Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: awyn717 on March 03, 2022, 12:05:15 AM

Title: Constant "threat secured" driving me insane
Post by: awyn717 on March 03, 2022, 12:05:15 AM
Starting today, every 2-5 minutes Avast is letting me know that it's secured whatever threat this is:

aborted connection to 1d.tlu.dl.delivery.mp.microsoft.com
because it was infected with Win32:Malware-gen

WHAT DOES THIS MEAN?! and why can't I have even 6 minutes of peace?

Help, please and thanks!
Title: Re: Constant "threat secured" driving me insane
Post by: peter.k on March 03, 2022, 12:25:21 AM
I have the same problem !!
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on March 03, 2022, 12:27:15 AM
Quote from: awyn717
why can't I have even 6 minutes of peace?

Because something on your system is trying to connect to that URL, which for some strange reason Avast considers malicious.

A Google search on that URL returns many hits - https://www.google.co.uk/search?q=1d.tlu.dl.delivery.mp.microsoft.com - do any of them ring a bell.

Quote from: Extract of one of the hits
Description. *.tlu.dl.delivery.mp.microsoft.com. HTTP. Used to download operating system patches, updates, and apps from Microsoft Store.

So it looks like some of your apps from the Microsoft Store are phoning home looking for updates.
A screenshot of the Avast Alert window with the More Details option expanded could help determine what is making the connection and which shield is alerting.  Attach it to your next post using the Attachments and other options link below the reply window (see mine, click to expand).

Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
You should get a response in a day or two.
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on March 03, 2022, 12:32:40 AM
I have the same problem !!

I have reported this to Avast by another means for investigation, but it won't hurt to use the link I gave in my last post to report it as a possible false positive.

I'm not currently seeing this but I haven't downloaded any programs or apps from the Microsoft Store.
Title: Re: Constant "threat secured" driving me insane
Post by: peter.k on March 03, 2022, 12:45:23 AM
Thanks David

Attached is a screen shot of the message I'm receiving.
Title: Re: Constant "threat secured" driving me insane
Post by: awyn717 on March 03, 2022, 01:10:08 AM
My popup is exactly the same as peter.k's when expanded. I don't know what app it could be, but is there a way I can make it stop popping up? Can I tell Avast that it's not a threat?

Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on March 03, 2022, 01:10:38 AM
Thanks David

Attached is a screen shot of the message I'm receiving.

You're welcome.

Given it is initiated by svchost.exe a Windows System file which should be digitally signed it is likely to be a False Positive and you should report it using the link I gave.

I Have to say that the latter part of the URL information is strange to me YourPhone.Contracts.Fre.winmd, does it ring any bells for you ?

The URL in your alerts is slightly different to the OPs post '1d.tlu.dl.delivery.mp.' were yours is '2.tlu.dl.delivery.mp.' possibly indicating a different app/function. However the OP hasn't posted any screenshots.
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on March 03, 2022, 01:16:35 AM
My popup is exactly the same as peter.k's when expanded. I don't know what app it could be, but is there a way I can make it stop popping up? Can I tell Avast that it's not a threat?

Given what I said in my reply to peter.k there is a slight difference in the initial part of the URL, so I would suspect that the later part of the URL /filestreaming/service/files will also be different. However it is the initial URL path that is causing the problem and you should also report this as a possible false positive.
Title: Re: Constant "threat secured" driving me insane
Post by: rwaters on March 03, 2022, 01:33:24 AM
I'm seeing the same alert, as I'm sure many others are who haven't reported it. Can someone from Avast acknowledge that this is a false positive and that it will be fixed with a new signature update (and soon)?
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on March 03, 2022, 02:08:57 AM
Using the link given is the best way to report this (the more the better, the squeaky wheel gets the oil) as it goes to the virus labs rather than hope that one of the avast team sees this topic.
Title: Re: Constant "threat secured" driving me insane
Post by: peter.k on March 03, 2022, 04:54:55 AM
>Using the link given is the best way to report this (the more the better, the squeaky wheel gets the oil) as it goes to the virus labs rather than hope that one of the avast team sees this topic.

Done

But I'm still concerned.

Maybe its a false positive, but at the same time I'm suspicious of the word "Contracts" at the end of the URL. This should probably be "Contacts". Its the kind of spelling error often seen in scam documents of "non-English speaking" origin.
Title: Re: Constant "threat secured" driving me insane
Post by: GreenMachine on March 03, 2022, 05:22:32 AM
Now I know this might seem random but here is a quick idea that I think has helped me narrow down what is causing this issue.

