Author Topic: False positive Win32:Evo-gen [Susp] from my exes built with Visual Studio 2012  (Read 43280 times)

0 Members and 1 Guest are viewing this topic.

Offline Populous

  • Advanced Poster
  • **
  • Posts: 977
Hi all. I've a problem with my VB.NET and C++ projects created with Visual Studio 2012 IDE.

This message is intended for milos or anyone else who can help me with this issue...

I've created an example c++ project and it's detected by Avast File Shield as Win32:Evo-Gen[Susp] and the file is 100% clean!!

I've sent a copy of the file  to virus@avast.com with the subject: [C++ Example project detected as Evogen and sometimes in my own VB._NET proyects]

It's only detected by Avast file Shield. If I scan the file inside the virus chest, avast says the file is clean!!

Here is a screenshoot of Avast File Shield detection. ]http://img4.imageshack.us/img4/6893/evogen.png]  :o

Here is a screenshoot of Avast Virus chest saying the file is clean... http://img515.imageshack.us/img515/1062/chestq.png  :o

Any idea of what can be happening and how to solve it? As a "temporal solution" i have to deactivate the avast file shield when i'm  working in some project and i reactivate it again when i've finished of working with visual studio but i think it's not the solution...  :-\

Thanks in advance.

Best regards

Populous.
Avast Premium Security 20.2.2401 (compilación 20.2.5130.565) |CPU: Intel(R) Core(TM) i7-8700 CPU @ 4,06GHz, 6 procesadores principales, 12 procesadores lógicos | RAM: 32GB -DDR4-2666 | T.Gráfica: GeForce GTX 1060 | SO: Win 10 Pro Versión 1909 Build (18363.752) - 64 Bits

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Hello,
send us (virus@avast.com) the compiled .exe to analyze. Put "False positive" to email subject.

Milos

Offline Populous

  • Advanced Poster
  • **
  • Posts: 977
Hi Milos and thank you your assistance. :)

I've re-sent the email with the subject "False Positive" and the compiled .exe file.

Regards.

Avast Premium Security 20.2.2401 (compilación 20.2.5130.565) |CPU: Intel(R) Core(TM) i7-8700 CPU @ 4,06GHz, 6 procesadores principales, 12 procesadores lógicos | RAM: 32GB -DDR4-2666 | T.Gráfica: GeForce GTX 1060 | SO: Win 10 Pro Versión 1909 Build (18363.752) - 64 Bits

Meyers07

  • Guest
Same case happened too on my Realtek drivers. Usually they got in the vault as Evo-gen but then i scanned inside the vault, found no threats. It can be returned after.

And it's the problem on the File System Shield, since scanning by other methods yields no threat results.

It's a false positive since the drivers are tagged with file modified in a date around 2007.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Same case happened too on my Realtek drivers. Usually they got in the vault as Evo-gen but then i scanned inside the vault, found no threats. It can be returned after.

And it's the problem on the File System Shield, since scanning by other methods yields no threat results.

It's a false positive since the drivers are tagged with file modified in a date around 2007.

Hello,
send us (virus@avast.com) the files to analyze. Put "False positive" to email subject.

Milos

driscco

  • Guest
Same problem - this time with MinGW gcc-g++ being used through Eclipse C++ Perspective. I don't want to have switch off Fileshield evertime I do a build.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Same problem - this time with MinGW gcc-g++ being used through Eclipse C++ Perspective. I don't want to have switch off Fileshield evertime I do a build.
Hello,
send us (virus@avast.com) the files to analyze. Put "False positive" to email subject.

Milos

dj1.nc

  • Guest
Same problem here.  I kept using Avast 7 when 8 was out because I didn't want to deal with 8's issues.  But I decided to finally upgrade and installed 9 today (9.0.2007).  I write lots of apps using Visual Studio, and this never happens with Avast 7.  Every time I run my app inside Visual Studio, Avast 9 blocks it (like it really knows better than me creating the app).  What a dud.  Nowhere in the settings is anything that says: "leave my Visual Studio alone".

I'm not going to submit a .exe for every app I write...sometimes I write lots of test/throw-a-way apps used for quick testing.  Sadly, I just went back to 7; at least it works smooth and never complains about my apps in Visual Studio.

