Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: hawk82 on September 24, 2006, 11:08:50 PM

Title: Avast 4.7 Home blocking/falsly marking Panda Activescan
Post by: hawk82 on September 24, 2006, 11:08:50 PM

I've got one computer running Avast 4.7 Home Edition.  I just noticed yesterday that if I go to www.pandasoftware.com and try to use the Activescan Pro feature, Avast Web Shield pops up a warning, blocking and falsly marking Panda Activescan activex component as a virus.
Screenshot:

    (http://www.fuckingright.com/uploader/files/1/avast-pandaactivescan_thumb.png)
 (http://www.fuckingright.com/uploader/files/1/avast-pandaactivescan.PNG)

The only way I can get it to work, it would seem, is to disable Avast.
I don't think this is a big deal, as I rarely run Activescan Pro on a computer that has working antivirus software, but still kind of strange and something that should be looked into.

Edit:
build aug2006 4.7.871
xtreme toolkit: 1.9.4.0
vps file 09/22/06 0638-1

Title: Re: Avast 4.7 Home blocking/falsly marking Panda Activescan
Post by: FreewheelinFrank on September 24, 2006, 11:23:24 PM

Hi hawk82,

You'll need to disable avast! while scanning with Panda because Panda uses unencrypted virus definitions which avast! detects as the real virus.

The fault really is with Panda for using unencrypted definitions!

See A note on virus definitions on this page:

http://www.geocities.com/dontsurfinthenude/antivir2.htm

Title: Re: Avast 4.7 Home blocking/falsly marking Panda Activescan
Post by: Lisandro on September 24, 2006, 11:25:10 PM

These are false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932

IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD

C:\windows\system32\active scan\pskavs.dll
C:\system volume information \_restore{ ... }\*.dll

I think this is related to false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Unfortunatelly, a well-known problem of Panda not encrypting its signatures  :P

Quote

Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).