1. Go into the Microsoft Store app
2. Go to library
3. Select the get updates buttons (it's towards the top right of the window if I remember correctly)

At this point you should notice that the "Your Phone" app is refusing to update and it triggers the issue that we are noticing. It would appear that this is being caused by the interaction between Avast and the Your Phone app. More than likely this is a false positive. If it wasn't Microsoft would have made an egregious error as if I am not mistaken the Microsoft Store automatically updates some of the apps that come with Windows. Are you folks running free or premium Avast is the next question?
Title: Re: Constant "threat secured" driving me insane
Post by: YellowPC on March 03, 2022, 06:28:43 AM
I got similar message which pops up every few minutes. Reported it to Avast.
Title: Re: Constant "threat secured" driving me insane
Post by: raggordy on March 03, 2022, 08:14:12 AM
Been having the same issue and can confirm as per GreenMachine post that it is the my phone app. ive got silent mode running for now untill Avast takes a look at the issue.

ive also reported a false positive as per DavidR first suggestion.

glad im not the only one with the issue, as its been a long day and the only search results were either from two to five years ago and I was about to lose it.
Title: Re: Constant "threat secured" driving me insane
Post by: Milos on March 03, 2022, 08:55:34 AM
Hello,
thank you for the report. It is false positive, we will fix it.

Milos
Title: Re: Constant "threat secured" driving me insane
Post by: zenperson on March 03, 2022, 12:29:03 PM
I had the same problem yesterday. For hours, Avast, every 10 or 15 minutes, popped up saying that it had blocked Win32:Malware-gen from a windows app which appears to be something Windows based like an app or a widget. But, I can't figure out how to get rid of it... Today, it's not popping up yet so maybe it resolved itself. I wish you could turn off the warning in Avast at least...
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on March 03, 2022, 12:48:31 PM
I had the same problem yesterday. For hours, Avast, every 10 or 15 minutes, popped up saying that it had blocked Win32:Malware-gen from a windows app which appears to be something Windows based like an app or a widget. But, I can't figure out how to get rid of it... Today, it's not popping up yet so maybe it resolved itself. I wish you could turn off the warning in Avast at least...

Read the post above yours, it was confirmed as a False Positive.

This would likely have been fixed fairly promptly and delivered automatically in a Virus Definitions > Streaming Update.

You can stop this, by adding an Exception for the URL location - However this comes with a strong warning, you have to realise there is a risk in this and you have to be 100% sure it is a false positive.  Or it could cause serious problems.
Title: Re: Constant "threat secured" driving me insane
Post by: YellowPC on March 03, 2022, 04:56:34 PM
Here is the response from Avast:

The reported URL was checked by Avast virus specialists and based on the findings the detection was removed. The website is now marked as clean in the Avast virus database. This change may take up to 24 hours to take full effect. Please accept my apology for the inconvenience caused.

If the detection persists after 24 hours, please update the Avast virus database and reply to this email with attached files:
1.   Take a screenshot of the Avast detection dialog (Threat Secured pop-up with See details - displayed at the bottom).
2.   A screenshot of the Avast virus database (open Avast Antivirus and go to Menu > About).
Title: Re: Constant "threat secured" driving me insane
Post by: nullager on March 03, 2022, 10:37:09 PM
Suspect that this isn't a false positive.
Used PowerShell to uninstall 'yourPhone' from all accounts on a machine experiencing this symptom.
Symptom persisted until Avast quarantined the causal files.
Command used to uninstall was: Get-AppxPackage Microsoft.YourPhone -AllUsers | Remove-AppxPackage
Machine rebooted after PS uninstall.
This did not stop the symptomology.
Recurred every 12 to 13 mins when machine online and then all at once when machine taken offline then placed online.
Avast, please look into this.
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on March 03, 2022, 11:45:14 PM
Suspect that this isn't a false positive.
Used PowerShell to uninstall 'yourPhone' from all accounts on a machine experiencing this symptom.
Symptom persisted until Avast quarantined the causal files.
Command used to uninstall was: Get-AppxPackage Microsoft.YourPhone -AllUsers | Remove-AppxPackage
Machine rebooted after PS uninstall.
This did not stop the symptomology.
Recurred every 12 to 13 mins when machine online and then all at once when machine taken offline then placed online.
Avast, please look into this.

They did look into it, this reply is from one of the Avast Virus Labs Team.

Hello,
thank you for the report. It is false positive, we will fix it.

Milos

If you look at the images in Reply #4 the action was initiated by svchost.exe

Your comment that after this removal action the alerts didn't stop, doesn't support it not being an FP.  Ensure that you have the latest Virus Updates and check if it continues.

If it does take a screenshot of the Avast Alert and attach it.
Title: Re: Constant "threat secured" driving me insane
Post by: ikulb on June 07, 2022, 08:23:09 PM
This problem has started for me today. There was a pending Avast update, but it persists after updating.
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on June 07, 2022, 10:09:46 PM
The file in the alert url appears to be a little different, but generally the same URL, I don't know what the streaming update is/was.  I don't think I have any file streaming service enabled on my system so I haven't come across this before.

Do you happen to know what was being streamed ?

You can report it as a possible false positive - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
You should get a response in a day or two.

In the Remarks, give a brief summary of problem and giving a URL link of this post/topic would help greatly (they will see the history and screenshots, that you couldn't attach to your report..
Title: Re: Constant "threat secured" driving me insane
Post by: Milos on June 08, 2022, 04:42:33 PM
Hello,
thank you for notice. It ws a FP and is fixed now.

Milos
Title: Re: Constant "threat secured" driving me insane
Post by: DavidR on June 08, 2022, 05:15:34 PM
Thanks for the prompt response Milos.