Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: hake on May 31, 2008, 07:00:43 PM

Title: What do I do with the alert dialog box when Avast throws a false positive?
Post by: hake on May 31, 2008, 07:00:43 PM
What do I do with the alert dialog box when Avast! throws a false positive?  There seems not to be an 'ignore' button.  The havoc caused by a false positive is a great nuisance as Avast! seems intent on crippling the app.  Also, one is taken by surprise when a system one justifiably believes to be clean is suddenly said to contain a virus in a file which is part of a trusted application.

 ???
Title: Re: What do I do with the alert dialog box when Avast throws a false positive?
Post by: DavidR on May 31, 2008, 08:33:57 PM
Depends on what dialog box your talking about, the one I see has Mo Action on it. You also don't mention the malware name, file name and its location ?

However, you can click ignore forever avast won't let you execute a file it believes is infected, you would have to exclude it and before you do that you should confirm the detection.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451 (http://forum.avast.com/index.php?topic=34950.msg293451#msg293451), how to report it to avast! and what to do to exclude them until the problem is corrected.
Title: Re: What do I do with the alert dialog box when Avast throws a false positive?
Post by: hake on May 31, 2008, 08:50:27 PM
Thanks David.  Yes, that's the dialog box I saw.  Which button do I click to confirm detection please?  None of the button labels actually say 'confirm detection'.   :-\
Title: Re: What do I do with the alert dialog box when Avast throws a false positive?
Post by: Rick F on May 31, 2008, 09:06:19 PM
By 'confirm detection', David means to submit the file (upload it) to Virus Total and let them check it to see if it's in fact malware.  If it's deemed clean, then go ahead and exclude it from being scanned.

BUT.... when I had that false positive last week with SAS (SuperANTISPYWARE), I ignored the detection, then excluded it from being scanned and I still couldn't run it OR submit it to VirusTotal.  So avast sometimes does something to the file to keep it from running or being copied.  Not sure what though.

Hope this helps (some)  ???
Title: Re: What do I do with the alert dialog box when Avast throws a false positive?
Post by: hake on June 01, 2008, 08:54:06 AM
This is too confusing.  The problem is that Avast can disrupt a system by generating a false positive and prevent a knowledgeable user from overriding Avast's actions.  This software is very non-intuitive which is a shame because there are so many good features.  I particularly like the scanning of web traffic which is, in my opinion, the most dangerous attack vector.

I can foresee Avast causing me some gratuitously serious aggro somewhere down the line.
Title: Re: What do I do with the alert dialog box when Avast throws a false positive?
Post by: alanrf on June 01, 2008, 10:40:58 AM
hake

Unfortunately any antivirus can confuse a user by generating a false positive.  One of life's downsides.  I think I have had 2 or 3 false positives in the 4 years I have been using avast.   When I encounter such inconvenience I recall how much I paid for avast - nothing.  When I work with the avast team to get the false positive fixed ... which has always been done quickly ... I am doubly grateful for this free software
 
This product is designed for the vast majority of avast users and therefore not necessarily for the comfort of knowledgeable users. Though I find it puzzling that it is "too confusing" for a "knowledgeable" user. 
Title: Re: What do I do with the alert dialog box when Avast throws a false positive?
Post by: hake on June 01, 2008, 12:17:31 PM
Fair comment.  One must not look a gift horse in the mouth.  Avast! is a good product which coexists with other security software very well.  AVG 8 Free seems not to be free of operational problems which is why I have ceased to use AVG.

In addition to Avast! 4.8, I use Agnitum Outpost 4, Threatfire 3.5.0, Spybot - Search and Destroy 1.5.2, Spyware Blaster 4, Spyware Doctor 4.1.

Avast does seem to be kind to Windows installations.  One would hope that Avast! looks at the slightly mysterious aspects of this product.  Some options are not very obvious.