False Positive reports

[azism]

I don' know what is going on, but I have been getting false positives lately on programs I have been using for years with no problems. Today it was on PowerDesk 9. There has been no update to PowerDesk in a number of months. The has, however, been a number of updates to both Avast (both program and virus definitions) in recent days, weeks and even months which I would expect. I am using Avast Internet Security version 8.0.1483 (Virus definition 130507-0). WHat on earth is going on here???
 

[spywar]

Hi,

Please submit the file found as malware that are actually safe here : http://www.avast.com/fr-fr/contact-form.php (Subject : False Alert on a file).

spywar

[avast@@dvantage77.com]

Had the same issue today with Time Matters 10.0 file tmckzip.dll.  Uploaded to VirusTotal:

SHA256: 1a748a870e05e13d50131db239f43e1dbddb98f0891c0e3bff6f8333ba4cd426
SHA1: 85a5143dbaaecd05b45149374d6b8c12d3be365c
MD5: 8243dd8016536cf21ed4e0fb68082a7a
File size: 1.1 MB ( 1193280 bytes ) 
File name: 8672A952401A2E65351112A32F9A5400851ABB6B.dll
File type: unknown
Tags: signed 
Detection ratio: 0 / 42 
Analysis date: 2010-07-22 15:42:47 UTC ( 2 years, 9 months ago )

Interesting that avast! does NOT detect it @ VirusTotal.com.  Also, this is version 4 at this client, and yesterdays VPS update caused the issue (wait, 4.8 is no longer updated as of March 31st, 2013) I think that 4.8 IS updating!

[pdlentz]

Same here with Powerdesk.  I was still using version 8.5 - have been for a long time.  This morning it gets a virus warning and is moved to the Virus Chest by Avast.  I flagged it as a false positive and sent in the report.

I then decided to take advantage of my $14 upgrade offer to version 9.

I got several more Avast virus reports during the UnInstall of Powerdesk version 8.5

Then, I got several new Avast virus reports upon Installation of Powerdesk version 9.

Now when I attempt to run Powerdesk version 9, is is reported as a virus by Avast and put in the Virus Chest by Avast.

I have submitted the False Positive report on the version 9 of Powerdesk too.

I hope you can fix this soon - I love my Powerdesk app!

[Jim Fisher]

ALL DAY SINCE I WALKED IN THE DOOR the VPS update that was pushed today has been generating FALSE POSITIVEs endlessly.
I finally was able to "lighten the load" of emails, but I am still getting them.
This is not a virus or infections but a poorly put together update.

Every single system on my network, all workstations (multiple OS's) and  all servers freaked out with this push....I have HUNDREDS of email generated notifications indicating "infection"

I do not know how to roll back the VPS...is there a way? If so, I would try it.

I walked in to users complaing about blocked programs and my mailbox was loaded with notifications....

  Im pissed to say the least...

[zrmamc]

  Ditto unfortunately. Thankfully not on so large a scale, (only 10 clients). This is affecting at least one critical program, eFax. I have had to stop file scanning and restore the files from the virus chest. This of course leaves me vulnerable which I don't like. The web scan is still running, (which is where most of the viruses come from), but this needs to be fixed ASAP!

[Jim Fisher]

i HAD TO RESTORE the files (which are part of a program I run multiple times a day) and I had to turn off Avast completly for a while just to get my users working again!. It was incredibly FRUSTRATING.....

I thought at first it was a file/infection trojan in earnest...but as I dug in I realized it was a bad VPS update. If Any of you FIND A SOLUTION. LET MWE KNOW.

My users started screaming at 930a after 1-1/2 hours of UNAVAILABLE services or servers.....It was aweful.....I expect it to be a problem when I walk in tomorrow as well (Guess it will be an early day...)


 

[polonus]

Hi Jim Fisher,

Write a mail with your FP report to virus AT avast dot com. avast! team is known to quickly react to general FP problems and a solution is often created between virus updates. Also link in your mail to equivalent threads here in the virus and worms sections. Sorry for the inconveniences, but we seem not to live in a perfect world...

polonus

[avast@@dvantage77.com]

There was prior discussion to a "go back" button for VPS to fix these FP issues, but I was shot down by other forum members "going back is NOT the solution".  I think this needs to be re-addressed again, so we have a way to deal with these issues, that have cropped up several times lately.

[polonus]

Hi avast@ advantage77.com,

Let's wait for how avast! team will react to the problem and what has caused this, before coming up with rash conclusions,

polonus

[zrmamc]

At least in my case the latest def file fixed the issue. Thanks.

[avast@@dvantage77.com]

Got another, XCharge credit card software.  I don't think a go-back button is rash, it just would have saved us about 8 hours labor today. A go back button would allow users to immediately get on with their lives, as apposed to being down for a day.  The DAT files are automated (like artificial intelligence) with no human intervention. This allows avast! to react sooner than all other A/V companies to new threats (Per the New York Times article) but I also believe that this automation can and does cause more FPs.

[TDDS]

Got a major headache yesterday with the latest update. PowerDesk 8 created false positive error and was isolated. Restored the file (PDExploXP.exe) from a backup and got again FP. Then installed Powerdesk from the original msi installer file and got the third FP.
However, no FPs with other computers running Powerdesk 6.
PowerDesk is an invaluable tool for me since 10+ years. Had to uninstall Avast and switch over to Avira.
I am now waiting some indication this problem has been fixed to return back to Avast.

[REDACTED]

This may be an old thread, but I have recently also started having all manner of problems with false positives.
I am developing new code for work and the stupid virus checker is reporting my code as a virus even as it compiles.
On top of that, you can't mark the program as an exception as there is no ability to do so, only delete, "repair" (HAH!) or block.

I am getting seriously fed up of the problems I am having