Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Server Protection => Topic started by: websnail on March 10, 2009, 01:31:51 PM

Title: False positive: Sophos EM3
Post by: websnail on March 10, 2009, 01:31:51 PM
Just thought I'd best record a false positive which crops up when you try to uninstall Sophos Enterprise Manager.


Both of these trigger a generic trojan warning.

The workaround is to either disable the on-access scanner or add those two files to the exceptions while you do the uninstall..

Given the nature of the file names though I would remove them immediately after using them to avoid them being used by other real trojans.
Title: Re: False positive: Sophos EM3
Post by: DavidR on March 10, 2009, 05:44:27 PM
If you are sure they are FPs you can send the samples to avast for analysis, see below.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.