Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Keithuk on September 29, 2010, 09:34:38 PM

Title: Reporting false positives on v5.0?
Post by: Keithuk on September 29, 2010, 09:34:38 PM

Hi guys/gals.

When I used 4.8 and when I did a scan and it found something you would get the message clean, delete, send to virus chest, ignore etc and there was a button to report as false positive. On v5.0 I don't see anywhere to report a false positive, I've search this forum and the help file.

I'm trying to download a zip file from http://opelinfo.com/ Download Vagtacho version 3.51 vag30.zip and Avast shows a malware as it downloads. Now I'm told by the person that supplied the link that AVG doesn't pick anything up.

Can someone please tell me how to report false positive.   ;)

Title: Re: Reporting false positives on v5.0?
Post by: DavidR on September 29, 2010, 10:19:42 PM

What is the malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ? 

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

Title: Re: Reporting false positives on v5.0?
Post by: Keithuk on September 30, 2010, 12:23:09 AM

Cheers for the reply David.

It says its a Win32:Malware-Gen its in vagtacho.exe in the zip file. If you try to download vag30.zip from my link you will see.

I've searched Avast all I want to do is send the suspect file to Avast to be checked and disabled if its safe. Where is the send button?  ;)

Title: Re: Reporting false positives on v5.0?
Post by: DavidR on September 30, 2010, 12:32:25 AM

By doing the virustotal scan it would confirm the detection one way or another and providing that link to the results when submitting the file would speed the process.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

Title: Re: Reporting false positives on v5.0?
Post by: DavidR on September 30, 2010, 12:40:47 AM

Update, here is why I suggest uploading to VT before submitting a file as a possible false positive, 22 of 43 scanners found this to be at the very least suspicious.

http://www.virustotal.com/file-scan/report.html?id=2f80fb25d9f5e556fa84e2bd00689f5b5b7e467bdf959ac9c8e4e39ee0f3fc34-1285799772 (http://www.virustotal.com/file-scan/report.html?id=2f80fb25d9f5e556fa84e2bd00689f5b5b7e467bdf959ac9c8e4e39ee0f3fc34-1285799772)

So I would say don't use it and get back to the originator of the software and let them know many AVs consider the file suspect.