Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on August 01, 2015, 12:09:02 PM

Title: false positive ?
Post by: REDACTED on August 01, 2015, 12:09:02 PM

(http://i.imgur.com/kPwUN8s.png)


i downloaded the latest rar  archive  from  rar  web 

http://www.rarlab.com/download.htm

WinRAR x64 (64 bit) 5.30 beta 1

it cant be a virus  right ?  thanks 

Title: Re: false positive ?
Post by: Staticguy on August 01, 2015, 01:01:28 PM

It's definitely a false positive. You can send it to Avast Virus Lab from Virus Chest simply right click it and you will see an option saying Submit to virus lab... and then the application form appears and follow the instructions as mentioned here https://www.avast.com/en-nz/faq.php?article=AVKB21

Title: Re: false positive ?
Post by: Pondus on August 01, 2015, 02:08:07 PM

Quote

it cant be a virus  right ?

Avast detect it as suspicious...... Win32:Evo-gen [ Susp ] = Suspicious

WinRAR x64 (64 bit) 5.30 beta 1  ..... maybe not so strange if file is new.
First submission 2015-07-30 10:20:20 UTC ( 2 days, 2 hours ago )
https://www.virustotal.com/en/file/37879c264ca3d22cbc0ea061b98f4f61ea20127718855c9a6f908bd7b9f24344/analysis/1438429802/

Symantec /Norton also think it is suspicious
Advanced heuristic and reputation engines   
Symantec reputation Suspicious.Insight


And next time, use Viruses and Worms forum section for reporting False Positives

Title: Re: false positive ?
Post by: Staticguy on August 01, 2015, 02:58:10 PM

This has been corrected now. No detections from Norton/Symantec. I also see Avast has been corrected. https://www.virustotal.com/en/file/37879c264ca3d22cbc0ea061b98f4f61ea20127718855c9a6f908bd7b9f24344/analysis/1438433674/

@prescient: I did a scan of this file with Avast had it didn't detect any malware or as suspicious file.

Title: Re: false positive ?
Post by: Pondus on August 01, 2015, 03:00:40 PM

Quote

No detections from Norton/Symantec.

I still see it  ..... if you know where to look    ;)

Title: Re: false positive ?
Post by: Staticguy on August 01, 2015, 03:06:13 PM

The link says no detection for Norton/Symantec. Oh well, must be time difference or something else? Glitch maybe? Maybe Norton is still developing a new malware definition to correct this detection? I even downloaded this file and did a scan by avast of this file. Avast says no detection?

Title: Re: false positive ?
Post by: Staticguy on August 01, 2015, 03:07:44 PM

Quote from: Pondus on August 01, 2015, 03:00:40 PM

Quote

No detections from Norton/Symantec.

I still see it  ..... if you know where to look    ;)

"I still see it... if you know where to look ;)". Oh well you the expert not me. If it still says so, then it is very true  :)

Title: Re: false positive ?
Post by: Staticguy on August 01, 2015, 03:08:48 PM

LOL pondus I see it. It's under "Additional Information"... Finally am an expert already  :P

Title: Re: false positive ?
Post by: Pondus on August 01, 2015, 03:17:58 PM

Quote

I also see Avast has been corrected.

Maybe / maybe not ..... it depends how the  Win32:Evo-gen [ Susp ]  was detected.

This used to be a on access detection only and was never visible on a VT scan, this has changed, since this is not visible on VT it could be a on access detection or it is fixed

Title: Re: false positive ?
Post by: DavidR on August 01, 2015, 05:13:39 PM

Quote from: Staticguy on August 01, 2015, 02:58:10 PM

This has been corrected now. No detections from Norton/Symantec. I also see Avast has been corrected. https://www.virustotal.com/en/file/37879c264ca3d22cbc0ea061b98f4f61ea20127718855c9a6f908bd7b9f24344/analysis/1438433674/

@prescient: I did a scan of this file with Avast had it didn't detect any malware or as suspicious file.

There are many detections that will only be detected by the resident scanner and not the on-demand scanner. Since VT is only using on-demand scanning some might not show up/be detected.

Those detections which are checked against the avast cloud or by deepscreen or possibly HIPS detection, may not be seen/detected by on-demand scans.

Title: Re: false positive ?
Post by: REDACTED on August 01, 2015, 10:41:47 PM

i didnt want to download beta   ::)

Title: Re: false positive ?
Post by: DavidR on August 01, 2015, 11:02:25 PM

Quote from: prescient on August 01, 2015, 10:41:47 PM

i didnt want to download beta   ::)

This has nothing to do with this topic.

But to clarify, you get a beta build if you have downloaded and installed a beta version previously. Currently there is no beta trial/version in progress.

I suggest you start your own new topic and expand on your single sentence.

Title: Re: false positive ?
Post by: REDACTED on August 02, 2015, 01:15:30 PM

what are you talking about ?

this is my thread  and i was commenting  that the  file  i downloaded  was beta  ..  that is why it wasnt  updated yet
when i first download it   i though  i better get the release one  but  then i installed the beta  anyway
i dont like beta   s/w anyway unless i have to

Title: Re: false positive ?
Post by: DavidR on August 02, 2015, 04:08:13 PM

Exactly what it said, based solely on your post, which I quoted and replied to.

Quote from: prescient on August 01, 2015, 10:41:47 PM

i didnt want to download beta   ::)

Your topic or not, I hadn't got a clue what you were referring to avast or what, which is why I sought clarification.

Title: Re: false positive ?
Post by: REDACTED on August 03, 2015, 08:14:00 PM

so i can save you now
my eng language  is  under the lvl  of  normal communication   sorry