Avast WEBforum

Business Products => Avast Business => Topic started by: REDACTED on October 04, 2017, 11:43:48 AM

Title: Disabling certain virus definitions
Post by: REDACTED on October 04, 2017, 11:43:48 AM

I keep getting the trojan match on multiple Excel files: VBA:Downloader-BUO [Trj]

It appears that it's triggered by a simple http get/post line in the vba scripts. I've programmed it from ground up, so chances of having trojans are practically nill. Also no other anti-virus products are triggered by it.

Any possibilities on white-listing certain types of detection strings? Preferably managed over the cloud. Or is my only possibility to flag every instance as a false positive and hope that Avast will make a change on their end? I cannot white-list a location as these files are all over the shared network drive.

Cheers,
Jamie

Title: Re: Disabling certain virus definitions
Post by: Asyn on October 04, 2017, 12:13:50 PM

-> https://www.avast.com/faq.php?article=AVKB229#artTitle
-> https://www.avast.com/faq.php?article=AVKB228#artTitle

Title: Re: Disabling certain virus definitions
Post by: REDACTED on October 04, 2017, 01:10:22 PM

Quote from: Asyn on October 04, 2017, 12:13:50 PM

-> https://www.avast.com/faq.php?article=AVKB229#artTitle
-> https://www.avast.com/faq.php?article=AVKB228#artTitle

I'm afraid those don't help much. For the first link: Excel files are not binaries that remain unchanged, thus there is no fingerprint to whitelist.

Second link: Excel files are not binaries, executables or installables.

Modern Excel files have the ending .xlsm or .xlsb with no precompiled code.

The most effective solution is to disable the checking for:  VBA:Downloader-BUO [Trj].

I already have the heuristics set to low.

Title: Re: Disabling certain virus definitions
Post by: Asyn on October 04, 2017, 01:12:09 PM

You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php