Offline VBWriter2

  • Jr. Member
  • **
  • Posts: 28
Code: [Select]
I am using Microsoft Visual Basic 2010 Express and attempting to write a program.  The program is going to be a Recipe Creator and Editor.
I am using multiple forms with controls separated by GroupBoxes.  On one form, I wanted one particular groupbox to be disabled and another
enabled IF a certain variable existed:

        If Tmp_Flg = "Editor" Then
            GroupBox2.Enabled = False
            GroupBox3.Enabled = True
        End If

When I did this for the groupboxes I mentioned above, Avast Internet Security 2014 instantly told me that I have Win32:Evo-gen [Susp] on my computer.
I tried to add the project to the excluded list, but Avast would not let me.  I sent a false positive report.  Hopefully, they will see this and fix this issue.

I'd like to RECCOMMED AVAST to other users (and have in the past), but I have a lot of friends that are into code writing just as I am.  They won't want to be bothered
by Avast continually popping up with FALSE positives.

Oh, for the record - I DON'T WRITE MALWARE / VIRUS CODE!!!!!!  1) I am not that talented.  2) I have better things to do with my time 3) I don't have the will or desire to
do to someone else that which I do NOT want done to me!

Thanks
VBWriter2

dj1.nc

  • Guest
Update:  I saw where turning off the setting "DeepScreen" would likely help with this because it's purpose is to interogate those apps it doesn't know much about.  So, I gave version 9 (2014) another try, this time with that turned off.

That setting is in the main settings screen under the "Avast" categoryI also turned off "Reputation services" right above that setting.

This solved it for me with Visual Studio.  Also, I can run the .exe (my custom app) in Windows Explorer (Visual Studio not running), and the app runs fine.  I've been running fine with Visual Studio now for a few days, with several reboots and Avast updating the definitions.  So far, all is fine.

Give it another try with this setting turned off.

Shavea

  • Guest
I´m having the same problem.  :(

I´ve just got an application in vb.net that prints reports for more than one year. Ad my client has just called me because the program was stopped and couldn´t print. I´ve just have a look at it and Avast has deleted the printer library dll I developed some weeks ago. Every time I try to copy it to the application folder Avast has marked it as Win32:evo_gen and I´ve just included it as "False positive file" but Avast continues deleting it.

I think as VBWriter2, this is a very big problem for us. I always recommend Avast as the best antivirus but this is very, very annoying.

What can we do with this problem? do I have to send you all my vb.net applications so you add them as false positive???? This is crazy.

Regards.


SOLVED: I´ve just solved it by adding manually the folder in "Options -> Active Protection -> Shield -> Exclusions" (sorry for he english, my avast is in spanish and I try to translate it for anyone)  :)
« Last Edit: November 19, 2013, 07:08:04 PM by Shavea »

dj1.nc

  • Guest
Looks like Avast has broken this again.  I have not changed anything on my side whatsoever, but today Avast (2014 build 2007) started not letting me compile in Visual Sudio 2012.  I verified DeepScreen was still off.  I let Avast update to build 2008 and rebooted.  Still blocking the compile with the "Evo (susp)" message.

It was good for a while, but I guess I'll have to uninstall Avast finally and go to another software.  It's clear from the answers they give in these forums that they have no idea about developers using Visual Studio.

SquareRoot

  • Guest
I updated to 2014.9.0.2008 several days ago. One of the applications that I developed is now giving me the Win32:Evo-gen error. The older version of Avast did not flag this exe as a error. The program was compiled in Delphi XE4 so the problem is not limited to Visual Studio.

dj1.nc

  • Guest
I skipped version 8, so I don't know about that, but version 7 never did this.  I don't have time now to research another anti-virus program, so I'll probably rollback to Avast 7...I kept the installer just in case.  It's either that or add exclusion directories.  Something happened recently though, because I ran with "DeepScreen" turned off in version 9 build 2007 for a month and was using Visual Studio constantly (debugging, building the .exe etc.) with no problem.  Since Avast is now considered mediocre in the av-comparatives ratings, when I get some time I'll look into a better AV program.
« Last Edit: December 02, 2013, 01:57:24 AM by dj1.nc »