Avast-check: "NO THREAT FOUND" if you run it: VIRUS (FileRepMetagen [Rtk])

[Anacunga]

What is that for a behaviour: go and download last FreeDownloadManager 3.9.3 (12.01.2014 - 18:21) from http://files.freedownloadmanager.org/fdminst.exe and then make an avast-check after having downloaded it (NO THREAT FOUND), and then run it; and you will get VIRUS FOUND:

Object: fdminst.tmp
Infection: FileRepMetagen [Rtk]
Process: fdminst.exe

The question now is: why there is no virus at check, but virus at run ... and how to install FDM without being totally unprotected; as the only solution would be to disable protection during install, and that cannot be the solution!

[Milos]

Hello,
it should be fixed.

Milos

[RejZoR]

It is a false positive by itself, but in general, FileRep detections only work On-Execute and not On-Access.

[Anacunga]

It is a false positive by itself, ...

That was to assume ... and that was only one of the problem fields (even if I maybe had stated on that a bit too strongly).

... but in general, FileRep detections only work On-Execute and not On-Access.

Is that really intended? If that is the case, FileRep might be really questionable, as not only avast is "looking inside archives" (and installers usually are "packed to archives"), but FileRep is mostly a "lookup in a big database" (and not avoiding "trying to do something unallowed during runtime"); see also here the description of the FileRep-functioning. And a "lookup-protection" should work on any access (and not on execute), but it seems obvious that a "behaviour-protection" (that would prevent unallowed operations) can only be reacting on execute.

[RejZoR]

This is by design to make things difficult for malware writers. To end users, it doesn't change all that much as you'd run the file anyway if needed and it would get caught then.