting at all then (only google chrome) which is somewhat off topic, e.g. not a Drep Detection.
-
I just stumbled upon this "feature" also. And I think it's stupid. Let me explain why.
I'm a small software business. I create specialized software which will be used only by a small group of people. I also create other software which I either put of as freeware or as shareware. My problem is that all my users who are using Avast are unable to download my software from my website. Because it doesn't meet any of the requirements:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet
Of course it's not prevalent enough. In case of the specialized software, only a handful of people will download it. In case of newly released freeware/shareware, no-one has downloaded it yet.
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet
Same as above.
3. The file is not signed or Avast does not trust the signature.
I'm not going to spend extra money to get a trusted certificate just to satisfy a virus scanner. In fact, it would be easier for me to tell my clients to simply use another virus scanner instead. Which BTW is what I'm doing now.
-
I just stumbled upon this "feature" also. And I think it's stupid. Let me explain why.
I'm a small software business. I create specialized software which will be used only by a small group of people. I also create other software which I either put of as freeware or as shareware. My problem is that all my users who are using Avast are unable to download my software from my website. Because it doesn't meet any of the requirements:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet
Of course it's not prevalent enough. In case of the specialized software, only a handful of people will download it. In case of newly released freeware/shareware, no-one has downloaded it yet.
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet
Same as above.
3. The file is not signed or Avast does not trust the signature.
I'm not going to spend extra money to get a trusted certificate just to satisfy a virus scanner. In fact, it would be easier for me to tell my clients to simply use another virus scanner instead. Which BTW is what I'm doing now.
You could also report this to avast and if found to be clean, the alerts would stop. :)
-
You could also report this to avast and if found to be clean, the alerts would stop. :)
There are about 60 programs or so that would need to be checked. Also, new ones are added almost weekly, sometimes daily or multiple times a day (new versions of existing programs). It's faster for my clients to temporarily disable Avast (or install a different virus scanner) than having to wait on Avast to clear my programs.
I still have to explain my clients why Avast is blocking the download. The alert says the program they are trying to download has been blocked because it contains a virus. It doesn't say that it actually blocks the download because it has no idea what it's downloading. There's a huge difference. If the message was more descriptive, and it offered the user the option to download anyway, it wouldn't be as useless as it is now.
-
I'v e reported this to a Moderator. Let's see if we get a comment from Avast. :)
-
I just stumbled upon this "feature" also. And I think it's stupid. Let me explain why.
I'm a small software business. I create specialized software which will be used only by a small group of people. I also create other software which I either put of as freeware or as shareware. My problem is that all my users who are using Avast are unable to download my software from my website. Because it doesn't meet any of the requirements:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet
Of course it's not prevalent enough. In case of the specialized software, only a handful of people will download it. In case of newly released freeware/shareware, no-one has downloaded it yet.
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet
Same as above.
3. The file is not signed or Avast does not trust the signature.
I'm not going to spend extra money to get a trusted certificate just to satisfy a virus scanner. In fact, it would be easier for me to tell my clients to simply use another virus scanner instead. Which BTW is what I'm doing now.
Create your own Certificate Authority, create and sign your own certificate for all of your software, then Avast has the option to trust your certificate and all of the signed software (or not trust your certificate if anything untoward is found in your software).
As an alternative, you can submit each of your applications to Avast, as well as any updates every time you make changes.
Your own certificate is definitely easier. If you don't have your own Certificate Authority setup, you can always use XCA to create a CA and certificate to sign your applications.
I'm in a similar situation, just not with as many programs, with my own CA and self-signed certificate on all of my programs.
I submitted 2 files when I came across this and this is what I was told:
The point of Drep is that sometimes viruses are being hosted on hacked sites, which didn't distribute any files. This is a case for Drep, to block those viruses from the start. But we do not want to block legit programs from legit sites, so after a couple of files (or one file a couple of times) were downloaded from a single domain, that domain will not be flagged again ever. This makes sense, as download sites add hundreds of new unique files daily, and of course we do not want to block them.
You can send us the files you will make so we can add them to our cleanset, even before you publish them online... I actually added your cert to the clean list, just to be double sure.