Author Topic: STEAM false positive  (Read 42380 times)

0 Members and 1 Guest are viewing this topic.

jcollake

  • Guest
Re: STEAM false positive
« Reply #45 on: July 28, 2012, 10:00:13 AM »
Being both an ex-security researcher and member of current security matters (since I author PECompact, and must work with security vendors to ensure interoperability), last year I founded a site dedicated to False Positive Reporting and Resolution. I was grateful to see many vendors willingly monitor it, as they have the best of intentions. Many of their automated submission forms and such aren't always so responsible.

The goal of the site is simple transparency. Who has the biggest problems with false positives - something that can now quickly turn into a whole web site being rated 'BAD'? Who has the fewest problems? Who has the fastest resolution? Etc... It is at http://falsepositivereport.org and I encourage participation if this site is to 'take off'.

Some security vendors did dub it the 'shame and name' project, and I must admit - I kind of like that idea. After all, being a software publisher, you can imagine when the unthinkable happens and your software is called a virus or other malware by error. When it keeps happening (there are lots of vendors, after all), or when there is a delay in fixing the false positive, then it starts to become more than just an annoyance.

NONE of us envy the jobs of the security vendors, and that site is NOT about crucifying them. Keeping up with malware that is regenerated daily is near impossible. Whitelists would work, except they tend to become exclusionary programs that you must pay for. Thus, we're left where we are now. Again, user education is the best defense, as most 0-day malware will slip through most security products (else we wouldn't have much of an issue). Once malware gets installed on your PC, it is often not detectable or removable while the OS is booted. Microsoft issues patches to clean some of it up from time to time. For whatever reason, only a handful of security vendors offer 'offline scans' (not off the network, an unbooted PC). I hope more offer such in the future.

st.John

  • Guest
Re: STEAM false positive
« Reply #46 on: August 05, 2012, 11:53:09 AM »

After Steam automatic client update process, Avast 120805-0 detects FileSystem_Steam.dll as a Win32:Malware-gen.

So ... this seems to me as a recurring problem with Steam service and Avast. Hope you can fix this since I have been happy with Avast this far...  :-\

Raigara

  • Guest
Re: STEAM false positive
« Reply #47 on: August 05, 2012, 12:01:32 PM »
i seem to have the same problem since i started my PC this morning. looks like im not the only one having troubles with this luckely

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: STEAM false positive
« Reply #48 on: August 05, 2012, 12:05:41 PM »
You're not the only person had the same problem I myself are on the same boat and I can tell it false positive, don't delete the file from avast chest until avast solved the issue it may take 24 hrs or less to fix the problem.

STEAM false positive: filesystem_steam.dll   File location is *:\Program Files\Steam\bin

Virus Definitions Update Version: 120805-0 already submitted the sample file to Avast through the chest section half an hour ago.

Edit: WOW! :o That was bloody quick the problem has been fixed just run the virus definitions update to fix the issue ;)
« Last Edit: August 05, 2012, 12:38:53 PM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline leftisthominid

  • Sr. Member
  • ****
  • Posts: 211
Re: STEAM false positive
« Reply #49 on: August 05, 2012, 08:13:38 PM »
I got this message. I know it is Steam, not sure what specific file

It is running a boot scan.

Should I just update once the scan is done? Is there anything I should be worried about

beezleb0b

  • Guest
Re: STEAM false positive
« Reply #50 on: August 06, 2012, 03:49:01 PM »
Virus Definitions Update Version: 120806-0 is reporting false positive on steam again. *sigh*

This time for Steam\tier0_s.dll , i run the steam beta client, Avast! does not play well with steam.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89011
  • No support PMs thanks
Re: STEAM false positive
« Reply #51 on: August 06, 2012, 04:14:28 PM »
There have been several stream updates this afternoon (4), whilst I don't know if these may be related to a fix for the detections, I would suggest that you scan those files again and see if they are still detected.

I'm not a gamer so I can't check if this corrects the detection/s.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Simmsy

  • Guest
Re: STEAM false positive
« Reply #52 on: August 06, 2012, 05:15:10 PM »
i scanned Steam it said no threat found but when i try to open it avast blocks claiming it as a virus with the new avast update it seems avast blocks steam every time it updates

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89011
  • No support PMs thanks
Re: STEAM false positive
« Reply #53 on: August 06, 2012, 05:31:46 PM »
The on-demand scan may not be scanning the file as it may not be present until you start the game - I don't know as I'm not a gamer, so if these files are created at the game start, then it would be the file system shield alerting.

What file is it alerting on ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Simmsy

  • Guest
Re: STEAM false positive
« Reply #54 on: August 06, 2012, 10:45:44 PM »
it does it on steam up or if steam is updated it comes up saying Win32.malware-gen right now steam is working but what happens when avast updates

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89011
  • No support PMs thanks
Re: STEAM false positive
« Reply #55 on: August 06, 2012, 11:57:10 PM »
I can't answer that as I'm an avast user like yourself.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Simmsy

  • Guest
Re: STEAM false positive
« Reply #56 on: August 07, 2012, 01:26:55 AM »
i updated avast it seems fine for now but what i think it might be is that when steam updates avast has not done a update that has the new steam update added to it data base if it happens again after avast updates it self then it something to do with the avast data base

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89011
  • No support PMs thanks
Re: STEAM false positive
« Reply #57 on: August 07, 2012, 11:33:02 AM »
The avast database will be on signature information, now when steam updates there is a possibility that the changed file could be pinged again.

The reason for this is that no AV whitelists on file name alone as that could be absolutely anything in a malicious file of the same name. So it scans on content rather than simply on file name.

Now there is nothing to stop Steam users from adding the file name to their (avastUI > Settings > Exclusions & File System Shield > Expert Settings > Exclusions) exclusions lists. There would obviously be a limited risk in doing that as should that file become infected it wouldn't have been scanned.

Having seen some exclude the whole steam folder by using the * at the end of the path, this makes a larger hole in your security, so I believe any exclusion should be on the full path and file name not using the * wildcard.

That said, I don't know if Steam digitally sign those files or not, but if they were digitally signed I believe it would probably go a long way to their not being pinged.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security